diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml
index 3db24619..b13453dc 100644
--- a/.github/workflows/lint-test.yaml
+++ b/.github/workflows/lint-test.yaml
@@ -11,7 +11,7 @@ jobs:
       src: ${{ steps.changes.outputs.src}}
 
     steps:
-      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+      - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
         id: changes
         continue-on-error: true
         with:
@@ -27,12 +27,12 @@ jobs:
     if: needs.changes.outputs.src != 'false'
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
       - name: Install Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@v5
         with:
           version: v3.14.4
 
@@ -42,7 +42,7 @@ jobs:
           helm repo add collabora-online https://collaboraonline.github.io/online
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.7.0
+        uses: helm/chart-testing-action@v2.8.0
 
       - name: Run chart-testing (list-changed)
         id: list-changed
@@ -95,14 +95,22 @@ jobs:
             helm_args: --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/imaginary.yaml"
             test: true
 
+          # test the helm chart with extra manifests
+          - name: Extra Manifests Enabled
+            helm_args: --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/extra-manifests.yaml"
+            test: true
+          - name: Extra Manifests using a map Enabled
+            helm_args: --namespace nextcloud --skip-clean-up --helm-extra-set-args "--create-namespace --values charts/nextcloud/test-values/extra-manifests-map.yaml"
+            test: true
+  
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
       - name: Install Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@v5
         with:
           version: v3.14.4
 
@@ -112,7 +120,7 @@ jobs:
           helm repo add collabora-online https://collaboraonline.github.io/online
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.7.0
+        uses: helm/chart-testing-action@v2.8.0
 
       - name: Run chart-testing (list-changed)
         id: list-changed
@@ -123,7 +131,7 @@ jobs:
           fi
 
       - name: Create kind cluster
-        uses: helm/kind-action@v1.12.0
+        uses: helm/kind-action@v1.14.0
         if: steps.list-changed.outputs.changed == 'true'
 
       - name: Install MinIO for testing S3 as Primary Storage
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 2a8c74ea..46c70ec1 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -19,7 +19,7 @@ jobs:
       packages: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Fetch history
         run: git fetch --prune --unshallow
@@ -30,7 +30,7 @@ jobs:
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
       - name: Set up Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@v5
         with:
           version: v3.17.2
 
@@ -49,7 +49,7 @@ jobs:
 
       - if: ${{ steps.cr.outputs.changed_charts }}
         name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
diff --git a/README.md b/README.md
index 1927ef4b..21abd29b 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,8 @@
 
 [Helm](https://helm.sh) repo for different charts related to Nextcloud which can be installed on [Kubernetes](https://kubernetes.io)
 
+⚠️⚠️⚠️ This project is maintained by community volunteers and designed for expert use. For quick and easy deployment that supports the full set of Nextcloud Hub features, use the [Nextcloud All-in-One project](https://github.com/nextcloud/all-in-one#nextcloud-all-in-one) maintained by Nextcloud GmbH.
+
 ### Add Helm repository
 
 To install the repo just run:
diff --git a/charts/nextcloud/CHANGELOG.md b/charts/nextcloud/CHANGELOG.md
index c5daabca..f8f557d8 100644
--- a/charts/nextcloud/CHANGELOG.md
+++ b/charts/nextcloud/CHANGELOG.md
@@ -4,6 +4,11 @@ This Helm-Chart increase there major version on every breaking change (or major
 
 Here we list all major versions and their breaking changes for migration.
 
+## v9
+- upgrade to v33 major version
+- move `metrics.serviceMonitor` to `prometheus.serviceMonitor`: It us used for metrics like openmetric and nextcloud-exporter
+- move `metrics.rules` to `prometheus.rules`: It us used for all collected metrics
+
 ## v8
 - `cronjob.command` was renamed to `cronjob.sidecar.command` to avoid confusion with the cronjob command. Please update your `values.yaml` accordingly.
 
diff --git a/charts/nextcloud/Chart.lock b/charts/nextcloud/Chart.lock
index ca16be0e..a2ef88c0 100644
--- a/charts/nextcloud/Chart.lock
+++ b/charts/nextcloud/Chart.lock
@@ -10,6 +10,6 @@ dependencies:
   version: 21.1.3
 - name: collabora-online
   repository: https://collaboraonline.github.io/online
-  version: 1.1.20
-digest: sha256:47979e007ed8bb4a53ec00c5e457da110573a6e067f24da505144f475b26981c
-generated: "2025-05-18T15:22:37.968306345+02:00"
+  version: 1.1.60
+digest: sha256:d23b1ed8608eebf338fce515241497aba8038c3fb3a336fd6dc405568708a120
+generated: "2026-03-29T15:58:20.663360455Z"
diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml
index d8e1b48c..8a34802c 100644
--- a/charts/nextcloud/Chart.yaml
+++ b/charts/nextcloud/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
 name: nextcloud
-version: 8.2.0
+version: 9.0.4
 # renovate: image=docker.io/library/nextcloud
-appVersion: 32.0.0
+appVersion: 33.0.0
 description: A file sharing server that puts the control and security of your own data back into your hands.
 keywords:
   - nextcloud
@@ -40,7 +40,7 @@ dependencies:
     repository: oci://registry-1.docker.io/bitnamicharts
     condition: redis.enabled
   - name: collabora-online
-    version: 1.1.20
+    version: 1.1.60
     repository: https://collaboraonline.github.io/online
     condition: collabora.enabled
     alias: collabora
diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md
index dd289e80..f42d2b64 100644
--- a/charts/nextcloud/README.md
+++ b/charts/nextcloud/README.md
@@ -11,47 +11,51 @@ helm install my-release nextcloud/nextcloud
 
