diff --git a/charts/cryostat/templates/NOTES.txt b/charts/cryostat/templates/NOTES.txt
index d283fd38..3f1eeb77 100644
--- a/charts/cryostat/templates/NOTES.txt
+++ b/charts/cryostat/templates/NOTES.txt
@@ -47,10 +47,10 @@
   ```
 {{- if .Values.core.route.enabled }}
   echo {{ ternary "https" "http" .Values.core.route.tls.enabled }}://$(oc get route -n {{ .Release.Namespace }} {{ include "cryostat.fullname" . }} -o jsonpath="{.status.ingress[0].host}")
-{{- else if .Values.core.ingress.enabled -}}
+{{- else if .Values.core.ingress.enabled }}
 {{- range $host := .Values.core.ingress.hosts -}}
-  {{- range .paths -}}
-  {{ ternary "https" "http" .Values.core.ingress.tls }}://{{ $host.host }}{{ .path }}
+  {{- range .paths }}
+  {{ ternary "http" "https" (empty $.Values.core.ingress.tls) }}://{{ $host.host }}{{ .path }}
   {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.core.service.type }}
diff --git a/charts/cryostat/templates/_helpers.tpl b/charts/cryostat/templates/_helpers.tpl
index 6c0fc5b8..a9c302bf 100644
--- a/charts/cryostat/templates/_helpers.tpl
+++ b/charts/cryostat/templates/_helpers.tpl
@@ -31,7 +31,7 @@ Create chart name and version as used by the chart label.
 {{- end }}
 
 {{/*
-Common labels
+Common labels.
 */}}
 {{- define "cryostat.labels" -}}
 helm.sh/chart: {{ include "cryostat.chart" . }}
@@ -43,7 +43,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 
 {{/*
-Selector labels
+Selector labels.
 */}}
 {{- define "cryostat.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "cryostat.name" . }}
@@ -51,7 +51,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
-Create the name of the service account to use
+Create the name of the service account to use.
 */}}
 {{- define "cryostat.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
@@ -62,31 +62,31 @@ Create the name of the service account to use
 {{- end }}
 
 {{/*
-Get or generate a default connection key for database
+Get or generate a default connection key for database.
 */}}
 {{- define "cryostat.databaseConnectionKey" -}}
 {{- $secret := (lookup "v1" "Secret" .Release.Namespace (printf "%s-db" .Release.Name)) -}}
 {{- if $secret -}}
 {{/*
-   Use current key. Do not regenerate
+   Use current key. Do not regenerate.
 */}}
 {{- $secret.data.CONNECTION_KEY -}}
 {{- else -}}
 {{/*
-    Generate new key
+    Generate new key.
 */}}
 {{- (randAlphaNum 32) | b64enc | quote -}}
 {{- end -}}
 {{- end -}}
 
 {{/*
-Get or generate a default encryption key for database
+Get or generate a default encryption key for database.
 */}}
 {{- define "cryostat.databaseEncryptionKey" -}}
 {{- $secret := (lookup "v1" "Secret" .Release.Namespace (printf "%s-db" .Release.Name)) -}}
 {{- if $secret -}}
 {{/*
-   Use current key. Do not regenerate
+   Use current key. Do not regenerate.
 */}}
 {{- $secret.data.ENCRYPTION_KEY -}}
 {{- else -}}
@@ -98,13 +98,13 @@ Get or generate a default encryption key for database
 {{- end -}}
 
 {{/*
-Get or generate a default secret key for object storage
+Get or generate a default secret key for object storage.
 */}}
 {{- define "cryostat.objectStorageSecretKey" -}}
 {{- $secret := (lookup "v1" "Secret" .Release.Namespace (printf "%s-storage" .Release.Name)) -}}
 {{- if $secret -}}
 {{/*
-   Use current secret. Do not regenerate
+   Use current secret. Do not regenerate.
 */}}
 {{- $secret.data.SECRET_KEY -}}
 {{- else -}}
@@ -135,7 +135,7 @@ Generate or retrieve a default value for cookieSecret.
 {{- end }}
 
 {{/*
-    Get sanitized list or defaults (if not disabled) as comma-separated list
+    Get sanitized list or defaults (if not disabled) as comma-separated list.
