diff --git a/charts/rancher/Chart.yaml b/charts/rancher/Chart.yaml
index 1235019..95720b2 100644
--- a/charts/rancher/Chart.yaml
+++ b/charts/rancher/Chart.yaml
@@ -1,9 +1,9 @@
 apiVersion: v2
 name: rancher
 description: Install Rancher Server to manage Kubernetes clusters across providers
-version: 2.9.2
-appVersion: v2.9.2
-kubeVersion: < 1.31.0-0
+version: 2.7.16
+appVersion: v2.7.16
+kubeVersion: < 1.28.0-0
 home: https://rancher.com
 icon: https://github.com/rancher/ui/blob/master/public/assets/images/logos/welcome-cow.svg
 keywords:
diff --git a/charts/rancher/templates/deployment.yaml b/charts/rancher/templates/deployment.yaml
index 05e20db..0246eae 100644
--- a/charts/rancher/templates/deployment.yaml
+++ b/charts/rancher/templates/deployment.yaml
@@ -154,40 +154,29 @@ spec:
               name: "bootstrap-secret"
               key: "bootstrapPassword"
 {{- end }}
-{{- if .Values.agentTLSMode }}
-        - name: CATTLE_AGENT_TLS_MODE
-          value: "{{ .Values.agentTLSMode }}"
-{{- end }}
 {{- if .Values.extraEnv }}
 {{ toYaml .Values.extraEnv | indent 8}}
 {{- end }}
-        startupProbe:
+        livenessProbe:
           httpGet:
             path: /healthz
             port: 80
-          timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
-          failureThreshold: {{ .Values.startupProbe.failureThreshold }}
-          periodSeconds: {{ .Values.startupProbe.periodSeconds }}
-        livenessProbe:
+          initialDelaySeconds: {{.Values.livenessProbe.initialDelaySeconds | default 60 }}
+          periodSeconds: {{ .Values.livenessProbe.periodSeconds | default 30 }}
+        readinessProbe:
           httpGet:
             path: /healthz
             port: 80
-          {{- with .Values.livenessProbe.initialDelaySeconds}}
-          initialDelaySeconds: {{ . }}
-          {{- end }}
-          timeoutSeconds: {{.Values.livenessProbe.timeoutSeconds }}
-          periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
-          failureThreshold: {{.Values.livenessProbe.failureThreshold }}
-        readinessProbe:
+          initialDelaySeconds: {{.Values.readinessProbe.initialDelaySeconds | default  5}}
+          periodSeconds: {{ .Values.readinessProbe.periodSeconds | default 30}}
+{{- if .Values.startupProbe }}
+        startupProbe:
           httpGet:
             path: /healthz
             port: 80
-          {{- with .Values.readinessProbe.initialDelaySeconds}}
-          initialDelaySeconds: {{ . }}
-          {{- end }}
-          timeoutSeconds: {{.Values.readinessProbe.timeoutSeconds }}
-          periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
-          failureThreshold: {{.Values.readinessProbe.failureThreshold }}
+          failureThreshold: {{.Values.startupProbe.failureThreshold | default 1}}
+          periodSeconds: {{ .Values.startupProbe.periodSeconds | default 30}}
+{{- end }}
         resources:
 {{ toYaml .Values.resources | indent 10 }}
         volumeMounts:
diff --git a/charts/rancher/templates/ingress.yaml b/charts/rancher/templates/ingress.yaml
index 16eb292..d772f96 100644
--- a/charts/rancher/templates/ingress.yaml
+++ b/charts/rancher/templates/ingress.yaml
@@ -54,8 +54,8 @@ spec:
           servicePort: {{ .Values.ingress.servicePort }}
           {{- end }}
         {{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }}
-        pathType: {{ .Values.ingress.pathType }}
-        path: {{ .Values.ingress.path }}
+        pathType: ImplementationSpecific
+        path: "/"
         {{- end }}
 {{- if eq .Values.tls "ingress" }}
   tls:
diff --git a/charts/rancher/templates/post-delete-hook-cluster-role.yaml b/charts/rancher/templates/post-delete-hook-cluster-role.yaml
index 4f8b5db..174c1d3 100644
--- a/charts/rancher/templates/post-delete-hook-cluster-role.yaml
+++ b/charts/rancher/templates/post-delete-hook-cluster-role.yaml
@@ -30,6 +30,14 @@ rules:
   - apiGroups: [ "admissionregistration.k8s.io" ]
     resources: [ "validatingwebhookconfigurations", "mutatingwebhookconfigurations" ]
     verbs: [ "get", "list", "delete" ]
+  - apiGroups: [ "policy" ]
+    resources: [ "podsecuritypolicies" ]
+    verbs: ["delete", "create" ]
+{{- if eq (include "rancher.chart_psp_enabled" . ) "true" }}
+  - apiGroups: [ "policy" ]
+    resources: [ "podsecuritypolicies" ]
+    verbs: [ "use"]
+{{- end }}
   - apiGroups: [ "networking.k8s.io" ]
     resources: [ "ingresses" ]
     verbs: [ "delete" ]
diff --git a/charts/rancher/templates/post-delete-hook-psp.yaml b/charts/rancher/templates/post-delete-hook-psp.yaml
new file mode 100644
index 0000000..8332087
--- /dev/null
+++ b/charts/rancher/templates/post-delete-hook-psp.yaml
@@ -0,0 +1,34 @@
+{{- if eq (include "rancher.chart_psp_enabled" . ) "true" -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ include "rancher.fullname" . }}-post-delete
+  labels: {{ include "rancher.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+spec:
+  privileged: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  volumes:
+    - 'secret'
+    - 'configMap'
+{{- end }}
diff --git a/charts/rancher/values.yaml b/charts/rancher/values.yaml
index f658a28..3dc9445 100644
--- a/charts/rancher/values.yaml
+++ b/charts/rancher/values.yaml
@@ -37,11 +37,6 @@ debug: false
 # When starting Rancher for the first time, bootstrap the admin as restricted-admin
 restrictedAdmin: false
 