 ## Quick Links
 
-* [Introduction](#introduction)
-* [Prerequisites](#prerequisites)
-* [Installing the Chart](#installing-the-chart)
-* [Uninstalling the Chart](#uninstalling-the-chart)
-* [Upgrade / Breaking Changes](#upgrade--breaking-changes)
-* [Configuration](#configuration)
-    * [Ingress](#ingress)
-        * [Ingress Sticky-Sessions](#ingress-sticky-sessions)
-            * [NGINX Ingress-Controller](#nginx-ingress-controller)
-            * [Traefik Ingress-Controller](#traefik-ingress-controller)
-            * [HAProxy Ingress-Controller (Community-Version)](#haproxy-ingress-controller-community-version)
-    * [Database Configurations](#database-configurations)
-    * [Object Storage as Primary Storage Configuration](#object-storage-as-primary-storage-configuration)
-    * [Persistence Configurations](#persistence-configurations)
-    * [Metrics Configurations](#metrics-configurations)
-    * [Headers set on NGINX](#headers-set-on-nginx)
-    * [Probes Configurations](#probes-configurations)
-    * [Collabora Configuration](#collabora-configuration)
-    * [Imaginary](#imaginary)
-* [Cron jobs](#cron-jobs)
-* [Using the nextcloud docker image auto-configuration via env vars](#using-the-nextcloud-docker-image-auto-configuration-via-env-vars)
-* [Multiple config.php file](#multiple-configphp-file)
-* [Using nginx](#using-nginx)
-    * [Service discovery with nginx and ingress](#service-discovery-with-nginx-and-ingress)
-* [Preserving Source IP](#preserving-source-ip)
-* [Hugepages](#hugepages)
-* [HPA (Clustering)](#hpa-clustering)
-* [Adjusting PHP ini values](#adjusting-php-ini-values)
-* [Running `occ` commands](#running-occ-commands)
-    * [Putting Nextcloud into maintanence mode](#putting-nextcloud-into-maintanence-mode)
-    * [Downloading models for recognize](#downloading-models-for-recognize)
-* [Backups](#backups)
-* [Upgrades](#upgrades)
-* [Troubleshooting](#troubleshooting)
-    * [Logging](#logging)
-        * [Changing the logging behavior](#changing-the-logging-behavior)
-        * [Viewing the logs](#viewing-the-logs)
-            * [Exec into the kubernetes pod:](#exec-into-the-kubernetes-pod)
-            * [Then look for the `nextcloud.log` file with tail or cat:](#then-look-for-the-nextcloudlog-file-with-tail-or-cat)
-            * [Copy the log file to your local machine:](#copy-the-log-file-to-your-local-machine)
-        * [Sharing the logs](#sharing-the-logs)
+- [Nextcloud Helm Chart](#nextcloud-helm-chart)
+  - [TL;DR;](#tldr)
+  - [Quick Links](#quick-links)
+  - [Introduction](#introduction)
+  - [Prerequisites](#prerequisites)
+  - [Installing the Chart](#installing-the-chart)
+  - [Uninstalling the Chart](#uninstalling-the-chart)
+  - [Upgrade / Breaking Changes](#upgrade--breaking-changes)
+  - [Configuration](#configuration)
+    - [Ingress](#ingress)
+      - [Ingress Sticky-Sessions](#ingress-sticky-sessions)
+        - [NGINX Ingress-Controller](#nginx-ingress-controller)
+        - [Traefik Ingress-Controller](#traefik-ingress-controller)
+        - [HAProxy Ingress-Controller (Community-Version)](#haproxy-ingress-controller-community-version)
+    - [Database Configurations](#database-configurations)
+    - [Object Storage as Primary Storage Configuration](#object-storage-as-primary-storage-configuration)
+    - [Persistence Configurations](#persistence-configurations)
+    - [Metrics Configurations](#metrics-configurations)
+    - [Headers set on NGINX](#headers-set-on-nginx)
+    - [Probes Configurations](#probes-configurations)
+    - [Collabora Configuration](#collabora-configuration)
+    - [Imaginary](#imaginary)
+  - [Cron jobs](#cron-jobs)
+  - [Using the nextcloud docker image auto-configuration via env vars](#using-the-nextcloud-docker-image-auto-configuration-via-env-vars)
+  - [Multiple config.php file](#multiple-configphp-file)
+  - [Using nginx](#using-nginx)
+    - [Service discovery with nginx and ingress](#service-discovery-with-nginx-and-ingress)
+  - [Preserving Source IP](#preserving-source-ip)
+  - [Hugepages](#hugepages)
+  - [HPA (Clustering)](#hpa-clustering)
+  - [Adjusting PHP ini values](#adjusting-php-ini-values)
+  - [Running `occ` commands](#running-occ-commands)
+    - [Putting Nextcloud into maintanence mode](#putting-nextcloud-into-maintanence-mode)
+    - [Downloading models for recognize](#downloading-models-for-recognize)
+  - [Injecting Additional Manifests (`extraManifests`)](#injecting-additional-manifests-extramanifests)
+- [Backups](#backups)
+- [Upgrades](#upgrades)
+- [Troubleshooting](#troubleshooting)
+  - [Logging](#logging)
+    - [Changing the logging behavior](#changing-the-logging-behavior)
+    - [Viewing the logs](#viewing-the-logs)
+      - [Exec into the kubernetes pod:](#exec-into-the-kubernetes-pod)
+      - [Then look for the `nextcloud.log` file with tail or cat:](#then-look-for-the-nextcloudlog-file-with-tail-or-cat)
+      - [Copy the log file to your local machine:](#copy-the-log-file-to-your-local-machine)
+    - [Sharing the logs](#sharing-the-logs)
 
 ## Introduction
 
@@ -174,6 +178,7 @@ The following table lists the configurable parameters of the nextcloud chart and
 | `nextcloud.securityContext`                                 | Optional security context for the NextCloud container                                               | `nil`                                                        |
 | `nextcloud.podSecurityContext`                              | Optional security context for the NextCloud pod (applies to all containers in the pod)              | `nil`                                                        |
 | `nextcloud.postgreSqlInitContainer.securityContext`         | Set postgresql initContainer securityContext parameters.                                            | `{}`                                                         |
+| `nextcloud.priorityClassName`                               | Priority Class for nextcloud. Defaults to .priorityClassName                                        | `nil`                                                        |
 | `nginx.enabled`                                             | Enable nginx (requires you use php-fpm image)                                                       | `false`                                                      |
 | `nginx.image.repository`                                    | nginx Image name, e.g. use `nginxinc/nginx-unprivileged` for rootless container                     | `nginx`                                                      |
 | `nginx.image.tag`                                           | nginx Image tag                                                                                     | `alpine`                                                     |
@@ -217,8 +222,10 @@ The following table lists the configurable parameters of the nextcloud chart and
 | `cronjob.cronjob.podLabels`                                 | An array of service labels                                                                          | `nil`                                                        |
 | `cronjob.cronjob.annotations`                               | An array of service annotations                                                                     | `nil`                                                        |
 | `cronjob.cronjob.backoffLimit`                              | The number of retries before marking a job as failed                                                | `1`                                                          |
+| `cronjob.cronjob.activeDeadlineSeconds`                     | The number of seconds before cancelling a job                                                       | `nil`                                                          |
 | `cronjob.cronjob.affinity`                                  | The affinity settings for the cron job                                                              | `{}`                                                         |
 | `cronjob.cronjob.resources`                                 | The resource requests/limits for the cron job                                                       | `{}`                                                         |
+| `cronjob.cronjob.priorityClassName`                         | Priority Class for cronjob. Defaults to .priorityClassName                                          | `nil`                                                        |
 | `cronjob.cronjob.securityContext`                           | Optional security context for cronjobs                                                              | `nil`                                                        |
 | `cronjob.cronjob.command`                                   | The command the cronjob executes                                                                    | `["php", "-f", "/var/www/html/cron.php", "--", "--verbose"]` |
 | `service.type`                                              | Kubernetes Service type                                                                             | `ClusterIP`                                                  |
@@ -226,12 +233,13 @@ The following table lists the configurable parameters of the nextcloud chart and
 | `service.annotations`                                       | Annotations for service type                                                                        | `{}`                                                         |
 | `service.nodePort`                                          | NodePort for service type NodePort                                                                  | `nil`                                                        |
 | `service.ipFamilies`                                        | Set ipFamilies as in k8s service objects                                                            | `nil`                                                        |
-| `service.ipFamyPolicy`                                      | define IP protocol bindings as in k8s service objects                                               | `nil`                                                        |
+| `service.ipFamilyPolicy`                                    | define IP protocol bindings as in k8s service objects                                               | `nil`                                                        |
 | `service.sessionAffinity`                                   | Kubernetes service Session Affinity                                                                 | `nil`                                                        |
 | `service.sessionAffinityConfig`                             | Kubernetes service Session Affinity configuration                                                   | `{}`                                                         |
 | `phpClientHttpsFix.enabled`                                 | Sets OVERWRITEPROTOCOL for https ingress redirect                                                   | `false`                                                      |
 | `phpClientHttpsFix.protocol`                                | Sets OVERWRITEPROTOCOL for https ingress redirect                                                   | `https`                                                      |
 | `resources`                                                 | CPU/Memory resource requests/limits                                                                 | `{}`                                                         |
+| `priorityClassName`                                         | Priority Class for pods                                                                             | `nil`                                                        |
 | `rbac.enabled`                                              | Enable Role and rolebinding for priveledged PSP                                                     | `false`                                                      |
 | `rbac.serviceaccount.create`                                | Wether to create a serviceaccount or use an existing one (requires rbac)                            | `true`                                                       |
 | `rbac.serviceaccount.name`                                  | The name of the sevice account that the deployment will use (requires rbac)                         | `nextcloud-serviceaccount`                                   |
@@ -245,6 +253,8 @@ The following table lists the configurable parameters of the nextcloud chart and
 | `podLabels`                                                 | Labels to be added at 'pod' level                                                                   | not set                                                      |
 | `podAnnotations`                                            | Annotations to be added at 'pod' level                                                              | not set                                                      |
 | `dnsConfig`                                                 | Custom dnsConfig for nextcloud containers                                                           | `{}`                                                         |
+| `topologySpreadConstraints`                                 | TopologySpreadConstraints for nextcloud pod and cronjob pod                                         | `{}`                                                         |
+| `extraManifests`                                            | Map or List of additional Kubernetes manifests to render with the release. If a List is provided, each item can be either a YAML string (multi-line block) or a YAML object. Useful for custom resources like Traefik IngressRoutes, Middlewares, etc. | `[]`                       |
 
 ### Ingress
 #### Ingress Sticky-Sessions
@@ -387,20 +397,24 @@ The [Nextcloud](https://hub.docker.com/_/nextcloud/) image stores the nextcloud
 Persistent Volume Claims are used to keep the data across deployments. This is known to work with GKE, EKS, K3s, and minikube.
 Nextcloud will *not* delete the PVCs when uninstalling the helm chart.
 
