diff --git a/homelab/silver-hand/certmanager.tf b/homelab/silver-hand/certmanager.tf
new file mode 100644
index 00000000..bd11cb9c
--- /dev/null
+++ b/homelab/silver-hand/certmanager.tf
@@ -0,0 +1,60 @@
+resource "kubernetes_namespace" "certmanager" {
+    metadata {
+        name = "certmanager"
+    }
+}
+
+resource "helm_release" "certmanager" {
+    depends_on = [
+        kubernetes_namespace.certmanager
+    ]
+    name = "certmanager"
+    namespace = "certmanager"
+    repository = "https://charts.jetstack.io"
+    chart = "cert-manager"
+    version = "v1.15.2"
+    lint = true
+    set {
+        name  = "installCRDs"
+        value = "true"
+    }    
+}
+
+resource "time_sleep" "wait_for_certmanager" {
+    depends_on = [
+        helm_release.certmanager
+    ]
+    create_duration = "10s"
+}
+
+resource "kubectl_manifest" "cloudflare_prod" {
+    depends_on = [
+        time_sleep.wait_for_certmanager
+    ]
+    yaml_body = <<YAML
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: cloudflare-prod
+spec:
+  acme:
+    email: jafner425@gmail.com
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: cloudflare-prod-account-key
+    solvers:
+    - dns01:
+        cloudflare:
+          email: jafner425@gmail.com
+          apiKeySecretRef:
+            name: cloudflare-api-key-secret
+            key: api-key
+YAML
+}
+
+resource "time_sleep" "wait_for_clusterissuer" {
+    depends_on = [
+        kubectl_manifest.cloudflare_prod
+    ]
+    create_duration = "30s"
+} 
\ No newline at end of file
diff --git a/homelab/silver-hand/cloudflare.tf b/homelab/silver-hand/cloudflare.tf
new file mode 100644
index 00000000..bb6de4f1
--- /dev/null
+++ b/homelab/silver-hand/cloudflare.tf
@@ -0,0 +1,13 @@
+resource "kubernetes_secret" "cloudflare_api_key_secret" {
+    depends_on = [
+        kubernetes_namespace.certmanager
+    ]
+    metadata {
+        name = "cloudflare-api-key-secret"
+        namespace = "certmanager"
+    }
+    data = {
+        api-key = var.cloudflare_token
+    }
+    type = "Opaque"
+}
\ No newline at end of file
diff --git a/homelab/silver-hand/jafner-dev/jafner-dev.yml b/homelab/silver-hand/jafner-dev/jafner-dev.yml
deleted file mode 100644
index 8fd85aa4..00000000
--- a/homelab/silver-hand/jafner-dev/jafner-dev.yml
+++ /dev/null
@@ -1,62 +0,0 @@
-
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: jafner-dev
-
----
-
-apiVersion: datashim.io/v1alpha1
-kind: Dataset
-metadata:
-  namespace: jafner-dev
-  name: jafner-dev
-spec:
-  local:
-    type: "COS"
-    secret-name: jafner-dev-aws-credentials
-    endpoint: "https://s3.us-west-2.amazonaws.com"
-    bucket: "jafner-dev"
-    region: "us-west-2"
-
----
-apiVersion: v1
-kind: Pod
-metadata:
-  namespace: jafner-dev
-  name: nginx
-  labels:
-    app: jafner-dev
-    dataset.0.id: "jafner-dev"
-    dataset.0.useas: "mount"
-spec:
-  containers:
-    - name: nginx
-      image: nginx
-      volumeMounts:
-        - mountPath: "/usr/share/nginx/html"
-          name: "jafner-dev"
-  volumes:
-  - name: "jafner-dev"
-    persistentVolumeClaim:
-      claimName: "jafner-dev"
-
----
-apiVersion: v1
-kind: Service
-metadata: 
-  namespace: jafner-dev
-  name: nginx-service
-spec:
-  type: LoadBalancer
-  selector:
-    app: jafner-dev
-  ports:
-  - port: 8080
-    targetPort: 80
-
-# Access at: 
-#   - http://192.168.1.31:8080
-#   - http://192.168.1.32:8080
-#   - http://192.168.1.33:8080
\ No newline at end of file
diff --git a/homelab/silver-hand/nginx-test.tf b/homelab/silver-hand/nginx-test.tf
new file mode 100644
index 00000000..dc061cce
--- /dev/null
+++ b/homelab/silver-hand/nginx-test.tf
@@ -0,0 +1,120 @@
+resource "kubernetes_namespace" "nginx1" {
+    metadata {
+        name = "nginx1"
+    }
+}
+
+resource "kubernetes_deployment" "nginx1" {
+    depends_on = [
+        kubernetes_namespace.nginx1
+    ]
+    metadata {
+        name = "nginx1"
+        namespace = "nginx1"
+        labels = {
+            app = "nginx1"
+        }
+    }
+    spec {
+        replicas = 1
+        selector {
+            match_labels = {
+                app = "nginx1"
+            }
+        }
+        template {
+            metadata {
+                labels = {
+                    app = "nginx1"
+                }
+            }
+            spec {
+                container {
+                    image = "nginx:latest"
+                    name  = "nginx"
+
+                    port {
+                        container_port = 80
+                    }
+                }
+            }
+        }
+    }
+}
+
+
+resource "kubernetes_service" "nginx1" {
+    depends_on = [
+        kubernetes_namespace.nginx1
+    ]
+    metadata {
+        name = "nginx1"
+        namespace = "nginx1"
+    }
+    spec {
+        selector = {
+            app = "nginx1"
+        }
+        port {
+            port = 80
+        }
+        type = "ClusterIP"
+    }
+}
+
+resource "kubectl_manifest" "nginx1-certificate" {
+    depends_on = [kubernetes_namespace.nginx1, time_sleep.wait_for_clusterissuer]
+    yaml_body = <<YAML
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nginx1
+  namespace: nginx1
+spec:
+  secretName: nginx1
+  issuerRef:
+    name: cloudflare-prod
+    kind: ClusterIssuer
+  dnsNames:
+  - 'nginx1.jafner.dev'   
+    YAML
+}
+
+resource "kubernetes_ingress_v1" "nginx1" {
+    depends_on = [kubernetes_namespace.nginx1]
+    metadata {
+        name = "nginx1"
+        namespace = "nginx1"
+    }
+    spec {
+        rule {
+            host = "nginx1.jafner.dev"
+            http {
+                path {
+                    path = "/"
+                    backend {
+                        service {
+                            name = "nginx1"
+                            port {
+                                number = 80
+                            }
+                        }
+                    }
+
+                }
+            }
+        }
+        tls {
+          secret_name = "nginx1"
+          hosts = ["nginx1.jafner.dev"]
+        }
+    }
+}
+
+resource "cloudflare_record" "nginx1-k3s-jafner-dev" {
+    zone_id = "b6f3735cd87078e4c5d4a17c95cd979f"
+    name = "nginx1.jafner.dev"
+    content =  data.dns_a_record_set.jafner-net.addrs[0] # Not a typo. We assume jafner.net is pointing at the homelab, and jafner.dev is pointed elsewhere
+    type = "A"
+    proxied = false
+}
\ No newline at end of file
diff --git a/homelab/silver-hand/artisans-tools/README.md b/homelab/silver-hand/old/artisans-tools/README.md
similarity index 100%
rename from homelab/silver-hand/artisans-tools/README.md
rename to homelab/silver-hand/old/artisans-tools/README.md
diff --git a/homelab/silver-hand/artisans-tools/datashim.yml b/homelab/silver-hand/old/artisans-tools/datashim.yml
similarity index 100%
rename from homelab/silver-hand/artisans-tools/datashim.yml
rename to homelab/silver-hand/old/artisans-tools/datashim.yml
diff --git a/homelab/silver-hand/old/cert-manager/cert-manager.issuer.yml b/homelab/silver-hand/old/cert-manager/cert-manager.issuer.yml
new file mode 100644
index 00000000..9c187225
--- /dev/null
+++ b/homelab/silver-hand/old/cert-manager/cert-manager.issuer.yml
@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-issuer
+spec:
+  acme:
+    email: jafner425@gmail.com
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-issuer-account-key
+    solvers:
+      - selector: {}
+        dns01:
+          cloudflare:
+            apiTokenSecretRef:
+              name: cloudflare-token
+              key: token
\ No newline at end of file
diff --git a/homelab/silver-hand/old/cert-manager/default-values.yaml b/homelab/silver-hand/old/cert-manager/default-values.yaml
new file mode 100644
index 00000000..7630c048
--- /dev/null
+++ b/homelab/silver-hand/old/cert-manager/default-values.yaml
@@ -0,0 +1,1349 @@
+# +docs:section=Global
+
+# Default values for cert-manager.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global:
+  # Reference to one or more secrets to be used when pulling images.