-# Control how the Rancher agents validate TLS connections
-# Valid options: strict, or system-store
-# Note, for new installations empty will default to strict on 2.9+, or system-store on 2.8 or older
-agentTLSMode: ""
-
 # Extra environment variables passed to the rancher pods.
 # extraEnv:
 # - name: CATTLE_TLS_MIN_VERSION
@@ -65,7 +60,7 @@ ingress:
   includeDefaultExtraAnnotations: true
   extraAnnotations: {}
   ingressClassName: ""
-  # Certain ingress controllers will require the pathType or path to be set to a different value.
+  # Certain ingress controllers will will require the pathType or path to be set to a different value.
   pathType: ImplementationSpecific
   path: "/"
   # backend port number
@@ -163,7 +158,7 @@ postDelete:
   enabled: true
   image:
     repository: rancher/shell
-    tag: v0.2.1
+    tag: v0.1.25
   namespaceList:
     - cattle-fleet-system
     - cattle-system
@@ -176,19 +171,19 @@ postDelete:
 # Set a bootstrap password. If leave empty, a random password will be generated.
 bootstrapPassword: ""
 
-startupProbe:
-  ## should be ready within 2 minutes
-  timeoutSeconds: 5
-  periodSeconds: 10
-  failureThreshold: 12
 livenessProbe:
-  timeoutSeconds: 5
+  initialDelaySeconds: 60
   periodSeconds: 30
-  failureThreshold: 5
 readinessProbe:
-  timeoutSeconds: 5
+  initialDelaySeconds: 5
   periodSeconds: 30
-  failureThreshold: 5
+
+global:
+  cattle:
+    psp:
+      # will default to true on 1.24 and below, and false for 1.25 and above
+      # can be changed manually to true or false to bypass version checks and force that option
+      enabled: ""
 
 # helm values to use when installing the rancher-webhook chart.
 # helm values set here will override all other global values used when installing the webhook such as priorityClassName and systemRegistry settings.
@@ -202,4 +197,4 @@ carbide:
   whitelabel:
     enabled: true
     image: carbide/carbide-whitelabel
-    tag: "0.1.4"
+    tag: "0.1.4"
\ No newline at end of file