-| Parameter                                 | Description                                          | Default         |
-| ----------------------------------------- | ---------------------------------------------------- | --------------- |
-| `persistence.enabled`                     | Enable persistence using PVC                         | `false`         |
-| `persistence.annotations`                 | PVC annotations                                      | `{}`            |
-| `persistence.storageClass`                | PVC Storage Class for nextcloud volume               | `nil`           |
-| `persistence.existingClaim`               | An Existing PVC name for nextcloud volume            | `nil`           |
-| `persistence.accessMode`                  | PVC Access Mode for nextcloud volume                 | `ReadWriteOnce` |
-| `persistence.size`                        | PVC Storage Request for nextcloud volume             | `8Gi`           |
-| `persistence.nextcloudData.enabled`       | Create a second PVC for the data folder in nextcloud | `false`         |
-| `persistence.nextcloudData.annotations`   | see `persistence.annotations`                        | `{}`            |
-| `persistence.nextcloudData.storageClass`  | see `persistence.storageClass`                       | `nil`           |
-| `persistence.nextcloudData.existingClaim` | see `persistence.existingClaim`                      | `nil`           |
-| `persistence.nextcloudData.accessMode`    | see `persistence.accessMode`                         | `ReadWriteOnce` |
-| `persistence.nextcloudData.size`          | see `persistence.size`                               | `8Gi`           |
+| Parameter                                 | Description                                             | Default         |
+|-------------------------------------------|---------------------------------------------------------|-----------------|
+| `persistence.enabled`                     | Enable persistence using PVC                            | `false`         |
+| `persistence.hostPath`                    | Path on the host where nextcloud data is stored         | `nil`           |
+| `persistence.annotations`                 | PVC annotations                                         | `{}`            |
+| `persistence.labels`                      | PVC labels                                              | `{}`            |
+| `persistence.storageClass`                | PVC Storage Class for nextcloud volume                  | `nil`           |
+| `persistence.existingClaim`               | An Existing PVC name for nextcloud volume               | `nil`           |
+| `persistence.accessMode`                  | PVC Access Mode for nextcloud volume                    | `ReadWriteOnce` |
+| `persistence.size`                        | PVC Storage Request for nextcloud volume                | `8Gi`           |
+| `persistence.nextcloudData.enabled`       | Create a second PVC for the data folder in nextcloud    | `false`         |
+| `persistence.nextcloudData.hostPath`      | Path on the host where nextcloud data is stored         | `nil`           |
+| `persistence.nextcloudData.annotations`   | see `persistence.annotations`                           | `{}`            |
+| `persistence.nextcloudData.labels`        | see `persistence.labels`                                | `{}`            |
+| `persistence.nextcloudData.storageClass`  | see `persistence.storageClass`                          | `nil`           |
+| `persistence.nextcloudData.existingClaim` | see `persistence.existingClaim`                         | `nil`           |
+| `persistence.nextcloudData.accessMode`    | see `persistence.accessMode`                            | `ReadWriteOnce` |
+| `persistence.nextcloudData.size`          | see `persistence.size`                                  | `8Gi`           |
 
 ### Metrics Configurations
 
@@ -561,27 +575,29 @@ This section provides options to enable and configure the Collabora Online serve
 
 We include an optional external preview provider from [h2non/imaginary](https://github.com/h2non/imaginary).
 
-| Parameter                          | Description                                                                            | Default           |
-| ---------------------------------- | -------------------------------------------------------------------------------------- | ----------------- |
-| `imaginary.enabled`                | Start Imaginary                                                                        | `false`           |
-| `imaginary.replicaCount`           | Number of imaginary pod replicas to deploy                                             | `1`               |
-| `imaginary.image.registry`         | Imaginary image name                                                                   | `docker.io`       |
-| `imaginary.image.repository`       | Imaginary image name                                                                   | `h2non/imaginary` |
-| `imaginary.image.tag`              | Imaginary image tag                                                                    | `1.2.4`           |
-| `imaginary.image.pullPolicy`       | Imaginary image pull policy                                                            | `IfNotPresent`    |
-| `imaginary.image.pullSecrets`      | Imaginary image pull secrets                                                           | `nil`             |
-| `imaginary.podAnnotations`         | Additional annotations for imaginary                                                   | `{}`              |
-| `imaginary.podLabels`              | Additional labels for imaginary                                                        | `{}`              |
-| `imaginary.nodeSelector`           | Imaginary pod nodeSelector                                                             | `{}`              |
-| `imaginary.tolerations`            | Imaginary pod tolerations                                                              | `[]`              |
-| `imaginary.resources`              | imaginary resources                                                                    | `{}`              |
-| `imaginary.securityContext`        | Optional security context for the Imaginary container                                  | `nil`             |
-| `imaginary.podSecurityContext`     | Optional security context for the Imaginary pod (applies to all containers in the pod) | `nil`             |
-| `imaginary.service.type`           | Imaginary: Kubernetes Service type                                                     | `ClusterIP`       |
-| `imaginary.service.loadBalancerIP` | Imaginary: LoadBalancerIp for service type LoadBalancer                                | `nil`             |
-| `imaginary.service.nodePort`       | Imaginary: NodePort for service type NodePort                                          | `nil`             |
-| `imaginary.service.annotations`    | Additional annotations for service imaginary                                           | `{}`              |
-| `imaginary.service.labels`         | Additional labels for service imaginary                                                | `{}`              |
+| Parameter                             | Description                                                                            | Default           |
+| ------------------------------------- | -------------------------------------------------------------------------------------- | ----------------- |
+| `imaginary.enabled`                   | Start Imaginary                                                                        | `false`           |
+| `imaginary.replicaCount`              | Number of imaginary pod replicas to deploy                                             | `1`               |
+| `imaginary.image.registry`            | Imaginary image name                                                                   | `docker.io`       |
+| `imaginary.image.repository`          | Imaginary image name                                                                   | `h2non/imaginary` |
+| `imaginary.image.tag`                 | Imaginary image tag                                                                    | `1.2.4`           |
+| `imaginary.image.pullPolicy`          | Imaginary image pull policy                                                            | `IfNotPresent`    |
+| `imaginary.image.pullSecrets`         | Imaginary image pull secrets                                                           | `nil`             |
+| `imaginary.podAnnotations`            | Additional annotations for imaginary                                                   | `{}`              |
+| `imaginary.podLabels`                 | Additional labels for imaginary                                                        | `{}`              |
+| `imaginary.nodeSelector`              | Imaginary pod nodeSelector                                                             | `{}`              |
+| `imaginary.tolerations`               | Imaginary pod tolerations                                                              | `[]`              |
+| `imaginary.topologySpreadConstraints` | Imaginary pod topologySpreadConstraints                                                | `[]`              |
+| `imaginary.resources`                 | imaginary resources                                                                    | `{}`              |
+| `imaginary.priorityClassName`         | Imaginary pod Priority Class. Defaults to .priorityClassName                           | `nil`             |
+| `imaginary.securityContext`           | Optional security context for the Imaginary container                                  | `nil`             |
+| `imaginary.podSecurityContext`        | Optional security context for the Imaginary pod (applies to all containers in the pod) | `nil`             |
+| `imaginary.service.type`              | Imaginary: Kubernetes Service type                                                     | `ClusterIP`       |
+| `imaginary.service.loadBalancerIP`    | Imaginary: LoadBalancerIp for service type LoadBalancer                                | `nil`             |
+| `imaginary.service.nodePort`          | Imaginary: NodePort for service type NodePort                                          | `nil`             |
+| `imaginary.service.annotations`       | Additional annotations for service imaginary                                           | `{}`              |
+| `imaginary.service.labels`            | Additional labels for service imaginary                                                | `{}`              |
 
 
 > [!Note]
@@ -777,8 +793,8 @@ kubectl exec $NEXTCLOUD_POD -- su -s /bin/sh www-data -c "php occ myocccomand"
 
 Here are some examples below.
 
