diff --git a/applications/fake-services/Makefile b/applications/fake-services/Makefile
index aa6734a6..e9dbb64c 100644
--- a/applications/fake-services/Makefile
+++ b/applications/fake-services/Makefile
@@ -23,6 +23,9 @@ helm-install-dry-run:
 helm-template:
 	helm template $(REPLICATED_APP) $(CHART_DIR)
 
+helm-template-with-values:
+	yq '.spec.values' replicated/kots-sample-config-values.yaml | helm template $(REPLICATED_APP) --values - $(CHART_DIR)
+
 helm-install:
 	helm install $(REPLICATED_APP) --debug --wait $(CHART_DIR)
 
diff --git a/applications/fake-services/app/Chart.lock b/applications/fake-services/app/Chart.lock
index 13568257..bdcd88e7 100644
--- a/applications/fake-services/app/Chart.lock
+++ b/applications/fake-services/app/Chart.lock
@@ -4,6 +4,6 @@ dependencies:
   version: 4.11.3
 - name: replicated
   repository: oci://registry.replicated.com/library
-  version: 1.0.0-beta.31
-digest: sha256:c349fc2fe99276ed430877ef2a0cf0e05150cd27f6e4eae2d7bfe47733f64846
-generated: "2025-02-04T08:53:26.530341+11:00"
+  version: 1.1.1
+digest: sha256:6dd6d2b307511c54683f36157c6763aa55b9913b2717972e55feb6ef007797a0
+generated: "2025-03-05T13:09:57.471411+11:00"
diff --git a/applications/fake-services/app/Chart.yaml b/applications/fake-services/app/Chart.yaml
index 636e5592..9114f8f5 100644
--- a/applications/fake-services/app/Chart.yaml
+++ b/applications/fake-services/app/Chart.yaml
@@ -26,4 +26,4 @@ dependencies:
     condition: ingress-nginx.enabled
   - name: replicated
     repository: oci://registry.replicated.com/library
-    version: 1.0.0-beta.31
+    version: 1.1.1
diff --git a/applications/fake-services/app/templates/certificate.yaml b/applications/fake-services/app/templates/certificate.yaml
new file mode 100644
index 00000000..ec4bd55a
--- /dev/null
+++ b/applications/fake-services/app/templates/certificate.yaml
@@ -0,0 +1,21 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "fake-service.name" . }}-cert
+spec:
+  secretName: {{ include "fake-service.name" . }}-tls
+  duration: 2160h # 90 days
+  renewBefore: 360h # 15 days
+  subject:
+    organizations:
+      - Replicated
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+  dnsNames:
+    - {{ .Values.ingress.host }}
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer
+    group: cert-manager.io 
\ No newline at end of file
diff --git a/applications/fake-services/app/templates/cluster-issuer.yaml b/applications/fake-services/app/templates/cluster-issuer.yaml
new file mode 100644
index 00000000..219c8e1a
--- /dev/null
+++ b/applications/fake-services/app/templates/cluster-issuer.yaml
@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: gerard@replicated.com
+    privateKeySecretRef:
+      name: letsencrypt-account-key
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
diff --git a/applications/fake-services/app/templates/ingress.yaml b/applications/fake-services/app/templates/ingress.yaml
index 57b97646..c6e13fb3 100644
--- a/applications/fake-services/app/templates/ingress.yaml
+++ b/applications/fake-services/app/templates/ingress.yaml
@@ -2,10 +2,17 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: {{ include "fake-service.name" . }}-ingress
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt"
 spec:
   ingressClassName: nginx
+  tls:
+  - hosts:
+    - {{ .Values.ingress.host }}
+    secretName: {{ include "fake-service.name" . }}-tls
   rules:
-  - http:
+  - host: {{ .Values.ingress.host }}
+    http:
       paths:
       - path: /
         pathType: Prefix
diff --git a/applications/fake-services/app/values.yaml b/applications/fake-services/app/values.yaml
index 6aa2c29c..c44d0e4a 100644
--- a/applications/fake-services/app/values.yaml
+++ b/applications/fake-services/app/values.yaml
@@ -7,14 +7,14 @@ image:
 
 frontend:
   name: "frontend"
-  message: "Hello from frontend!"
+  message: "New frontend update! This is the way!"
   serverType: "http"
   logLevel: "debug"
   port: 9090
 
 backend:
   name: "backend"
-  message: "Hello from backend!"
+  message: "New backend update"
   serverType: "http"
   logLevel: "debug"
   port: 9091
@@ -40,7 +40,8 @@ ingress-nginx:
     service:
       type: NodePort
       nodePorts:
-        http: 30080
+        http: 80
+        https: 443
   ingressClassResource:
     default: true
 