+  # For more information, see [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/).
+  #
+  # For example:
+  #  imagePullSecrets:
+  #    - name: "image-pull-secret"
+  imagePullSecrets: []
+
+  # Labels to apply to all resources.
+  # Please note that this does not add labels to the resources created dynamically by the controllers.
+  # For these resources, you have to add the labels in the template in the cert-manager custom resource:
+  # For example, podTemplate/ ingressTemplate in ACMEChallengeSolverHTTP01Ingress
+  # For more information, see the [cert-manager documentation](https://cert-manager.io/docs/reference/api-docs/#acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01Ingress).
+  # For example, secretTemplate in CertificateSpec
+  # For more information, see the [cert-manager documentation](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec).
+  commonLabels: {}
+
+  # The number of old ReplicaSets to retain to allow rollback (if not set, the default Kubernetes value is set to 10).
+  # +docs:property
+  # revisionHistoryLimit: 1
+
+  # The optional priority class to be used for the cert-manager pods.
+  priorityClassName: ""
+
+  rbac:
+    # Create required ClusterRoles and ClusterRoleBindings for cert-manager.
+    create: true
+    # Aggregate ClusterRoles to Kubernetes default user-facing roles. For more information, see [User-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles)
+    aggregateClusterRoles: true
+
+  podSecurityPolicy:
+    # Create PodSecurityPolicy for cert-manager.
+    #
+    # Note that PodSecurityPolicy was deprecated in Kubernetes 1.21 and removed in Kubernetes 1.25.
+    enabled: false
+    # Configure the PodSecurityPolicy to use AppArmor.
+    useAppArmor: true
+
+  # Set the verbosity of cert-manager. A range of 0 - 6, with 6 being the most verbose.
+  logLevel: 2
+
+  leaderElection:
+    # Override the namespace used for the leader election lease.
+    namespace: "kube-system"
+
+    # The duration that non-leader candidates will wait after observing a
+    # leadership renewal until attempting to acquire leadership of a led but
+    # unrenewed leader slot. This is effectively the maximum duration that a
+    # leader can be stopped before it is replaced by another candidate.
+    # +docs:property
+    # leaseDuration: 60s
+
+    # The interval between attempts by the acting master to renew a leadership
+    # slot before it stops leading. This must be less than or equal to the
+    # lease duration.
+    # +docs:property
+    # renewDeadline: 40s
+
+    # The duration the clients should wait between attempting acquisition and
+    # renewal of a leadership.
+    # +docs:property
+    # retryPeriod: 15s
+
+# This option is equivalent to setting crds.enabled=true and crds.keep=true.
+# Deprecated: use crds.enabled and crds.keep instead.
+installCRDs: false
+
+crds:
+  # This option decides if the CRDs should be installed
+  # as part of the Helm installation.
+  enabled: false
+
+  # This option makes it so that the "helm.sh/resource-policy": keep
+  # annotation is added to the CRD. This will prevent Helm from uninstalling
+  # the CRD when the Helm release is uninstalled.
+  # WARNING: when the CRDs are removed, all cert-manager custom resources
+  # (Certificates, Issuers, ...) will be removed too by the garbage collector.
+  keep: true
+
+# +docs:section=Controller
+
+# The number of replicas of the cert-manager controller to run.
+#
+# The default is 1, but in production set this to 2 or 3 to provide high
+# availability.
+#
+# If `replicas > 1`, consider setting `podDisruptionBudget.enabled=true`.
+#
+# Note that cert-manager uses leader election to ensure that there can
+# only be a single instance active at a time.
+replicaCount: 1
+
+# Deployment update strategy for the cert-manager controller deployment.
+# For more information, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy).
+#
+# For example:
+#  strategy:
+#    type: RollingUpdate
+#    rollingUpdate:
+#      maxSurge: 0
+#      maxUnavailable: 1
+strategy: {}
+
+podDisruptionBudget:
+  # Enable or disable the PodDisruptionBudget resource.
+  #
+  # This prevents downtime during voluntary disruptions such as during a Node upgrade.
+  # For example, the PodDisruptionBudget will block `kubectl drain`
+  # if it is used on the Node where the only remaining cert-manager
+  # Pod is currently running.
+  enabled: false
+
+  # This configures the minimum available pods for disruptions. It can either be set to
+  # an integer (e.g. 1) or a percentage value (e.g. 25%).
+  # It cannot be used if `maxUnavailable` is set.
+  # +docs:property
+  # minAvailable: 1
+
+  # This configures the maximum unavailable pods for disruptions. It can either be set to
+  # an integer (e.g. 1) or a percentage value (e.g. 25%).
+  # it cannot be used if `minAvailable` is set.
+  # +docs:property
+  # maxUnavailable: 1
+
+# A comma-separated list of feature gates that should be enabled on the
+# controller pod.
+featureGates: ""
+
+# The maximum number of challenges that can be scheduled as 'processing' at once.
+maxConcurrentChallenges: 60
+
+image:
+  # The container registry to pull the manager image from.
+  # +docs:property
+  # registry: quay.io
+
+  # The container image for the cert-manager controller.
+  # +docs:property
+  repository: quay.io/jetstack/cert-manager-controller
+
+  # Override the image tag to deploy by setting this variable.
+  # If no value is set, the chart's appVersion is used.
+  # +docs:property
+  # tag: vX.Y.Z
+
+  # Setting a digest will override any tag.
+  # +docs:property
+  # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
+
+  # Kubernetes imagePullPolicy on Deployment.
+  pullPolicy: IfNotPresent
+
+# Override the namespace used to store DNS provider credentials etc. for ClusterIssuer
+# resources. By default, the same namespace as cert-manager is deployed within is
+# used. This namespace will not be automatically created by the Helm chart.
+clusterResourceNamespace: ""
+
+# This namespace allows you to define where the services are installed into.
+# If not set then they use the namespace of the release.
+# This is helpful when installing cert manager as a chart dependency (sub chart).
+namespace: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created.
+  create: true
+
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template.
+  # +docs:property
+  # name: ""
+
+  # Optional additional annotations to add to the controller's Service Account.
+  # +docs:property
+  # annotations: {}
+
+  # Optional additional labels to add to the controller's Service Account.
+  # +docs:property
+  # labels: {}
+
+  # Automount API credentials for a Service Account.
+  automountServiceAccountToken: true
+
+# Automounting API credentials for a particular pod.
+# +docs:property
+# automountServiceAccountToken: true
+
+# When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted.
+enableCertificateOwnerRef: false
+
+# This property is used to configure options for the controller pod.
+# This allows setting options that would usually be provided using flags.
+# An APIVersion and Kind must be specified in your values.yaml file.
+# Flags will override options that are set here.
+#
+# For example:
+#  config:
+#    apiVersion: controller.config.cert-manager.io/v1alpha1
+#    kind: ControllerConfiguration
+#    logging:
+#      verbosity: 2
+#      format: text
+#    leaderElectionConfig:
+#      namespace: kube-system
+#    kubernetesAPIQPS: 9000
+#    kubernetesAPIBurst: 9000
+#    numberOfConcurrentWorkers: 200
+#    featureGates:
+#      AdditionalCertificateOutputFormats: true
+#      DisallowInsecureCSRUsageDefinition: true
+#      ExperimentalCertificateSigningRequestControllers: true
+#      ExperimentalGatewayAPISupport: true
+#      LiteralCertificateSubject: true
+#      SecretsFilteredCaching: true
+#      ServerSideApply: true
+#      StableCertificateRequestName: true
+#      UseCertificateRequestBasicConstraints: true
+#      ValidateCAA: true
+#    metricsTLSConfig:
+#      dynamic:
+#        secretNamespace: "cert-manager"
+#        secretName: "cert-manager-metrics-ca"
+#        dnsNames:
+#        - cert-manager-metrics
+#        - cert-manager-metrics.cert-manager
+#        - cert-manager-metrics.cert-manager.svc
+config: {}
+
+# Setting Nameservers for DNS01 Self Check.