-### Putting Nextcloud into maintanence mode
-Some admin actions require you to put your Nextcloud instance into [maintanence mode](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/backup.html#maintenance-mode) (e.g. backups):
+### Putting Nextcloud into maintenance mode
+Some admin actions require you to put your Nextcloud instance into [maintenance mode](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/backup.html#maintenance-mode) (e.g. backups):
 
 ```bash
 # $NEXTCLOUD_POD should be the name of *your* nextcloud pod :)
@@ -793,6 +809,53 @@ kubectl exec $NEXTCLOUD_POD -- su -s /bin/sh www-data -c "php occ maintenance:mo
 kubectl exec $NEXTCLOUD_POD -- su -s /bin/sh www-data -c "php occ recognize:download-models"
 ```
 
+## Injecting Additional Manifests (`extraManifests`)
+
+You can inject additional Kubernetes manifests (such as Traefik IngressRoutes, Middlewares, or any custom resources) directly via `values.yaml` using the `extraManifests` value.
+
+`extraManifests` is either:
+- a map of manifest names to their YAML definitions
+- a list of YAML definitions, where each itemin the list can be either:
+  - a string containing valid YAML (multi-line block, e.g. with `|`), or
+  - a YAML object (inline YAML structure).
+
+These manifests will be rendered as part of the Helm release.
+
+**Example usage in `values.yaml`:**
+
+```yaml
+extraManifests:
+  - |
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: Middleware
+    metadata:
+      name: my-middleware
+    spec:
+      ...
+  - apiVersion: traefik.containo.us/v1alpha1
+    kind: IngressRoute
+    metadata:
+      name: my-ingressroute
+    spec:
+      ...
+# Or as a map:
+extraManifests:
+  my-middleware:
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: Middleware
+    metadata:
+      name: my-middleware
+    spec:
+      ...
+  my-ingressroute:
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: IngressRoute
+    metadata:
+      name: my-ingressroute
+    spec:
+      ...
+```
+
 # Backups
 Check out the [official Nextcloud backup docs](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/backup.html). For your files, if you're using persistent volumes, and you'd like to back up to s3 backed storage (such as minio), consider using [k8up](https://github.com/k8up-io/k8up) or [velero](https://github.com/vmware-tanzu/velero).
 
diff --git a/charts/nextcloud/files/defaultConfigs/autoconfig.php.tpl b/charts/nextcloud/files/defaultConfigs/autoconfig.php.tpl
index f7458019..92ad2a1c 100644
--- a/charts/nextcloud/files/defaultConfigs/autoconfig.php.tpl
+++ b/charts/nextcloud/files/defaultConfigs/autoconfig.php.tpl
@@ -1,8 +1,10 @@
 <?php
+
 $autoconfig_enabled = false;
+
 if (getenv('SQLITE_DATABASE')) {
-    $AUTOCONFIG["dbtype"] = "sqlite";
-    $AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
+    $AUTOCONFIG['dbtype'] = 'sqlite';
+    $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE');
     $autoconfig_enabled = true;
 } elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) {
     $AUTOCONFIG['dbtype'] = 'mysql';
@@ -12,11 +14,11 @@ if (getenv('SQLITE_DATABASE')) {
     $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
     $autoconfig_enabled = true;
 } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
-    $AUTOCONFIG["dbtype"] = "mysql";
-    $AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
-    $AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
-    $AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
-    $AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
+    $AUTOCONFIG['dbtype'] = 'mysql';
+    $AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE');
+    $AUTOCONFIG['dbuser'] = getenv('MYSQL_USER');
+    $AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD');
+    $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
     $autoconfig_enabled = true;
 } elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) {
     $AUTOCONFIG['dbtype'] = 'pgsql';
@@ -26,13 +28,14 @@ if (getenv('SQLITE_DATABASE')) {
     $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
     $autoconfig_enabled = true;
 } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
-    $AUTOCONFIG["dbtype"] = "pgsql";
-    $AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
-    $AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
-    $AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
-    $AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
+    $AUTOCONFIG['dbtype'] = 'pgsql';
+    $AUTOCONFIG['dbname'] = getenv('POSTGRES_DB');
+    $AUTOCONFIG['dbuser'] = getenv('POSTGRES_USER');
+    $AUTOCONFIG['dbpass'] = getenv('POSTGRES_PASSWORD');
+    $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
     $autoconfig_enabled = true;
 }
+
 if ($autoconfig_enabled) {
-    $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
+    $AUTOCONFIG['directory'] = getenv('NEXTCLOUD_DATA_DIR') ?: '/var/www/html/data';
 }
diff --git a/charts/nextcloud/files/defaultConfigs/helm-metrics.config.php.tpl b/charts/nextcloud/files/defaultConfigs/helm-metrics.config.php.tpl
new file mode 100644
index 00000000..919ad3dc
--- /dev/null
+++ b/charts/nextcloud/files/defaultConfigs/helm-metrics.config.php.tpl
@@ -0,0 +1,6 @@
+<?php
+
+$openmetricsAllowedClients = getenv('OPENMETRICS_ALLOWED_CLIENTS');
+if ($openmetricsAllowedClients) {
+  $CONFIG['openmetrics_allowed_clients'] = array_filter(array_map('trim', explode(',', $openmetricsAllowedClients)));
+}
diff --git a/charts/nextcloud/files/defaultConfigs/redis.config.php.tpl b/charts/nextcloud/files/defaultConfigs/redis.config.php.tpl
index a5b13da6..2069812f 100644
--- a/charts/nextcloud/files/defaultConfigs/redis.config.php.tpl
+++ b/charts/nextcloud/files/defaultConfigs/redis.config.php.tpl
@@ -14,4 +14,8 @@ if (getenv('REDIS_HOST')) {
   } elseif (getenv('REDIS_HOST')[0] != '/') {
     $CONFIG['redis']['port'] = 6379;
   }
+
+  if (getenv('REDIS_HOST_USER') !== false) {
+    $CONFIG['redis']['user'] = (string) getenv('REDIS_HOST_USER');
+  }
 }
diff --git a/charts/nextcloud/files/nginx.config.tpl b/charts/nextcloud/files/nginx.config.tpl
index 768c4c2f..89009ca4 100644
--- a/charts/nextcloud/files/nginx.config.tpl
+++ b/charts/nextcloud/files/nginx.config.tpl
@@ -4,6 +4,16 @@ upstream php-handler {
     server 127.0.0.1:9000;
 }
 
+map $http_x_forwarded_proto $real_scheme {
+	default $scheme;
+	https https;
+}
+
+map $http_x_forwarded_port $real_port {
+	default $server_port;
+	443     443;
+}
+
 # Set the `immutable` cache control options only for assets with a cache busting `v` argument
 map $arg_v $asset_immutable {
     "" "";
@@ -87,7 +97,7 @@ server {
     # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
     location = / {
         if ( $http_user_agent ~ ^DavClnt ) {
-            return 302 /remote.php/webdav/$is_args$args;
+            return 302 $real_scheme://$host:$real_port/remote.php/webdav/$is_args$args;
         }
     }
 
@@ -104,12 +114,12 @@ server {
     location ^~ /.well-known {
         # The following 6 rules are borrowed from `.htaccess`
 
-        location = /.well-known/carddav     { return 301 /remote.php/dav/; }
-        location = /.well-known/caldav      { return 301 /remote.php/dav/; }
+        location = /.well-known/carddav     { return 301 $real_scheme://$host:$real_port/remote.php/dav/; }
+        location = /.well-known/caldav      { return 301 $real_scheme://$host:$real_port/remote.php/dav/; }
 
         # Let Nextcloud's API for `/.well-known` URIs handle all other
         # requests by passing them to the front-end controller.
-        return 301 /index.php$request_uri;
+        return 301 $real_scheme://$host:$real_port/index.php$request_uri;
     }
 
     # Rules borrowed from `.htaccess` to hide certain paths from clients
@@ -158,7 +168,7 @@ server {
 
     # Rule borrowed from `.htaccess`
     location /remote {
-        return 301 /remote.php$request_uri;
+        return 301 $real_scheme://$host:$real_port/remote.php$request_uri;
     }
 
     location / {
diff --git a/charts/nextcloud/templates/_helpers.tpl b/charts/nextcloud/templates/_helpers.tpl
index 8da0ecf6..f165974b 100644
--- a/charts/nextcloud/templates/_helpers.tpl
+++ b/charts/nextcloud/templates/_helpers.tpl
@@ -43,9 +43,9 @@ Create image name that is used in the deployment
 */}}
 {{- define "nextcloud.image" -}}
 {{- if .Values.image.tag -}}
-{{- printf "%s:%s" .Values.image.repository .Values.image.tag -}}
+{{- printf "%s/%s:%s" (coalesce .Values.global.image.registry .Values.image.registry) .Values.image.repository .Values.image.tag -}}
 {{- else -}}
-{{- printf "%s:%s-%s" .Values.image.repository .Chart.AppVersion .Values.image.flavor -}}
+{{- printf "%s/%s:%s-%s" (coalesce .Values.global.image.registry .Values.image.registry) .Values.image.repository .Chart.AppVersion .Values.image.flavor -}}
 {{- end -}}
 {{- end -}}
 