@@ -54,3 +55,6 @@ rqliteui:
 
 cert-manager:
   enabled: true
+
+ingress:
+  host: gerard-vm.testcluster.net
\ No newline at end of file
diff --git a/applications/fake-services/replicated/k8s-app.yaml b/applications/fake-services/replicated/k8s-app.yaml
index 861b3a7f..ac0365f1 100644
--- a/applications/fake-services/replicated/k8s-app.yaml
+++ b/applications/fake-services/replicated/k8s-app.yaml
@@ -7,4 +7,4 @@ spec:
   descriptor:
     links:
       - description: Open App
-        url: https://repl{{ ConfigOption "hostname" }}:30080
+        url: https://repl{{ ConfigOption "hostname" }}
diff --git a/applications/fake-services/replicated/kots-chart.yaml b/applications/fake-services/replicated/kots-chart.yaml
index a6fa7e73..251b540c 100644
--- a/applications/fake-services/replicated/kots-chart.yaml
+++ b/applications/fake-services/replicated/kots-chart.yaml
@@ -36,9 +36,19 @@ spec:
             image:
               registry: '{{repl HasLocalRegistry | ternary LocalRegistryHost "quirkyquokka.dev" }}'
               image: '{{repl HasLocalRegistry | ternary LocalRegistryNamespace "proxy/gerard-helm-fake-service/429114214526.dkr.ecr.ap-southeast-2.amazonaws.com/gerard" }}/kube-webhook-certgen'
+        service:
+          type: NodePort
+          nodePorts:
+            http: "80"
+            https: "443"
     rqliteui:
       image:
         registry: '{{repl HasLocalRegistry | ternary LocalRegistryHost "quirkyquokka.dev" }}'
         repository: '{{repl HasLocalRegistry | ternary LocalRegistryNamespace "proxy/gerard-helm-fake-service/429114214526.dkr.ecr.ap-southeast-2.amazonaws.com/gerard" }}/rqman'
         imagePullSecrets:
           - name: "{{repl ImagePullSecretName }}"
+    ingress:
+      host: '{{repl ConfigOption "hostname" }}'
+    replicated:
+      podLabels:
+        message: thisistheway
\ No newline at end of file
diff --git a/applications/fake-services/replicated/kots-ec.yaml b/applications/fake-services/replicated/kots-ec.yaml
index 39dbb14c..810075dd 100644
--- a/applications/fake-services/replicated/kots-ec.yaml
+++ b/applications/fake-services/replicated/kots-ec.yaml
@@ -1,7 +1,7 @@
 apiVersion: embeddedcluster.replicated.com/v1beta1
 kind: Config
 spec:
-  version: 2.0.0+k8s-1.30
+  version: 2.1.2+k8s-1.30
   roles:
     controller:
       name: management
@@ -11,3 +11,10 @@ spec:
       - name: app
         labels:
           app: "true"
+  unsupportedOverrides:
+    k0s: |
+      config:
+        spec:
+          api:
+            extraArgs:
+              service-node-port-range: 80-32767
diff --git a/applications/fake-services/replicated/kots-preflight.yaml b/applications/fake-services/replicated/kots-preflight.yaml
new file mode 100644
index 00000000..d4b2781b
--- /dev/null
+++ b/applications/fake-services/replicated/kots-preflight.yaml
@@ -0,0 +1,40 @@
+apiVersion: troubleshoot.sh/v1beta2
+kind: Preflight
+metadata:
+  name: preflight
+spec:
+  analyzers:
+    - clusterVersion:
+        outcomes:
+          - fail:
+              when: "< 1.16.0"
+              message: The application requires at least Kubernetes 1.16.0, and recommends 1.18.0.
+              uri: https://kubernetes.io
+          - warn:
+              when: "< 1.18.0"
+              message: Your cluster meets the minimum version of Kubernetes, but we recommend you update to 1.18.0 or later.
+              uri: https://kubernetes.io
+          - pass:
+              message: Your cluster meets the recommended and required versions of Kubernetes.
+    - distribution:
+        outcomes:
+          - pass:
+              when: "== gke"
+              message: GKE is a supported platform
+          - pass:
+              when: "== aks"
+              message: AKS is a supported platform
+          - pass:
+              when: "== eks"
+              message: EKS is a supported platform
+          - pass:
+              when: "== k0s"
+              message: K0s is a supported platform
+          - fail:
+              when: "== docker-desktop"
+              message: This application does not support Docker Desktop
+          - fail:
+              when: "== microk8s"
+              message: This application does not support Microk8s
+          - warn:
+              message: The Kubernetes platform is not validated, but there are no known compatibility issues.
diff --git a/applications/fake-services/replicated/kots-sample-config-values.yaml b/applications/fake-services/replicated/kots-sample-config-values.yaml
index 0149aeb7..3519e418 100644
--- a/applications/fake-services/replicated/kots-sample-config-values.yaml
+++ b/applications/fake-services/replicated/kots-sample-config-values.yaml
@@ -10,3 +10,5 @@ spec:
       value: Payment
     frontend_name:
       value: Checkout
+    hostname:
+      value: gerard-vm.testcluster.net