+# For more information, see the [cert-manager documentation](https://cert-manager.io/docs/configuration/acme/dns01/#setting-nameservers-for-dns01-self-check).
+
+# A comma-separated string with the host and port of the recursive nameservers cert-manager should query.
+dns01RecursiveNameservers: ""
+
+# Forces cert-manager to use only the recursive nameservers for verification.
+# Enabling this option could cause the DNS01 self check to take longer owing to caching performed by the recursive nameservers.
+dns01RecursiveNameserversOnly: false
+
+# Option to disable cert-manager's build-in auto-approver. The auto-approver
+# approves all CertificateRequests that reference issuers matching the 'approveSignerNames'
+# option. This 'disableAutoApproval' option is useful when you want to make all approval decisions
+# using a different approver (like approver-policy - https://github.com/cert-manager/approver-policy).
+disableAutoApproval: false
+
+# List of signer names that cert-manager will approve by default. CertificateRequests
+# referencing these signer names will be auto-approved by cert-manager. Defaults to just
+# approving the cert-manager.io Issuer and ClusterIssuer issuers. When set to an empty
+# array, ALL issuers will be auto-approved by cert-manager. To disable the auto-approval,
+# because eg. you are using approver-policy, you can enable 'disableAutoApproval'.
+# ref: https://cert-manager.io/docs/concepts/certificaterequest/#approval
+# +docs:property
+approveSignerNames:
+- issuers.cert-manager.io/*
+- clusterissuers.cert-manager.io/*
+
+# Additional command line flags to pass to cert-manager controller binary.
+# To see all available flags run `docker run quay.io/jetstack/cert-manager-controller:<version> --help`.
+#
+# Use this flag to enable or disable arbitrary controllers. For example, to disable the CertificiateRequests approver.
+#
+# For example:
+#  extraArgs:
+#    - --controllers=*,-certificaterequests-approver
+extraArgs: []
+
+# Additional environment variables to pass to cert-manager controller binary.
+extraEnv: []
+# - name: SOME_VAR
+#   value: 'some value'
+
+# Resources to provide to the cert-manager controller pod.
+#
+# For example:
+#  requests:
+#    cpu: 10m
+#    memory: 32Mi
+#
+# For more information, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
+resources: {}
+
+# Pod Security Context.
+# For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/).
+# +docs:property
+securityContext:
+  runAsNonRoot: true
+  seccompProfile:
+    type: RuntimeDefault
+
+# Container Security Context to be set on the controller component container.
+# For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/).
+# +docs:property
+containerSecurityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
+  readOnlyRootFilesystem: true
+
+# Additional volumes to add to the cert-manager controller pod.
+volumes: []
+
+# Additional volume mounts to add to the cert-manager controller container.
+volumeMounts: []
+
+# Optional additional annotations to add to the controller Deployment.
+# +docs:property
+# deploymentAnnotations: {}
+
+# Optional additional annotations to add to the controller Pods.
+# +docs:property
+# podAnnotations: {}
+
+# Optional additional labels to add to the controller Pods.
+podLabels: {}
+
+# Optional annotations to add to the controller Service.
+# +docs:property
+# serviceAnnotations: {}
+
+# Optional additional labels to add to the controller Service.
+# +docs:property
+# serviceLabels: {}
+
+# Optionally set the IP family policy for the controller Service to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services).
+# +docs:property
+# serviceIPFamilyPolicy: ""
+
+# Optionally set the IP families for the controller Service that should be supported, in the order in which they should be applied to ClusterIP. Can be IPv4 and/or IPv6.
+# +docs:property
+# serviceIPFamilies: []
+
+# Optional DNS settings. These are useful if you have a public and private DNS zone for
+# the same domain on Route 53. The following is an example of ensuring
+# cert-manager can access an ingress or DNS TXT records at all times.
+# Note that this requires Kubernetes 1.10 or `CustomPodDNS` feature gate enabled for
+# the cluster to work.
+
+# Pod DNS policy.
+# For more information, see [Pod's DNS Policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy).
+# +docs:property
+# podDnsPolicy: "None"
+
+# Pod DNS configuration. The podDnsConfig field is optional and can work with any podDnsPolicy
+# settings. However, when a Pod's dnsPolicy is set to "None", the dnsConfig field has to be specified.
+# For more information, see [Pod's DNS Config](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config).
+# +docs:property
+# podDnsConfig:
+#   nameservers:
+#     - "1.1.1.1"
+#     - "8.8.8.8"
+
+# Optional hostAliases for cert-manager-controller pods. May be useful when performing ACME DNS-01 self checks.
+hostAliases: []
+# - ip: 127.0.0.1
+#   hostnames:
+#   - foo.local
+#   - bar.local
+# - ip: 10.1.2.3
+#   hostnames:
+#   - foo.remote
+#   - bar.remote
+
+# The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with
+# matching labels.
+# For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/).
+#
+# This default ensures that Pods are only scheduled to Linux nodes.
+# It prevents Pods being scheduled to Windows nodes in a mixed OS cluster.
+# +docs:property
+nodeSelector:
+  kubernetes.io/os: linux
+
+# +docs:ignore
+ingressShim: {}
+
+  # Optional default issuer to use for ingress resources.
+  # +docs:property=ingressShim.defaultIssuerName
+  # defaultIssuerName: ""
+
+  # Optional default issuer kind to use for ingress resources.
+  # +docs:property=ingressShim.defaultIssuerKind
+  # defaultIssuerKind: ""
+
+  # Optional default issuer group to use for ingress resources.
+  # +docs:property=ingressShim.defaultIssuerGroup
+  # defaultIssuerGroup: ""
+
+# Use these variables to configure the HTTP_PROXY environment variables.
+
+# Configures the HTTP_PROXY environment variable where a HTTP proxy is required.
+# +docs:property
+# http_proxy: "http://proxy:8080"
+
+# Configures the HTTPS_PROXY environment variable where a HTTP proxy is required.
+# +docs:property
+# https_proxy: "https://proxy:8080"
+
+# Configures the NO_PROXY environment variable where a HTTP proxy is required,
+# but certain domains should be excluded.
+# +docs:property
+# no_proxy: 127.0.0.1,localhost
+
+
+# A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core).
+#
+# For example:
+#   affinity:
+#     nodeAffinity:
+#      requiredDuringSchedulingIgnoredDuringExecution:
+#        nodeSelectorTerms:
+#        - matchExpressions:
+#          - key: foo.bar.com/role
+#            operator: In
+#            values:
+#            - master
+affinity: {}
+
+# A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core).
+#
+# For example:
+#   tolerations:
+#   - key: foo.bar.com/role
+#     operator: Equal
+#     value: master
+#     effect: NoSchedule
+tolerations: []
+
+# A list of Kubernetes TopologySpreadConstraints, if required. For more information, see [Topology spread constraint v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core
+#
+# For example:
+#   topologySpreadConstraints:
+#   - maxSkew: 2
+#     topologyKey: topology.kubernetes.io/zone
+#     whenUnsatisfiable: ScheduleAnyway
+#     labelSelector:
+#       matchLabels:
+#         app.kubernetes.io/instance: cert-manager
+#         app.kubernetes.io/component: controller
+topologySpreadConstraints: []
+
+# LivenessProbe settings for the controller container of the controller Pod.
+#
+# This is enabled by default, in order to enable the clock-skew liveness probe that
+# restarts the controller in case of a skew between the system clock and the monotonic clock.
+# LivenessProbe durations and thresholds are based on those used for the Kubernetes
+# controller-manager. For more information see the following on the
+# [Kubernetes GitHub repository](https://github.com/kubernetes/kubernetes/blob/806b30170c61a38fedd54cc9ede4cd6275a1ad3b/cmd/kubeadm/app/util/staticpod/utils.go#L241-L245)
+# +docs:property
+livenessProbe:
+  enabled: true
+  initialDelaySeconds: 10
+  periodSeconds: 10
+  timeoutSeconds: 15
+  successThreshold: 1
+  failureThreshold: 8
+
+# enableServiceLinks indicates whether information about services should be
+# injected into the pod's environment variables, matching the syntax of Docker
+# links.