@@ -183,6 +183,10 @@ Create environment variables used to configure the nextcloud container as well a
   {{- else }}
   value: {{ .Values.nextcloud.host }}{{ if .Values.metrics.enabled }} {{ template "nextcloud.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local{{ end }}
   {{- end }}
+{{- with .Values.nextcloud.openmetrics.allowedClients }}
+- name: OPENMETRICS_ALLOWED_CLIENTS
+  value: {{ join "," . | quote }}
+{{- end }}
 {{- if ne (int .Values.nextcloud.update) 0 }}
 - name: NEXTCLOUD_UPDATE
   value: {{ .Values.nextcloud.update | quote }}
diff --git a/charts/nextcloud/templates/cronjob.yaml b/charts/nextcloud/templates/cronjob.yaml
index fabee569..3beeff4e 100644
--- a/charts/nextcloud/templates/cronjob.yaml
+++ b/charts/nextcloud/templates/cronjob.yaml
@@ -6,7 +6,7 @@ kind: CronJob
 metadata:
   name: {{ template "nextcloud.fullname" $ }}-cron
   labels:
-    {{- include "nextcloud.labels"  ( dict "component" "cron" "rootContext" $ ) | nindent 4 }}
+    {{- include "nextcloud.labels"  ( dict "component" "cronjob" "rootContext" $ ) | nindent 4 }}
     {{- with .labels }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
@@ -22,19 +22,29 @@ spec:
   jobTemplate:
     metadata:
       labels:
-        {{- include "nextcloud.selectorLabels"  ( dict "component" "cron" "rootContext" $ ) | nindent 8 }}
+        {{- include "nextcloud.selectorLabels"  ( dict "component" "cronjob" "rootContext" $ ) | nindent 8 }}
         {{- with $.Values.podLabels }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
     spec:
       backoffLimit: {{ .backoffLimit }}
+      {{- with .activeDeadlineSeconds }}
+      activeDeadlineSeconds: {{ . }}
+      {{- end }}
       template:
         metadata:
           labels:
+            {{- include "nextcloud.selectorLabels"  ( dict "component" "cronjob" "rootContext" $ ) | nindent 12 }}
             {{- with (mergeOverwrite (dict) $.Values.podLabels .podLabels) }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
         spec:
+          {{- with $.Values.image.pullSecrets }}
+          imagePullSecrets:
+            {{- range . }}
+            - name: {{ . }}
+            {{- end}}
+          {{- end }}
           restartPolicy: Never
           containers:
             - name: {{ $.Chart.Name }}-cron
@@ -56,6 +66,9 @@ spec:
           nodeSelector:
             {{- toYaml . | nindent 12 }}
           {{- end }}
+          {{- with $.Values.cronjob.cronjob.priorityClassName | default $.Values.priorityClassName }}
+          priorityClassName: {{ . }}
+          {{- end }}
           {{- with .affinity }}
           affinity:
             {{- toYaml . | nindent 12 }}
@@ -64,6 +77,10 @@ spec:
           tolerations:
             {{- toYaml . | nindent 12 }}
           {{- end }}
+          {{- with $.Values.topologySpreadConstraints }}
+          topologySpreadConstraints:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
 {{- end }}{{/* end with cronjob */}}
           volumes:
             - name: nextcloud-main
diff --git a/charts/nextcloud/templates/deployment.yaml b/charts/nextcloud/templates/deployment.yaml
index 87cac6ad..aaebfe6c 100644
--- a/charts/nextcloud/templates/deployment.yaml
+++ b/charts/nextcloud/templates/deployment.yaml
@@ -281,6 +281,9 @@ spec:
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with $.Values.nextcloud.priorityClassName | default $.Values.priorityClassName }}
+      priorityClassName: {{ . }}
+      {{- end }}
       {{- if or .Values.nextcloud.extraInitContainers .Values.mariadb.enabled .Values.postgresql.enabled }}
       initContainers:
         {{- with .Values.nextcloud.extraInitContainers }}
@@ -288,7 +291,7 @@ spec:
         {{- end }}
         {{- if .Values.mariadb.enabled }}
         - name: mariadb-isalive
-          image: {{ .Values.mariadb.image.registry | default "docker.io" }}/{{ .Values.mariadb.image.repository }}:{{ .Values.mariadb.image.tag }}
+          image: {{ coalesce .Values.global.image.registry .Values.mariadb.image.registry "docker.io" }}/{{ .Values.mariadb.image.repository }}:{{ .Values.mariadb.image.tag }}
           {{- with .Values.nextcloud.mariaDbInitContainer }}
           resources:
             {{- toYaml .resources | nindent 12 }}
@@ -312,7 +315,7 @@ spec:
             - {{ printf "until mysql --host=%s-mariadb --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} --execute=\"SELECT 1;\"; do echo waiting for mysql; sleep 2; done;" .Release.Name }}
         {{- else if .Values.postgresql.enabled }}
         - name: postgresql-isready
-          image: {{ .Values.postgresql.image.registry | default "docker.io"  }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}
+          image: {{ coalesce .Values.global.image.registry .Values.postgresql.image.registry "docker.io"  }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}
           {{- with .Values.nextcloud.postgreSqlInitContainer }}
           resources:
             {{- toYaml .resources | nindent 12 }}
@@ -341,18 +344,34 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       volumes:
         - name: nextcloud-main
           {{- if .Values.persistence.enabled }}
+          {{- with .Values.persistence.hostPath }}
+          hostPath:
+            path: {{ . }}
+            type: Directory
+          {{- else }}
           persistentVolumeClaim:
-            claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "nextcloud.fullname" . }}-nextcloud{{- end }}
+            claimName: {{ with .Values.persistence.existingClaim }}{{ . }}{{- else }}{{ template "nextcloud.fullname" . }}-nextcloud{{- end }}
+          {{- end }}
           {{- else }}
           emptyDir: {}
           {{- end }}
         {{- if and .Values.persistence.nextcloudData.enabled .Values.persistence.enabled }}
         - name: nextcloud-data
+          {{- with .Values.persistence.nextcloudData.hostPath }}
+          hostPath:
+            path: {{ . }}
+            type: Directory
+          {{- else }}
           persistentVolumeClaim:
-            claimName: {{ if .Values.persistence.nextcloudData.existingClaim }}{{ .Values.persistence.nextcloudData.existingClaim }}{{- else }}{{ template "nextcloud.fullname" . }}-nextcloud-data{{- end }}
+            claimName: {{ with .Values.persistence.nextcloudData.existingClaim }}{{ . }}{{- else }}{{ template "nextcloud.fullname" . }}-nextcloud-data{{- end }}
+          {{- end }}
         {{- end }}
         {{- if .Values.nextcloud.configs }}
         - name: nextcloud-config
diff --git a/charts/nextcloud/templates/extra-manifests.yaml b/charts/nextcloud/templates/extra-manifests.yaml
new file mode 100644
index 00000000..faaad170
--- /dev/null
+++ b/charts/nextcloud/templates/extra-manifests.yaml
@@ -0,0 +1,14 @@
+{{- /*
+  Renders extra manifests provided by the user in values.yaml under extraManifests.
+  extraManifests can be a map (keyed by manifest name) or a list of manifests.
+  If a map, each key is the name of the manifest.
+  If an array, each item is a manifest, which can be a string (YAML block) or a YAML object.
+*/ -}}
+{{- range $manifest := .Values.extraManifests }}
+---
+{{- if kindIs "string" $manifest }}
+{{ tpl $manifest $ }}
+{{- else }}
+{{ tpl (toYaml $manifest) $ }}
+{{- end }}
+{{- end }}
diff --git a/charts/nextcloud/templates/imaginary/deployment.yaml b/charts/nextcloud/templates/imaginary/deployment.yaml
index 6e8fc510..8cfbe90b 100644
--- a/charts/nextcloud/templates/imaginary/deployment.yaml
+++ b/charts/nextcloud/templates/imaginary/deployment.yaml
@@ -85,4 +85,11 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.imaginary.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.imaginary.priorityClassName | default .Values.priorityClassName }}
+      priorityClassName: {{ . }}
+      {{- end }}
 {{- end }}
diff --git a/charts/nextcloud/templates/metrics/deployment.yaml b/charts/nextcloud/templates/metrics/deployment.yaml
index d2cde3c0..9510e32b 100644
--- a/charts/nextcloud/templates/metrics/deployment.yaml
+++ b/charts/nextcloud/templates/metrics/deployment.yaml
@@ -29,7 +29,7 @@ spec:
       {{- end }}
       containers:
         - name: metrics-exporter
-          image: "{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }}"
+          image: "{{ coalesce .Values.global.image.registry .Values.metrics.image.registry  }}/{{ .Values.metrics.image.repository }}:{{ .Values.metrics.image.tag }}"
           imagePullPolicy: {{ .Values.metrics.image.pullPolicy }}
           env:
             {{- if or .Values.metrics.token .Values.nextcloud.existingSecret.tokenKey }}
diff --git a/charts/nextcloud/templates/metrics/service.yaml b/charts/nextcloud/templates/metrics/service.yaml
index 759d081a..5db2ce01 100644
--- a/charts/nextcloud/templates/metrics/service.yaml
+++ b/charts/nextcloud/templates/metrics/service.yaml
@@ -1,29 +1,32 @@
 {{- if .Values.metrics.enabled }}
+{{- with .Values.metrics.service }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "nextcloud.fullname" . }}-metrics
+  name: {{ template "nextcloud.fullname" $ }}-metrics
   labels:
     {{- include "nextcloud.labels"  ( dict "component" "metrics"  "rootContext" $ ) | nindent 4 }}
-    {{- with .Values.metrics.service.labels }}
+    app.kubernetes.io/monitor: enabled
+    {{- with .labels }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
-  {{- with .Values.metrics.service.annotations }}
+  {{- with .annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-  type: {{ .Values.metrics.service.type }}
-  {{- if eq .Values.metrics.service.type "LoadBalancer" }}
-  {{- with .Values.metrics.service.loadBalancerIP }}
+  type: {{ .type }}
+  {{- if eq .type "LoadBalancer" }}
+  {{- with .loadBalancerIP }}
   loadBalancerIP: {{ . }}
   {{- end }}
   {{- end }}
-  ports:
-    - name: metrics
-      port: 9205
-      targetPort: metrics
   selector:
     {{- include "nextcloud.selectorLabels"  ( dict "component" "metrics"  "rootContext" $ ) | nindent 4 }}
+  ports:
+    - name: http
+      port: 9100
+      targetPort: metrics
+{{- end }}
 {{- end }}
diff --git a/charts/nextcloud/templates/metrics/servicemonitor.yaml b/charts/nextcloud/templates/metrics/servicemonitor.yaml
deleted file mode 100644
index 53bcc44c..00000000
--- a/charts/nextcloud/templates/metrics/servicemonitor.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
----
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: {{ template "nextcloud.fullname" . }}
-  namespace: {{ .Values.metrics.serviceMonitor.namespace | default .Release.Namespace | quote }}
-  labels:
-    {{- include "nextcloud.labels"  ( dict "component" "metrics"  "rootContext" $ ) | nindent 4 }}
-    {{- with .Values.metrics.serviceMonitor.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }}
-  selector:
-    matchLabels:
-      {{- include "nextcloud.selectorLabels"  ( dict "component" "metrics"  "rootContext" $ ) | nindent 6 }}
-  namespaceSelector:
-    {{- with .Values.metrics.serviceMonitor.namespaceSelector }}
