diff --git a/values/env-rossby.yaml b/values/env-rossby.yaml
index 06ab97cb..33a4b0e9 100644
--- a/values/env-rossby.yaml
+++ b/values/env-rossby.yaml
@@ -14,7 +14,9 @@ clusterConfig:
   ingress_nodes: ["rossby, rossby-manage" ]
   ingress_replica_count: 2
   ingress_clusterissuer: ca-issuer
-  ingress_hostport: true
+  ingress_hostnetwork: true
+  ingress_hostport: false
+  ingress_nodeport: false
   fileserver: "172.16.239.222"
   acme_email: "acme@oceanbox.io"
   oidc:
diff --git a/values/env.yaml b/values/env.yaml
index ad71d2ce..e53291f9 100644
--- a/values/env.yaml
+++ b/values/env.yaml
@@ -20,7 +20,9 @@ clusterConfig:
     - 172.16.0.0/12
     - 192.168.0.0/16
     - 172.19.255.0/24
+  ingress_hostnetwork: false
   ingress_hostport: false
+  ingress_nodeport: true
   oidc: []
     #- name: azure
     #  provider: azuread
diff --git a/values/ingress-nginx/values/ingress-nginx.yaml.gotmpl b/values/ingress-nginx/values/ingress-nginx.yaml.gotmpl
index c7ae851f..bf50f8d3 100644
--- a/values/ingress-nginx/values/ingress-nginx.yaml.gotmpl
+++ b/values/ingress-nginx/values/ingress-nginx.yaml.gotmpl
@@ -5,6 +5,7 @@
 # See templates/_helpers.tpl
 # nameOverride:
 fullnameOverride: main-ingress-nginx
+hostNetwork: {{ .Values.clusterConfig.ingress_hostnetwork }}
 controller:
   resources:
     #limits:
@@ -59,6 +60,7 @@ controller:
 
   minAvailable: {{ .Values.nginx.pdb.minAvailable }}
 
+  {{- if .Values.clusterConfig.ingress_nodeport }}
   service:
     externalTrafficPolicy: Local
     type: NodePort # ClusterIP
@@ -67,6 +69,7 @@ controller:
       https: 30443
       tcp: {}
       udp: {}
+  {{- end }}
 
   hostPort:
     enabled: {{ .Values.clusterConfig.ingress_hostport }}