+enableServiceLinks: false
+
+# +docs:section=Prometheus
+
+prometheus:
+  # Enable Prometheus monitoring for the cert-manager controller to use with the
+  # Prometheus Operator. If this option is enabled without enabling `prometheus.servicemonitor.enabled` or
+  # `prometheus.podmonitor.enabled`, 'prometheus.io' annotations are added to the cert-manager Deployment
+  # resources. Additionally, a service is created which can be used together
+  # with your own ServiceMonitor (managed outside of this Helm chart).
+  # Otherwise, a ServiceMonitor/ PodMonitor is created.
+  enabled: true
+
+  servicemonitor:
+    # Create a ServiceMonitor to add cert-manager to Prometheus.
+    enabled: false
+
+    # Specifies the `prometheus` label on the created ServiceMonitor. This is
+    # used when different Prometheus instances have label selectors matching
+    # different ServiceMonitors.
+    prometheusInstance: default
+
+    # The target port to set on the ServiceMonitor. This must match the port that the
+    # cert-manager controller is listening on for metrics.
+    targetPort: 9402
+
+    # The path to scrape for metrics.
+    path: /metrics
+
+    # The interval to scrape metrics.
+    interval: 60s
+
+    # The timeout before a metrics scrape fails.
+    scrapeTimeout: 30s
+
+    # Additional labels to add to the ServiceMonitor.
+    labels: {}
+
+    # Additional annotations to add to the ServiceMonitor.
+    annotations: {}
+
+    # Keep labels from scraped data, overriding server-side labels.
+    honorLabels: false
+
+    # EndpointAdditionalProperties allows setting additional properties on the
+    # endpoint such as relabelings, metricRelabelings etc.
+    #
+    # For example:
+    #  endpointAdditionalProperties:
+    #   relabelings:
+    #   - action: replace
+    #     sourceLabels:
+    #     - __meta_kubernetes_pod_node_name
+    #     targetLabel: instance
+    #
+    # +docs:property
+    endpointAdditionalProperties: {}
+
+  # Note that you can not enable both PodMonitor and ServiceMonitor as they are mutually exclusive. Enabling both will result in a error.
+  podmonitor:
+    # Create a PodMonitor to add cert-manager to Prometheus.
+    enabled: false
+
+    # Specifies the `prometheus` label on the created PodMonitor. This is
+    # used when different Prometheus instances have label selectors matching
+    # different PodMonitors.
+    prometheusInstance: default
+
+    # The path to scrape for metrics.
+    path: /metrics
+
+    # The interval to scrape metrics.
+    interval: 60s
+
+    # The timeout before a metrics scrape fails.
+    scrapeTimeout: 30s
+
+    # Additional labels to add to the PodMonitor.
+    labels: {}
+
+    # Additional annotations to add to the PodMonitor.
+    annotations: {}
+
+    # Keep labels from scraped data, overriding server-side labels.
+    honorLabels: false
+
+    # EndpointAdditionalProperties allows setting additional properties on the
+    # endpoint such as relabelings, metricRelabelings etc.
+    #
+    # For example:
+    #  endpointAdditionalProperties:
+    #   relabelings:
+    #   - action: replace
+    #     sourceLabels:
+    #     - __meta_kubernetes_pod_node_name
+    #     targetLabel: instance
+    #
+    # +docs:property
+    endpointAdditionalProperties: {}
+
+# +docs:section=Webhook
+
+webhook:
+  # Number of replicas of the cert-manager webhook to run.
+  #
+  # The default is 1, but in production set this to 2 or 3 to provide high
+  # availability.
+  #
+  # If `replicas > 1`, consider setting `webhook.podDisruptionBudget.enabled=true`.
+  replicaCount: 1
+
+  # The number of seconds the API server should wait for the webhook to respond before treating the call as a failure.
+  # The value must be between 1 and 30 seconds. For more information, see
+  # [Validating webhook configuration v1](https://kubernetes.io/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1/).
+  #
+  # The default is set to the maximum value of 30 seconds as
+  # users sometimes report that the connection between the K8S API server and
+  # the cert-manager webhook server times out.
+  # If *this* timeout is reached, the error message will be "context deadline exceeded",
+  # which doesn't help the user diagnose what phase of the HTTPS connection timed out.
+  # For example, it could be during DNS resolution, TCP connection, TLS
+  # negotiation, HTTP negotiation, or slow HTTP response from the webhook
+  # server.
+  # By setting this timeout to its maximum value the underlying timeout error
+  # message has more chance of being returned to the end user.
+  timeoutSeconds: 30
+
+  # This is used to configure options for the webhook pod.
+  # This allows setting options that would usually be provided using flags.
+  # An APIVersion and Kind must be specified in your values.yaml file.
+  # Flags override options that are set here.
+  #
+  # For example:
+  #  apiVersion: webhook.config.cert-manager.io/v1alpha1
+  #  kind: WebhookConfiguration
+  #  # The port that the webhook listens on for requests.
+  #  # In GKE private clusters, by default Kubernetes apiservers are allowed to
+  #  # talk to the cluster nodes only on 443 and 10250. Configuring
+  #  # securePort: 10250 therefore will work out-of-the-box without needing to add firewall
+  #  # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers < 1000.
+  #  # This should be uncommented and set as a default by the chart once
+  #  # the apiVersion of WebhookConfiguration graduates beyond v1alpha1.
+  #  securePort: 10250
+  config: {}
+
+  # The update strategy for the cert-manager webhook deployment.
+  # For more information, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy)
+  #
+  # For example:
+  #  strategy:
+  #    type: RollingUpdate
+  #    rollingUpdate:
+  #      maxSurge: 0
+  #      maxUnavailable: 1
+  strategy: {}
+
+  # Pod Security Context to be set on the webhook component Pod.
+  # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/).
+  # +docs:property
+  securityContext:
+    runAsNonRoot: true
+    seccompProfile:
+      type: RuntimeDefault
+
+  # Container Security Context to be set on the webhook component container.
+  # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/).
+  # +docs:property
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+      - ALL
+    readOnlyRootFilesystem: true
+
+  podDisruptionBudget:
+    # Enable or disable the PodDisruptionBudget resource.
+    #
+    # This prevents downtime during voluntary disruptions such as during a Node upgrade.
+    # For example, the PodDisruptionBudget will block `kubectl drain`
+    # if it is used on the Node where the only remaining cert-manager
+    # Pod is currently running.
+    enabled: false
+
+    # This property configures the minimum available pods for disruptions. Can either be set to
+    # an integer (e.g. 1) or a percentage value (e.g. 25%).
+    # It cannot be used if `maxUnavailable` is set.
+    # +docs:property
+    # minAvailable: 1
+
+    # This property configures the maximum unavailable pods for disruptions. Can either be set to
+    # an integer (e.g. 1) or a percentage value (e.g. 25%).
+    # It cannot be used if `minAvailable` is set.
+    # +docs:property
+    # maxUnavailable: 1
+
+  # Optional additional annotations to add to the webhook Deployment.
+  # +docs:property
+  # deploymentAnnotations: {}
+
+  # Optional additional annotations to add to the webhook Pods.
+  # +docs:property
+  # podAnnotations: {}
+
+  # Optional additional annotations to add to the webhook Service.
+  # +docs:property
+  # serviceAnnotations: {}
+
+  # Optional additional annotations to add to the webhook MutatingWebhookConfiguration.
+  # +docs:property
+  # mutatingWebhookConfigurationAnnotations: {}
+
+  # Optional additional annotations to add to the webhook ValidatingWebhookConfiguration.
+  # +docs:property
+  # validatingWebhookConfigurationAnnotations: {}
+
+  validatingWebhookConfiguration:
+    # Configure spec.namespaceSelector for validating webhooks.
+    # +docs:property
+    namespaceSelector:
+      matchExpressions:
+        - key: "cert-manager.io/disable-validation"
+          operator: "NotIn"
+          values:
+            - "true"
+
+  mutatingWebhookConfiguration:
+    # Configure spec.namespaceSelector for mutating webhooks.
+    # +docs:property
+    namespaceSelector: {}
+    #  matchLabels:
+    #    key: value
+    #  matchExpressions:
+    #    - key: kubernetes.io/metadata.name
+    #      operator: NotIn
+    #      values:
+    #        - kube-system
+
+
+  # Additional command line flags to pass to cert-manager webhook binary.