-    {{- toYaml . | nindent 4 }}
-    {{- else }}
-    matchNames:
-      - {{ .Release.Namespace | quote }}
-    {{- end }}
-  endpoints:
-    - port: metrics
-      path: "/"
-      {{- with .Values.metrics.serviceMonitor.interval }}
-      interval: {{ . }}
-      {{- end }}
-      {{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
-      scrapeTimeout: {{ . }}
-      {{- end }}
-{{- end }}
diff --git a/charts/nextcloud/templates/nextcloud-data-pvc.yaml b/charts/nextcloud/templates/nextcloud-data-pvc.yaml
index 46f7f33d..e333b3ae 100644
--- a/charts/nextcloud/templates/nextcloud-data-pvc.yaml
+++ b/charts/nextcloud/templates/nextcloud-data-pvc.yaml
@@ -1,4 +1,9 @@
-{{- if and .Values.persistence.enabled .Values.persistence.nextcloudData.enabled (not .Values.persistence.nextcloudData.existingClaim) }}
+{{- if and
+  .Values.persistence.enabled
+  .Values.persistence.nextcloudData.enabled
+  (not .Values.persistence.nextcloudData.hostPath)
+  (not .Values.persistence.nextcloudData.existingClaim)
+}}
 ---
 kind: PersistentVolumeClaim
 apiVersion: v1
@@ -6,6 +11,9 @@ metadata:
   name: {{ template "nextcloud.fullname" . }}-nextcloud-data
   labels:
     {{- include "nextcloud.labels"  ( dict "component" "app"  "rootContext" $ ) | nindent 4 }}
+  {{- with .Values.persistence.nextcloudData.labels }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   annotations:
     helm.sh/resource-policy: keep
   {{- with .Values.persistence.nextcloudData.annotations }}
@@ -18,10 +26,6 @@ spec:
     requests:
       storage: {{ .Values.persistence.nextcloudData.size | quote }}
   {{- with .Values.persistence.nextcloudData.storageClass }}
-  {{- if (eq "-" .) }}
-  storageClassName: ""
-  {{- else }}
-  storageClassName: "{{ . }}"
-  {{- end }}
+  storageClassName: {{ ternary "" . (eq "-" .) }}
   {{- end }}
 {{- end }}
diff --git a/charts/nextcloud/templates/nextcloud-pvc.yaml b/charts/nextcloud/templates/nextcloud-pvc.yaml
index 18b936e5..c1b604a3 100644
--- a/charts/nextcloud/templates/nextcloud-pvc.yaml
+++ b/charts/nextcloud/templates/nextcloud-pvc.yaml
@@ -1,10 +1,17 @@
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+{{- if and
+  .Values.persistence.enabled
+  (not .Values.persistence.hostPath)
+  (not .Values.persistence.existingClaim)
+}}
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
   name: {{ template "nextcloud.fullname" . }}-nextcloud
   labels:
     {{- include "nextcloud.labels"  ( dict "component" "app"  "rootContext" $ ) | nindent 4 }}
+  {{- with .Values.persistence.labels }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   annotations:
     helm.sh/resource-policy: keep
   {{- with .Values.persistence.annotations }}
diff --git a/charts/nextcloud/templates/metrics/prometheus-rules.yaml b/charts/nextcloud/templates/prometheus-rules.yaml
similarity index 89%
rename from charts/nextcloud/templates/metrics/prometheus-rules.yaml
rename to charts/nextcloud/templates/prometheus-rules.yaml
index deb56439..5df650f7 100644
--- a/charts/nextcloud/templates/metrics/prometheus-rules.yaml
+++ b/charts/nextcloud/templates/prometheus-rules.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.metrics.rules.enabled }}
+{{- if .Values.prometheus.rules.enabled }}
 {{- $fullname := include "nextcloud.fullname" . }}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
@@ -6,12 +6,12 @@ metadata:
   name: {{ $fullname }}
   labels:
     {{- include "nextcloud.labels"  ( dict "rootContext" $ ) | nindent 4 }}
-    {{- with .Values.metrics.rules.labels }}
+    {{- with .Values.prometheus.rules.labels }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
 spec:
   groups:
-    {{- with .Values.metrics.rules.defaults }}
+    {{- with .Values.prometheus.rules.defaults }}
     {{- if .enabled }}
     {{- $filter := .filter | default (printf `namespace="%s",job=~"^%s.*"` $.Release.Namespace $fullname) }}
     - name: {{ $fullname }}-Defaults
@@ -42,7 +42,7 @@ spec:
         - alert: "nextcloud: outdated apps"
           expr: 'sum(nextcloud_apps_updates_available_total{ {{ $filter }} }) without(endpoint,container,pod,instance) > 0'
           labels:
-            severity: "warning"
+            severity: "info"
             {{- with .labels }}
             {{- toYaml . | nindent 12 }}
             {{- end }}
@@ -52,7 +52,7 @@ spec:
             `}}
     {{- end }}
     {{- end }}{{/* end-with prometheus.rules.default */}}
-    {{- with .Values.metrics.rules.additionalRules }}
+    {{- with .Values.prometheus.rules.additionalRules }}
     - name: {{ $fullname }}-Additional
       rules:
         {{- toYaml . | nindent 8 }}
diff --git a/charts/nextcloud/templates/route.yaml b/charts/nextcloud/templates/route.yaml
new file mode 100644
index 00000000..51125875
--- /dev/null
+++ b/charts/nextcloud/templates/route.yaml
@@ -0,0 +1,42 @@
+{{- if .Values.httpRoute.enabled }}
+{{- $fullName := include "nextcloud.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+apiVersion: {{ .Values.httpRoute.apiVersion }}
+kind: {{ .Values.httpRoute.kind }}
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "nextcloud.labels"  ( dict "component" "app"  "rootContext" $ ) | nindent 4 }}
+    {{- with .Values.httpRoute.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.httpRoute.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.httpRoute.parentRefs }}
+  parentRefs:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.httpRoute.hostnames }}
+  hostnames:
+    {{- tpl (toYaml .) $ | nindent 4 }}
+  {{- end }}
+  rules:
+    {{- range .Values.httpRoute.rules }}
+    - backendRefs:
+        - name: {{ $fullName }}
+          port: {{ $svcPort }}
+          weight: 1
+      {{- with .matches }}
+      matches:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .filters }}
+      filters:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/charts/nextcloud/templates/service.yaml b/charts/nextcloud/templates/service.yaml
index 78ac3b99..003ac35b 100644
--- a/charts/nextcloud/templates/service.yaml
+++ b/charts/nextcloud/templates/service.yaml
@@ -9,6 +9,7 @@ metadata:
   {{- end }}
   labels:
     {{- include "nextcloud.labels"  ( dict "component" "app"  "rootContext" $ ) | nindent 4 }}
+    app.kubernetes.io/monitor: enabled
 spec:
   type: {{ .Values.service.type }}
   {{- if (eq .Values.service.type "LoadBalancer") }}
@@ -31,14 +32,12 @@ spec:
     {{- toYaml . | nindent 4 }}
   {{- end }}
   ports:
-    - port: {{ .Values.service.port }}
+    - name: http
+      port: {{ .Values.service.port }}
       targetPort: {{ .Values.nextcloud.containerPort }}
       protocol: TCP
-      name: http
       {{- with .Values.service.nodePort }}
       nodePort: {{ . }}
       {{- end }}
   selector:
-    app.kubernetes.io/name: {{ include "nextcloud.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: app
+    {{- include "nextcloud.selectorLabels"  ( dict "component" "app"  "rootContext" $ ) | nindent 4 }}
diff --git a/charts/nextcloud/templates/servicemonitor.yaml b/charts/nextcloud/templates/servicemonitor.yaml
new file mode 100644
index 00000000..3802bf1a
--- /dev/null
+++ b/charts/nextcloud/templates/servicemonitor.yaml
@@ -0,0 +1,37 @@
+{{- with .Values.prometheus.serviceMonitor }}
+{{- if .enabled }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "nextcloud.fullname" $ }}
+  namespace: {{ .namespace | default $.Release.Namespace | quote }}
+  labels:
+    {{- include "nextcloud.labels"  ( dict "rootContext" $ ) | nindent 4 }}
+    {{- with .labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  jobLabel: {{ .jobLabel | quote }}
+  selector:
+    matchLabels:
+      {{- include "nextcloud.selectorLabels"  ( dict "rootContext" $ ) | nindent 6 }}
+      app.kubernetes.io/monitor: enabled
+  namespaceSelector:
+    {{- with .namespaceSelector }}
+    {{- toYaml . | nindent 4 }}
+    {{- else }}
+    matchNames:
+      - {{ $.Release.Namespace | quote }}
+    {{- end }}
+  endpoints:
+    - port: http
+      path: "/metrics"
+      {{- with .interval }}
+      interval: {{ . }}
+      {{- end }}
+      {{- with .scrapeTimeout }}
+      scrapeTimeout: {{ . }}
+      {{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/nextcloud/test-values/extra-manifests-map.yaml b/charts/nextcloud/test-values/extra-manifests-map.yaml
new file mode 100644
index 00000000..b8051a43
--- /dev/null
+++ b/charts/nextcloud/test-values/extra-manifests-map.yaml
@@ -0,0 +1,25 @@
+fullnameOverride: nextcloud
+
+nextcloud:
+  host: nextcloud
+  trustedDomains:
+    - 'nextcloud.nextcloud.svc.cluster.local'
+    - 'nextcloud'
+
+extraManifests:
+  my-config-map: |
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: custom-config
+      labels:
+        {{- include "nextcloud.labels"  ( dict "component" "app"  "rootContext" $ ) | nindent 4 }}
+    data:
+      customKey: customValue
+  my-secret:
+    apiVersion: v1
+    kind: Secret
+    metadata:
+      name: '{{ template "nextcloud.fullname" . }}-custom-secret'
+    data:
+      secretKey: c2VjcmV0VmFsdWU=
diff --git a/charts/nextcloud/test-values/extra-manifests.yaml b/charts/nextcloud/test-values/extra-manifests.yaml
new file mode 100644
index 00000000..935d13ae
--- /dev/null
+++ b/charts/nextcloud/test-values/extra-manifests.yaml
@@ -0,0 +1,24 @@
+fullnameOverride: nextcloud
+
+nextcloud:
+  host: nextcloud
+  trustedDomains:
+    - 'nextcloud.nextcloud.svc.cluster.local'
+    - 'nextcloud'
+
+extraManifests:
+  - |
+    apiVersion: v1
+    kind: ConfigMap
+    metadata:
+      name: custom-config
+      labels:
+        {{- include "nextcloud.labels"  ( dict "component" "app"  "rootContext" $ ) | nindent 4 }}
+    data:
+      customKey: customValue
+  - apiVersion: v1
+    kind: Secret
+    metadata:
+      name: '{{ template "nextcloud.fullname" . }}-custom-secret'
+    data:
+      secretKey: c2VjcmV0VmFsdWU=
diff --git a/charts/nextcloud/values-metrics.yaml b/charts/nextcloud/values-metrics.yaml
new file mode 100644
index 00000000..00613865
--- /dev/null
+++ b/charts/nextcloud/values-metrics.yaml
@@ -0,0 +1,9 @@
+metrics:
+  enabled: true
+  rules:
+    enabled: true
+    labels:
+      prometheus: default
+    defaults:
+      labels:
+        test: demo
diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml
index 991efb9f..ea331e8a 100644
--- a/charts/nextcloud/values.yaml
+++ b/charts/nextcloud/values.yaml
@@ -1,7 +1,17 @@
+global:
+  image:
+   # -- if set it will overwrite all registry entries
+    registry:
+
+  security:
+    # required for bitnamilegacy repos
+    allowInsecureImages: true
+
 ## ref: https://hub.docker.com/r/library/nextcloud/tags/
 ##
 image:
-  repository: nextcloud
+  registry: docker.io
+  repository: library/nextcloud
   flavor: apache
   # default is generated by flavor and appVersion
   tag:
@@ -12,12 +22,51 @@ image:
 nameOverride: ""
 fullnameOverride: ""
 podAnnotations: {}
+podLabels: {}
 deploymentAnnotations: {}
 deploymentLabels: {}
 