+  # To see all available flags run `docker run quay.io/jetstack/cert-manager-webhook:<version> --help`.
+  extraArgs: []
+  # Path to a file containing a WebhookConfiguration object used to configure the webhook.
+  # - --config=<path-to-config-file>
+
+  # Comma separated list of feature gates that should be enabled on the
+  # webhook pod.
+  featureGates: ""
+
+  # Resources to provide to the cert-manager webhook pod.
+  #
+  # For example:
+  #  requests:
+  #    cpu: 10m
+  #    memory: 32Mi
+  #
+  # For more information, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
+  resources: {}
+
+  # Liveness probe values.
+  # For more information, see [Container probes](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes).
+  #
+  # +docs:property
+  livenessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 60
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 1
+
+  # Readiness probe values.
+  # For more information, see [Container probes](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes).
+  #
+  # +docs:property
+  readinessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 5
+    periodSeconds: 5
+    successThreshold: 1
+    timeoutSeconds: 1
+
+  # The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with
+  # matching labels.
+  # For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/).
+  #
+  # This default ensures that Pods are only scheduled to Linux nodes.
+  # It prevents Pods being scheduled to Windows nodes in a mixed OS cluster.
+  # +docs:property
+  nodeSelector:
+    kubernetes.io/os: linux
+
+  # A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core).
+  #
+  # For example:
+  #   affinity:
+  #     nodeAffinity:
+  #      requiredDuringSchedulingIgnoredDuringExecution:
+  #        nodeSelectorTerms:
+  #        - matchExpressions:
+  #          - key: foo.bar.com/role
+  #            operator: In
+  #            values:
+  #            - master
+  affinity: {}
+
+  # A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core).
+  #
+  # For example:
+  #   tolerations:
+  #   - key: foo.bar.com/role
+  #     operator: Equal
+  #     value: master
+  #     effect: NoSchedule
+  tolerations: []
+
+  # A list of Kubernetes TopologySpreadConstraints, if required. For more information, see [Topology spread constraint v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core).
+  #
+  # For example:
+  #   topologySpreadConstraints:
+  #   - maxSkew: 2
+  #     topologyKey: topology.kubernetes.io/zone
+  #     whenUnsatisfiable: ScheduleAnyway
+  #     labelSelector:
+  #       matchLabels:
+  #         app.kubernetes.io/instance: cert-manager
+  #         app.kubernetes.io/component: controller
+  topologySpreadConstraints: []
+
+  # Optional additional labels to add to the Webhook Pods.
+  podLabels: {}
+
+  # Optional additional labels to add to the Webhook Service.
+  serviceLabels: {}
+
+  # Optionally set the IP family policy for the controller Service to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services).
+  serviceIPFamilyPolicy: ""
+
+  # Optionally set the IP families for the controller Service that should be supported, in the order in which they should be applied to ClusterIP. Can be IPv4 and/or IPv6.
+  serviceIPFamilies: []
+
+  image:
+    # The container registry to pull the webhook image from.
+    # +docs:property
+    # registry: quay.io
+
+    # The container image for the cert-manager webhook
+    # +docs:property
+    repository: quay.io/jetstack/cert-manager-webhook
+
+    # Override the image tag to deploy by setting this variable.
+    # If no value is set, the chart's appVersion will be used.
+    # +docs:property
+    # tag: vX.Y.Z
+
+    # Setting a digest will override any tag
+    # +docs:property
+    # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
+
+    # Kubernetes imagePullPolicy on Deployment.
+    pullPolicy: IfNotPresent
+
+  serviceAccount:
+    # Specifies whether a service account should be created.
+    create: true
+
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template.
+    # +docs:property
+    # name: ""
+
+    # Optional additional annotations to add to the controller's Service Account.
+    # +docs:property
+    # annotations: {}
+
+    # Optional additional labels to add to the webhook's Service Account.
+    # +docs:property
+    # labels: {}
+
+    # Automount API credentials for a Service Account.
+    automountServiceAccountToken: true
+
+  # Automounting API credentials for a particular pod.
+  # +docs:property
+  # automountServiceAccountToken: true
+
+  # The port that the webhook listens on for requests.
+  # In GKE private clusters, by default Kubernetes apiservers are allowed to
+  # talk to the cluster nodes only on 443 and 10250. Configuring
+  # securePort: 10250, therefore will work out-of-the-box without needing to add firewall
+  # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000.
+  securePort: 10250
+
+  # Specifies if the webhook should be started in hostNetwork mode.
+  #
+  # Required for use in some managed kubernetes clusters (such as AWS EKS) with custom
+  # CNI (such as calico), because control-plane managed by AWS cannot communicate
+  # with pods' IP CIDR and admission webhooks are not working
+  #
+  # Since the default port for the webhook conflicts with kubelet on the host
+  # network, `webhook.securePort` should be changed to an available port if
+  # running in hostNetwork mode.
+  hostNetwork: false
+
+  # Specifies how the service should be handled. Useful if you want to expose the
+  # webhook outside of the cluster. In some cases, the control plane cannot
+  # reach internal services.
+  serviceType: ClusterIP
+
+  # Specify the load balancer IP for the created service.
+  # +docs:property
+  # loadBalancerIP: "10.10.10.10"
+
+  # Overrides the mutating webhook and validating webhook so they reach the webhook
+  # service using the `url` field instead of a service.
+  url: {}
+    # host:
+
+  # Enables default network policies for webhooks.
+  networkPolicy:
+    # Create network policies for the webhooks.
+    enabled: false
+
+    # Ingress rule for the webhook network policy. By default, it allows all
+    # inbound traffic.
+    # +docs:property
+    ingress:
+    - from:
+      - ipBlock:
+          cidr: 0.0.0.0/0
+
+    # Egress rule for the webhook network policy. By default, it allows all
+    # outbound traffic to ports 80 and 443, as well as DNS ports.
+    # +docs:property
+    egress:
+    - ports:
+      - port: 80
+        protocol: TCP
+      - port: 443
+        protocol: TCP
+      - port: 53
+        protocol: TCP
+      - port: 53
+        protocol: UDP
+      # On OpenShift and OKD, the Kubernetes API server listens on.
+      # port 6443.
+      - port: 6443
+        protocol: TCP
+      to:
+      - ipBlock:
+          cidr: 0.0.0.0/0
+
+  # Additional volumes to add to the cert-manager controller pod.
+  volumes: []
+
+  # Additional volume mounts to add to the cert-manager controller container.
+  volumeMounts: []
+
+  # enableServiceLinks indicates whether information about services should be
+  # injected into the pod's environment variables, matching the syntax of Docker
+  # links.
+  enableServiceLinks: false
+
+# +docs:section=CA Injector
+
+cainjector:
+  # Create the CA Injector deployment
+  enabled: true
+
+  # The number of replicas of the cert-manager cainjector to run.
+  #
+  # The default is 1, but in production set this to 2 or 3 to provide high
+  # availability.
+  #
+  # If `replicas > 1`, consider setting `cainjector.podDisruptionBudget.enabled=true`.
+  #
+  # Note that cert-manager uses leader election to ensure that there can
+  # only be a single instance active at a time.
+  replicaCount: 1
+
+  # This is used to configure options for the cainjector pod.
+  # It allows setting options that are usually provided via flags.
+  # An APIVersion and Kind must be specified in your values.yaml file.
+  # Flags override options that are set here.
+  #
+  # For example:
+  #  apiVersion: cainjector.config.cert-manager.io/v1alpha1
+  #  kind: CAInjectorConfiguration
+  #  logging:
+  #   verbosity: 2
+  #   format: text
+  #  leaderElectionConfig:
+  #   namespace: kube-system
+  config: {}
+
+  # Deployment update strategy for the cert-manager cainjector deployment.
+  # For more information, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy).
+  #
+  # For example:
+  #  strategy:
+  #    type: RollingUpdate
+  #    rollingUpdate:
+  #      maxSurge: 0
+  #      maxUnavailable: 1
+  strategy: {}
+
+  # Pod Security Context to be set on the cainjector component Pod
+  # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/).
+  # +docs:property
+  securityContext:
+    runAsNonRoot: true
+    seccompProfile:
+      type: RuntimeDefault
+
+  # Container Security Context to be set on the cainjector component container
+  # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/).
+  # +docs:property
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+      - ALL
+    readOnlyRootFilesystem: true
+
+  podDisruptionBudget:
+    # Enable or disable the PodDisruptionBudget resource.
+    #
+    # This prevents downtime during voluntary disruptions such as during a Node upgrade.
+    # For example, the PodDisruptionBudget will block `kubectl drain`
+    # if it is used on the Node where the only remaining cert-manager
+    # Pod is currently running.
+    enabled: false
+
+    # `minAvailable` configures the minimum available pods for disruptions. It can either be set to
+    # an integer (e.g. 1) or a percentage value (e.g. 25%).
+    # Cannot be used if `maxUnavailable` is set.
+    # +docs:property
+    # minAvailable: 1
+
+    # `maxUnavailable` configures the maximum unavailable pods for disruptions. It can either be set to
+    # an integer (e.g. 1) or a percentage value (e.g. 25%).
+    # Cannot be used if `minAvailable` is set.
+    # +docs:property
+    # maxUnavailable: 1
+
+  # Optional additional annotations to add to the cainjector Deployment.
+  # +docs:property
+  # deploymentAnnotations: {}
+
+  # Optional additional annotations to add to the cainjector Pods.
+  # +docs:property
+  # podAnnotations: {}
+
+  # Additional command line flags to pass to cert-manager cainjector binary.
+  # To see all available flags run `docker run quay.io/jetstack/cert-manager-cainjector:<version> --help`.
+  extraArgs: []
+  # Enable profiling for cainjector.
+  # - --enable-profiling=true
+
+  # Comma separated list of feature gates that should be enabled on the
+  # cainjector pod.
+  featureGates: ""
+
+  # Resources to provide to the cert-manager cainjector pod.
+  #
+  # For example:
+  #  requests:
+  #    cpu: 10m
+  #    memory: 32Mi
+  #
+  # For more information, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
+  resources: {}
+
+
+  # The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with
+  # matching labels.
+  # For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/).
+  #
+  # This default ensures that Pods are only scheduled to Linux nodes.
+  # It prevents Pods being scheduled to Windows nodes in a mixed OS cluster.
+  # +docs:property
+  nodeSelector:
+    kubernetes.io/os: linux
+
+  # A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core).
+  #
+  # For example:
+  #   affinity:
+  #     nodeAffinity:
+  #      requiredDuringSchedulingIgnoredDuringExecution:
+  #        nodeSelectorTerms:
+  #        - matchExpressions:
+  #          - key: foo.bar.com/role
+  #            operator: In
+  #            values:
+  #            - master
+  affinity: {}
+
+  # A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core).
+  #
+  # For example:
+  #   tolerations:
+  #   - key: foo.bar.com/role
+  #     operator: Equal
+  #     value: master
+  #     effect: NoSchedule
+  tolerations: []
+
+  # A list of Kubernetes TopologySpreadConstraints, if required. For more information, see [Topology spread constraint v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core).
+  #
+  # For example:
+  #   topologySpreadConstraints:
+  #   - maxSkew: 2
+  #     topologyKey: topology.kubernetes.io/zone
+  #     whenUnsatisfiable: ScheduleAnyway
+  #     labelSelector:
+  #       matchLabels:
+  #         app.kubernetes.io/instance: cert-manager
+  #         app.kubernetes.io/component: controller
+  topologySpreadConstraints: []
+
+  # Optional additional labels to add to the CA Injector Pods.
+  podLabels: {}
+
+  image:
+    # The container registry to pull the cainjector image from.
+    # +docs:property
+    # registry: quay.io
+
+    # The container image for the cert-manager cainjector
+    # +docs:property
+    repository: quay.io/jetstack/cert-manager-cainjector
+
+    # Override the image tag to deploy by setting this variable.
+    # If no value is set, the chart's appVersion will be used.
+    # +docs:property
+    # tag: vX.Y.Z
+
+    # Setting a digest will override any tag.
+    # +docs:property
+    # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
+
+    # Kubernetes imagePullPolicy on Deployment.
+    pullPolicy: IfNotPresent
+
+  serviceAccount:
+    # Specifies whether a service account should be created.
+    create: true
+
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    # +docs:property
+    # name: ""
+
+    # Optional additional annotations to add to the controller's Service Account.
+    # +docs:property
+    # annotations: {}
+
+    # Optional additional labels to add to the cainjector's Service Account.
+    # +docs:property
+    # labels: {}
+
+    # Automount API credentials for a Service Account.
+    automountServiceAccountToken: true
+
+  # Automounting API credentials for a particular pod.
+  # +docs:property
+  # automountServiceAccountToken: true
+
+  # Additional volumes to add to the cert-manager controller pod.
+  volumes: []
+
+  # Additional volume mounts to add to the cert-manager controller container.
+  volumeMounts: []
+
+  # enableServiceLinks indicates whether information about services should be
+  # injected into the pod's environment variables, matching the syntax of Docker
+  # links.
+  enableServiceLinks: false
+
+# +docs:section=ACME Solver
+
+acmesolver:
+  image:
+    # The container registry to pull the acmesolver image from.
+    # +docs:property
+    # registry: quay.io
+
+    # The container image for the cert-manager acmesolver.
+    # +docs:property
+    repository: quay.io/jetstack/cert-manager-acmesolver
+
+    # Override the image tag to deploy by setting this variable.
+    # If no value is set, the chart's appVersion is used.
+    # +docs:property
+    # tag: vX.Y.Z
+
+    # Setting a digest will override any tag.
+    # +docs:property
+    # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
+
+    # Kubernetes imagePullPolicy on Deployment.
+    pullPolicy: IfNotPresent
+
+# +docs:section=Startup API Check
+# This startupapicheck is a Helm post-install hook that waits for the webhook
+# endpoints to become available.
+# The check is implemented using a Kubernetes Job - if you are injecting mesh
+# sidecar proxies into cert-manager pods, ensure that they
+# are not injected into this Job's pod. Otherwise, the installation may time out
+# owing to the Job never being completed because the sidecar proxy does not exit.
+# For more information, see [this note](https://github.com/cert-manager/cert-manager/pull/4414).
+
+startupapicheck:
+  # Enables the startup api check.
+  enabled: true
+
+  # Pod Security Context to be set on the startupapicheck component Pod.
+  # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/).
+  # +docs:property
+  securityContext:
+    runAsNonRoot: true
+    seccompProfile:
+      type: RuntimeDefault
+
+  # Container Security Context to be set on the controller component container.
+  # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/).
+  # +docs:property
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+      - ALL
+    readOnlyRootFilesystem: true
+
+  # Timeout for 'kubectl check api' command.
+  timeout: 1m
+
+  # Job backoffLimit
+  backoffLimit: 4
+
+  # Optional additional annotations to add to the startupapicheck Job.
+  # +docs:property
+  jobAnnotations:
+    helm.sh/hook: post-install
+    helm.sh/hook-weight: "1"
+    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+
+  # Optional additional annotations to add to the startupapicheck Pods.
+  # +docs:property
+  # podAnnotations: {}
+
+  # Additional command line flags to pass to startupapicheck binary.
+  # To see all available flags run `docker run quay.io/jetstack/cert-manager-startupapicheck:<version> --help`.
+  #
+  # Verbose logging is enabled by default so that if startupapicheck fails, you
+  # can know what exactly caused the failure. Verbose logs include details of
+  # the webhook URL, IP address and TCP connect errors for example.
+  # +docs:property
+  extraArgs:
+  - -v
+
+  # Resources to provide to the cert-manager controller pod.
+  #
+  # For example:
+  #  requests:
+  #    cpu: 10m
+  #    memory: 32Mi
+  #
+  # For more information, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
+  resources: {}
+
+
+  # The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with
+  # matching labels.
+  # For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/).
+  #
+  # This default ensures that Pods are only scheduled to Linux nodes.
+  # It prevents Pods being scheduled to Windows nodes in a mixed OS cluster.
+  # +docs:property
+  nodeSelector:
+    kubernetes.io/os: linux
+
+  # A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core).
+  # For example:
+  #   affinity:
+  #     nodeAffinity:
+  #      requiredDuringSchedulingIgnoredDuringExecution:
+  #        nodeSelectorTerms:
+  #        - matchExpressions:
+  #          - key: foo.bar.com/role
+  #            operator: In
+  #            values:
+  #            - master
+  affinity: {}
+
+  # A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core).