 # Number of replicas to be deployed
 replicaCount: 1
 
+httpRoute:
+  # -- Enable an HTTPRoute resource for nextcloud .
+  enabled: false
+  # -- Set the route apiVersion
+  apiVersion: gateway.networking.k8s.io/v1
+  # -- Set the route kind
+  kind: HTTPRoute
+
+  # -- Route annotations
+  annotations: {}
+  # -- Route labels
+  labels: {}
+  # -- Route hostnames
+  hostnames: []
+  # -- Reference to parent gateways
+  parentRefs: []
+  # -- List of rules and filters applied.
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: "/"
+  #   filters:
+  #   - type: RequestHeaderModifier
+  #     requestHeaderModifier:
+  #       set:
+  #       - name: My-Overwrite-Header
+  #         value: this-is-the-only-value
+  #       remove:
+  #       - User-Agent
+  # - matches:
+  #   - path:
+  #       type: PathPrefix
+  #       value: /echo
+  #     headers:
+  #     - name: version
+  #       value: v2
+
 ## Allowing use of ingress controllers
 ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
 ##
@@ -176,6 +225,11 @@ nextcloud:
       container: ""
       # autocreate container
       autoCreate: false
+  openmetrics:
+    allowedClients:
+      - "127.0.0.1"
+      - "10.42.0.0/16"
+      - "10.43.0.0/16"
 