+  #
+  # For example:
+  #   tolerations:
+  #   - key: foo.bar.com/role
+  #     operator: Equal
+  #     value: master
+  #     effect: NoSchedule
+  tolerations: []
+
+  # Optional additional labels to add to the startupapicheck Pods.
+  podLabels: {}
+
+  image:
+    # The container registry to pull the startupapicheck image from.
+    # +docs:property
+    # registry: quay.io
+
+    # The container image for the cert-manager startupapicheck.
+    # +docs:property
+    repository: quay.io/jetstack/cert-manager-startupapicheck
+
+    # Override the image tag to deploy by setting this variable.
+    # If no value is set, the chart's appVersion is used.
+    # +docs:property
+    # tag: vX.Y.Z
+
+    # Setting a digest will override any tag.
+    # +docs:property
+    # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
+
+    # Kubernetes imagePullPolicy on Deployment.
+    pullPolicy: IfNotPresent
+
+  rbac:
+    # annotations for the startup API Check job RBAC and PSP resources.
+    # +docs:property
+    annotations:
+      helm.sh/hook: post-install
+      helm.sh/hook-weight: "-5"
+      helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+
+  # Automounting API credentials for a particular pod.
+  # +docs:property
+  # automountServiceAccountToken: true
+
+  serviceAccount:
+    # Specifies whether a service account should be created.
+    create: true
+
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template.
+    # +docs:property
+    # name: ""
+
+    # Optional additional annotations to add to the Job's Service Account.
+    # +docs:property
+    annotations:
+      helm.sh/hook: post-install
+      helm.sh/hook-weight: "-5"
+      helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+
+    # Automount API credentials for a Service Account.
+    # +docs:property
+    automountServiceAccountToken: true
+
+    # Optional additional labels to add to the startupapicheck's Service Account.
+    # +docs:property
+    # labels: {}
+
+  # Additional volumes to add to the cert-manager controller pod.
+  volumes: []
+
+  # Additional volume mounts to add to the cert-manager controller container.
+  volumeMounts: []
+
+  # enableServiceLinks indicates whether information about services should be
+  # injected into pod's environment variables, matching the syntax of Docker
+  # links.
+  enableServiceLinks: false
+
+# Create dynamic manifests via values.
+#
+# For example:
+# extraObjects:
+#   - |
+#     apiVersion: v1
+#     kind: ConfigMap
+#     metadata:
+#       name: '{{ template "cert-manager.name" . }}-extra-configmap'
+extraObjects: []
diff --git a/homelab/silver-hand/old/helm/README.md b/homelab/silver-hand/old/helm/README.md
new file mode 100644
index 00000000..43b59038
--- /dev/null
+++ b/homelab/silver-hand/old/helm/README.md
@@ -0,0 +1,26 @@
+# Helm
+This directory contains documentation and files related to configuring Helm for the Silver Hand cluster. 
+
+### Repositories Used
+- [kubernetes-dashboard](https://kubernetes.github.io/dashboard/) to provide [Kubernetes Dashboard](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/).
+
+### Steps Taken So Far
+```
+helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
+helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
+```
+
+```
+helm repo add traefik https://traefik.github.io/charts
+helm install traefik traefik/traefik --version 30.0.2
+```
+
+```
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.2/cert-manager.crds.yaml
+helm repo add jetstack https://charts.jetstack.io --force-update
+helm install cert-manager --namespace cert-manager --version v1.15.2 jetstack/cert-manager
+
+```
+
+#### Sources:
+[Deploy and Access the Kubernetes Dashboard - Kubernetes.io](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/)
\ No newline at end of file
diff --git a/homelab/silver-hand/old/jafner-dev/jafner-dev.dataset.yml b/homelab/silver-hand/old/jafner-dev/jafner-dev.dataset.yml
new file mode 100644
index 00000000..3898040b
--- /dev/null
+++ b/homelab/silver-hand/old/jafner-dev/jafner-dev.dataset.yml
@@ -0,0 +1,13 @@
+---
+apiVersion: datashim.io/v1alpha1
+kind: Dataset
+metadata:
+  namespace: jafner-dev
+  name: jafner-dev
+spec:
+  local:
+    type: "COS"
+    secret-name: jafner-dev-aws-credentials
+    endpoint: "https://s3.us-west-2.amazonaws.com"
+    bucket: "jafner-dev"
+    region: "us-west-2"
\ No newline at end of file
diff --git a/homelab/silver-hand/old/jafner-dev/jafner-dev.ingress.yml b/homelab/silver-hand/old/jafner-dev/jafner-dev.ingress.yml
new file mode 100644
index 00000000..28568436
--- /dev/null
+++ b/homelab/silver-hand/old/jafner-dev/jafner-dev.ingress.yml
@@ -0,0 +1,21 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  namespace: jafner-dev
+  name: jafner-dev
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  ingressClassName: jafner-dev
+  rules:
+  - host: "jafner-dev.k3s.jafner.net"
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend: 
+          service: 
+            name: jafner-dev-service
+            port:
+              number: 80
\ No newline at end of file
diff --git a/homelab/silver-hand/old/jafner-dev/jafner-dev.namespace.yml b/homelab/silver-hand/old/jafner-dev/jafner-dev.namespace.yml
new file mode 100644
index 00000000..9eaed95a
--- /dev/null
+++ b/homelab/silver-hand/old/jafner-dev/jafner-dev.namespace.yml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: jafner-dev
\ No newline at end of file
diff --git a/homelab/silver-hand/old/jafner-dev/jafner-dev.pod.yml b/homelab/silver-hand/old/jafner-dev/jafner-dev.pod.yml
new file mode 100644
index 00000000..3f4caeb5
--- /dev/null
+++ b/homelab/silver-hand/old/jafner-dev/jafner-dev.pod.yml
@@ -0,0 +1,24 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  namespace: jafner-dev
+  name: nginx
+  labels:
+    app: jafner-dev
+    dataset.0.id: "jafner-dev"
+    dataset.0.useas: "mount"
+spec:
+  containers:
+  - name: nginx
+    image: nginx
+    ports:
+    - containerPort: 80
+      name: http
+    volumeMounts:
+    - mountPath: "/usr/share/nginx/html"
+      name: "jafner-dev"
+  volumes:
+  - name: "jafner-dev"
+    persistentVolumeClaim:
+      claimName: "jafner-dev"
\ No newline at end of file
diff --git a/homelab/silver-hand/old/jafner-dev/jafner-dev.service.yml b/homelab/silver-hand/old/jafner-dev/jafner-dev.service.yml
new file mode 100644
index 00000000..6c5d063e
--- /dev/null
+++ b/homelab/silver-hand/old/jafner-dev/jafner-dev.service.yml
@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Service
+metadata: 
+  namespace: jafner-dev
+  name: jafner-dev-service
+spec:
+  type: LoadBalancer
+  selector:
+    app: jafner-dev
+  ports:
+  - port: 80
+    targetPort: 80
diff --git a/homelab/silver-hand/kubernetes-dashboard/dashboard.admin-user-role.yml b/homelab/silver-hand/old/kubernetes-dashboard/dashboard.admin-user-role.yml
similarity index 100%
rename from homelab/silver-hand/kubernetes-dashboard/dashboard.admin-user-role.yml
rename to homelab/silver-hand/old/kubernetes-dashboard/dashboard.admin-user-role.yml
diff --git a/homelab/silver-hand/kubernetes-dashboard/dashboard.admin-user.yml b/homelab/silver-hand/old/kubernetes-dashboard/dashboard.admin-user.yml
similarity index 100%
rename from homelab/silver-hand/kubernetes-dashboard/dashboard.admin-user.yml
rename to homelab/silver-hand/old/kubernetes-dashboard/dashboard.admin-user.yml
diff --git a/homelab/silver-hand/kubernetes-dashboard/dashboard.deployment.yml b/homelab/silver-hand/old/kubernetes-dashboard/dashboard.deployment.yml
similarity index 100%
rename from homelab/silver-hand/kubernetes-dashboard/dashboard.deployment.yml
rename to homelab/silver-hand/old/kubernetes-dashboard/dashboard.deployment.yml
diff --git a/homelab/silver-hand/kubernetes-dashboard/kubernetes-dashboard.yml b/homelab/silver-hand/old/kubernetes-dashboard/kubernetes-dashboard.yml
similarity index 100%
rename from homelab/silver-hand/kubernetes-dashboard/kubernetes-dashboard.yml
rename to homelab/silver-hand/old/kubernetes-dashboard/kubernetes-dashboard.yml
diff --git a/homelab/silver-hand/old/traefik/traefik-custom-values.yml b/homelab/silver-hand/old/traefik/traefik-custom-values.yml
new file mode 100644
index 00000000..66c2a569
--- /dev/null
+++ b/homelab/silver-hand/old/traefik/traefik-custom-values.yml
@@ -0,0 +1,90 @@
+certResolvers:
+  cloudflare:
+    dnsChallenge:
+      provider: cloudflare
+    storage: /ssl-certs/acme-cloudflare.json
+
+env:
+  - name: CF_DNS_API_TOKEN
+    valueFrom:
+      secretKeyRef:
+        key: token
+        name: cloudflare-token-jafner-net-dns-edit
+
+logs:
+  general:
+    level: error
+
+ports:
+  web:
+    redirectTo: 
+      port: websecure
+  websecure:
+    tls:
+      enabled: true
+      certResolver: cloudflare
+
+ingressRoute: 
+  dashboard:
+    enabled: true
+
+additionalArguments:
+- "--api.insecure=true"
+
+tlsStore:
+  default:
+    defaultCertificate:
+      secretName: traefik-k3s-jafner-net
+
+persistence:
+  enabled: true
+  name: ssl-certs
+  size: 1Gi
+  path: /ssl-certs
+  storageClass: local-path
+
+deployment:
+  initContainers:
+    - name: volume-permissions
+      image: busybox:1.36.1
+      command: ["sh", "-c", "touch /ssl-certs/acme-cloudflare.json; chmod -v 600 /ssl-certs/acme-cloudflare.json"]
+      volumeMounts:
+        - name: ssl-certs
+          mountPath: /ssl-certs
+
+ingressClass:
+  enabled: true
+  isDefaultClass: true
+
+extraObjects:
+  - apiVersion: v1
+    kind: Service
+    metadata:
+      name: traefik-dashboard
+    spec:
+      selector:
+        app.kubernetes.io/name: traefik
+        app.kubernetes.io/instance: traefik-traefik
+      ports:
+      - port: 8080
+        name: traefik
+        targetPort: 9000
+        protocol: TCP
+  - apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    metadata:
+      name: traefik-dashboard
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    spec:
+      rules:
+      - host: traefik.k3s.jafner.net
+        http:
+          paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service: 
+                name: traefik-dashboard
+                port:
+                  name: traefik
\ No newline at end of file
diff --git a/homelab/silver-hand/old/traefik/traefik-dashboard.yml b/homelab/silver-hand/old/traefik/traefik-dashboard.yml
new file mode 100644
index 00000000..d92b4879
--- /dev/null
+++ b/homelab/silver-hand/old/traefik/traefik-dashboard.yml
@@ -0,0 +1,90 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: traefik
+
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: cloudflare
+  namespace: traefik
+spec:
+  acme: 
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: jafner425@gmail.com
+    privateKeySecretRef:
+      name: cloudflare-key
+    solvers:
+      - dns01: 
+          cloudflare:
+            apiTokenSecretRef:
+              name: cloudflare-token-jafner-net-dns-edit
+              key: token
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: traefik-k3s-jafner-net
+  namespace: traefik
+spec: 
+  secretName: traefik-k3s-jafner-net
+  dnsNames:
+    - "traefik.k3s.jafner.net"
+  issuerRef:
+    name: cloudflare
+    kind: Issuer
+
+
+# ---
+# apiVersion: traefik.containo.us/v1alpha1
+# kind: IngressRoute
+# metadata:
+#   name: traefik-dashboard
+#   namespace: traefik
+# spec: 
+#   entryPoints: ["websecure"]
+#   routes:
+#   tls:
+#     certResolver: cloudflare
+
+# ---
+# apiVersion: v1
+# kind: Service
+# metadata:
+#   name: traefik-dashboard
+#   namespace: traefik
+# spec:
+#   selector:
+#     app.kubernetes.io/name: traefik
+#   type: ClusterIP
+#   ports:
+#   - name: http
+#     port: 80
+#     targetPort: 9000
+
+# ---
+# apiVersion: networking.k8s.io/v1
+# kind: Ingress
+# metadata:
+#   name: traefik-dashboard
+#   namespace: traefik
+# spec:
+#   tls:
+#   - hosts:
+#       - traefik.k3s.jafner.net
+#     secretName: cloudflare-token-jafner-net-dns-edit
+#   rules:
+#   - host: traefik.k3s.jafner.net
+#     http:
+#       paths:
+#       - path: /
+#         pathType: Prefix
+#         backend:
+#           service:
+#             name: traefik-dashboard
+#             port:
+#               number: 80
+
diff --git a/homelab/silver-hand/silver-hand.tf b/homelab/silver-hand/silver-hand.tf
new file mode 100644
index 00000000..143803a2
--- /dev/null
+++ b/homelab/silver-hand/silver-hand.tf
@@ -0,0 +1,72 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+      version = "2.31.0"
+    }
+    helm = {
+      source = "hashicorp/helm"
+      version = "2.14.1"
+    }
+    kubectl = {
+      source = "gavinbunney/kubectl"
+      version = "1.14.0"
+    }
+    cloudflare = {
+      source = "cloudflare/cloudflare"
+      version = "~> 4.0"
+    }
+    dns = {
+      source = "hashicorp/dns"
+      version = "3.4.1"
+    }
+  }
+}
+
+provider "kubernetes" {
+    config_path = "~/.kube/config"
+    config_context = "default"
+}
+
+provider "helm" {
+  kubernetes {
+    config_path = "~/.kube/config"
+  }
+}
+
+provider "kubectl" { 
+}
+
+provider "cloudflare" {
+  api_token = var.cloudflare_token
+}
+
+variable "cloudflare_token" {
+  type = string
+}
+
+# Below allows us to reference public IP of TF execution environment 
+# with `data.http.myip.body`
+data "http" "myip" {
+  url = "https://ipv4.icanhazip.com"
+}
+
+# Below allows us to reference DNS A-records for the listed domains 
+# with `data.dns_a_record_set.<data-object-name>.addrs`
+data "dns_a_record_set" "jafner-net" {
+  host = "jafner.net"
+}
+data "dns_a_record_set" "jafner-dev" {
+  host = "jafner.dev"
+}
+data "dns_a_record_set" "jafner-chat" {
+  host = "jafner.chat"
+}
+
+## Look into how to implement a wait-for timer like this for self-hosted k3s.
+#resource "time_sleep" "wait_for_kubernetes" {
+#    depends_on = [
+#        civo_kubernetes_cluster.k8s_demo_1
+#    ]
+#    create_duration = "20s"
+#}
\ No newline at end of file
diff --git a/homelab/silver-hand/traefik.tf b/homelab/silver-hand/traefik.tf
new file mode 100644
index 00000000..3094200c
--- /dev/null
+++ b/homelab/silver-hand/traefik.tf
@@ -0,0 +1,49 @@
+resource "kubernetes_namespace" "traefik" {
+    metadata {
+        name = "traefik"
+    }
+}
+
+resource "helm_release" "traefik" {
+    depends_on = [
+        kubernetes_namespace.traefik
+    ]
+    name = "traefik"
+    namespace = "traefik"
+    repository = "https://traefik.github.io/charts"
+    chart = "traefik"
+    version = "30.0.2"
+    lint = true
+    cleanup_on_fail = true
+    create_namespace = true
+    dependency_update = true
+    replace = true
+    set {
+        name  = "ingressClass.enabled"
+        value = "true"
+    }
+    set {
+        name  = "ingressClass.isDefaultClass"
+        value = "true"
+    }
+    set {
+        name  = "ports.web.redirectTo.port"
+        value = "websecure"
+    }
+    set {
+        name  = "ports.websecure.tls.enabled"
+        value = "true"
+    }
+
+    # In my local k3s environment, we need to give the Traefik service at least one external IP
+    # Else it will be stuck <pending> and terraform will fail to apply.
+    set_list { 
+        name = "service.externalIPs"
+        value = [
+            "192.168.1.31",
+            "192.168.1.32",
+            "192.168.1.33"
+        ]
+    }
+}
+