   ## PHP Configuration files
   # Will be injected in /usr/local/etc/php/conf.d for apache image and in /usr/local/etc/php-fpm.d when nginx.enabled: true
@@ -207,6 +261,8 @@ nextcloud:
     swift.config.php: true
     # disables the web based updater as the default nextcloud docker image does not support it
     upgrade-disable-web.config.php: true
+    # -- adjust openmetrics
+    helm-metrics.config.php: true
     # -- imaginary support config
     imaginary.config.php: false
 
@@ -316,12 +372,17 @@ nextcloud:
     # Set postgresql initContainer securityContext parameters. For example, you may need to define runAsNonRoot directive
     securityContext: {}
 
+  # -- priority class for nextcloud.
+  # Overrides .Values.priorityClassName
+  priorityClassName: ""
+
 nginx:
   ## You need to set an fpm version of the image for nextcloud if you want to use nginx!
   enabled: false
 
   image:
-    repository: nginx
+    registry: docker.io
+    repository: library/nginx
     tag: alpine
     pullPolicy: IfNotPresent
 
@@ -411,11 +472,6 @@ externalDatabase:
     # hostKey: db-hostname-or-ip
     # databaseKey: db-name
 
-global:
-  security:
-    # required for bitnamilegacy repos
-    allowInsecureImages: true
-
 ##
 ## MariaDB chart configuration
 ## ref: https://github.com/bitnami/charts/tree/main/bitnami/mariadb
@@ -427,6 +483,7 @@ mariadb:
   enabled: false
 
   image:
+    registry: docker.io
     repository: bitnamilegacy/mariadb
 
   # see: https://github.com/bitnami/charts/tree/main/bitnami/mariadb#global-parameters
@@ -445,7 +502,7 @@ mariadb:
   architecture: standalone
 
   ## Enable persistence using Persistent Volume Claims
-  ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+  ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
   ##
   primary:
     persistence:
@@ -463,6 +520,7 @@ mariadb:
 postgresql:
   enabled: false
   image:
+    registry: docker.io
     repository: bitnamilegacy/postgresql
   global:
     postgresql:
@@ -517,6 +575,7 @@ externalRedis:
 redis:
   enabled: false
   image:
+    registry: docker.io
     repository: bitnamilegacy/redis
   auth:
     enabled: true
@@ -606,7 +665,7 @@ cronjob:
   # Note: crond requires root
   sidecar:
     ## Cronjob sidecar resource requests and limits
-    ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+    ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
     ##
     resources: {}
 
@@ -636,6 +695,7 @@ cronjob:
     schedule: "*/5 * * * *"
     successfulJobsHistoryLimit: 3
     failedJobsHistoryLimit: 5
+    activeDeadlineSeconds:
     # -- Additional labels for cronjob
     labels: {}
     # -- Additional labels for cronjob pod
@@ -662,9 +722,14 @@ cronjob:
     #         topologyKey: kubernetes.io/hostname
 
     ## Resource requests and limits
-    ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+    ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
     ##
     resources: {}
+
+    # -- priority class for the cron job.
+    # Overrides .Values.priorityClassName
+    priorityClassName: ""
+
     # Allow configuration of lifecycle hooks
     # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
     # Set securityContext parameters. For example, you may need to define runAsNonRoot directive
@@ -696,12 +761,13 @@ service:
   sessionAffinityConfig: {}
 
 ## Enable persistence using Persistent Volume Claims
-## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
 ##
 persistence:
   # Nextcloud Data (/var/www/html)
   enabled: false
   annotations: {}
+  labels: {}
   ## nextcloud data Persistent Volume Storage Class
   ## If defined, storageClassName: <storageClass>
   ## If set to "-", storageClassName: "", which disables dynamic provisioning
@@ -719,11 +785,17 @@ persistence:
   accessMode: ReadWriteOnce
   size: 8Gi
 
+  # -- If defined, use a hostPath volume for nextcloud data rather than a dynamically defined PVC.
+  hostPath:
+
   ## Use an additional pvc for the data directory rather than a subpath of the default PVC
   ## Useful to store data on a different storageClass (e.g. on slower disks)
   nextcloudData:
     enabled: false
+    # -- If defined, use a hostPath volume for nextcloud data rather than a dynamically defined PVC.
+    hostPath:
     subPath:
+    labels: {}
     annotations: {}
     # storageClass: "-"
     # existingClaim:
@@ -743,6 +815,12 @@ resources: {}
 #    cpu: 100m
 #    memory: 128Mi
 
+# -- Priority class for pods. This is the _default_
+# priority class for pods created by this deployment - it may be
+# overridden by more specific instances of priorityClassName -
+# e.g. cronjob.cronjob.priorityClassName
+priorityClassName: ""
+
 ## Liveness and readiness probe values
 ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
 ##
@@ -781,6 +859,9 @@ nodeSelector: {}
 
 tolerations: []
 
+# -- Nextcloud pod topologySpreadConstraints
+topologySpreadConstraints: []
+
 affinity: {}
 
 dnsConfig: {}
@@ -816,10 +897,16 @@ imaginary:
   nodeSelector: {}
   # -- Imaginary pod tolerations
   tolerations: []
+  # -- Imaginary pod topologySpreadConstraints
+  topologySpreadConstraints: []
 
   # -- imaginary resources
   resources: {}
 
+  # -- priority class for imaginary.
+  # Overrides .Values.priorityClassName
+  priorityClassName: ""
+
   # -- Optional security context for the Imaginary container
   securityContext:
     runAsUser: 1000
@@ -885,6 +972,7 @@ metrics:
     update: false
 
   image:
+    registry: docker.io
     repository: xperimental/nextcloud-exporter
     tag: 0.8.0
     pullPolicy: IfNotPresent
@@ -892,7 +980,7 @@ metrics:
     #   - myRegistrKeySecretName
 
   ## Metrics exporter resource requests and limits
-  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
   ##
   resources: {}
 
@@ -936,8 +1024,9 @@ metrics:
   # seccompProfile:
   #   type: RuntimeDefault
 
+prometheus:
   ## Prometheus Operator ServiceMonitor configuration
-  ##
+  ## collects data from nextcloud openmetrics and nextcloud-exporter if enabled
   serviceMonitor:
     ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
     ##
@@ -955,12 +1044,12 @@ metrics:
     jobLabel: ""
 
     ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
-    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+    #  ref: https://prometheus-operator.dev/docs/api-reference/api/#monitoring.coreos.com/v1.Endpoint
     ##
     interval: 30s
 
     ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
-    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+    #  ref: https://prometheus-operator.dev/docs/api-reference/api/#monitoring.coreos.com/v1.Endpoint
     ##
     scrapeTimeout: ""
 
@@ -998,3 +1087,41 @@ rbac:
 
 ## @param securityContext for nextcloud pod @deprecated Use `nextcloud.podSecurityContext` instead
 securityContext: {}
+
+# -- Allows users to inject additional Kubernetes manifests (YAML) to be rendered with the release.
+# Could either be a list or a map
+# If a map, each key is the name of the manifest.
+# If an array, each item is a manifest, which can be a string (YAML block) or a YAML object.
+# Each item should be a string containing valid YAML. Example:
+# extraManifests:
+#   - |
+#     apiVersion: traefik.containo.us/v1alpha1
+#     kind: Middleware
+#     metadata:
+#       name: my-middleware
+#     spec:
+#       ...
+#   - |
+#     apiVersion: traefik.containo.us/v1alpha1
+#     kind: IngressRoute
+#     metadata:
+#       name: my-ingressroute
+#     spec:
+#       ...
+# Or as a map:
+# extraManifests:
+#   my-middleware:
+#     apiVersion: traefik.containo.us/v1alpha1
+#     kind: Middleware
+#     metadata:
+#       name: my-middleware
+#     spec:
+#       ...
+#   my-ingressroute:
+#     apiVersion: traefik.containo.us/v1alpha1
+#     kind: IngressRoute
+#     metadata:
+#       name: my-ingressroute
+#     spec:
+#       ...
+extraManifests: []