 */}}
 {{- define "cryostat.commaSepList" -}}
 {{- $l := index . 0 -}}
@@ -144,5 +144,5 @@ Generate or retrieve a default value for cookieSecret.
 {{- if and (not $l) (not $disableDefaults) -}}
 {{- $l = list $default -}}
 {{- end -}}
-{{- join "," (default list $l | compact | uniq)  | quote -}}
+{{- join "," (default list $l | compact | uniq) | quote -}}
 {{- end -}}
diff --git a/charts/cryostat/templates/oauth2Proxy.tpl b/charts/cryostat/templates/_oauth2Proxy.tpl
similarity index 87%
rename from charts/cryostat/templates/oauth2Proxy.tpl
rename to charts/cryostat/templates/_oauth2Proxy.tpl
index 447bb9fb..8e8a9671 100644
--- a/charts/cryostat/templates/oauth2Proxy.tpl
+++ b/charts/cryostat/templates/_oauth2Proxy.tpl
@@ -1,7 +1,10 @@
-{{- define "oauth2Proxy" }}
+{{/*
+Create OAuth2 Proxy container. Configurations defined in alpha_config.yaml
+*/}}
+{{- define "cryostat.oauth2Proxy" -}}
 - name: {{ printf "%s-%s" .Chart.Name "authproxy" }}
   securityContext:
-    {{- toYaml (.Values.oauth2Proxy).securityContext | nindent 12 }}
+    {{- toYaml (.Values.oauth2Proxy).securityContext | nindent 4 }}
   image: "{{ (.Values.oauth2Proxy).image.repository }}:{{ (.Values.oauth2Proxy).image.tag }}"
   args:
     - "--alpha-config=/etc/oauth2_proxy/alpha_config/alpha_config.yaml"
diff --git a/charts/cryostat/templates/openshiftOauthProxy.tpl b/charts/cryostat/templates/_openshiftOauthProxy.tpl
similarity index 94%
rename from charts/cryostat/templates/openshiftOauthProxy.tpl
rename to charts/cryostat/templates/_openshiftOauthProxy.tpl
index 76a8dea3..1b01b59c 100644
--- a/charts/cryostat/templates/openshiftOauthProxy.tpl
+++ b/charts/cryostat/templates/_openshiftOauthProxy.tpl
@@ -1,7 +1,10 @@
-{{- define "openshiftOauthProxy" }}
+{{/*
+Create OpenShift OAuth Proxy container.
+*/}}
+{{- define "cryostat.openshiftOauthProxy" -}}
 - name: {{ printf "%s-%s" .Chart.Name "authproxy" }}
   securityContext:
-    {{- toYaml .Values.openshiftOauthProxy.securityContext | nindent 12 }}
+    {{- toYaml .Values.openshiftOauthProxy.securityContext | nindent 4 }}
   image: "{{ .Values.openshiftOauthProxy.image.repository }}:{{ .Values.openshiftOauthProxy.image.tag }}"
   args:
     - --skip-provider-button={{ not .Values.authentication.basicAuth.enabled }}
diff --git a/charts/cryostat/templates/deployment.yaml b/charts/cryostat/templates/deployment.yaml
index 15136c00..1307ebcf 100644
--- a/charts/cryostat/templates/deployment.yaml
+++ b/charts/cryostat/templates/deployment.yaml
@@ -31,9 +31,9 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
         {{- if (.Values.authentication.openshift).enabled }}
-        {{- include "openshiftOauthProxy" . | nindent 8 }}
+        {{- include "cryostat.openshiftOauthProxy" . | nindent 8 }}
         {{- else }}
-        {{- include "oauth2Proxy" . | nindent 8 }}
+        {{- include "cryostat.oauth2Proxy" . | nindent 8 }}
         {{- end }}
         - name: {{ .Chart.Name }}
           securityContext:
@@ -197,8 +197,6 @@ spec:
             failureThreshold: 9
           resources:
             {{- toYaml (.Values.storage).resources | nindent 12 }}
-          securityContext:
-            {{- toYaml (.Values.storage).securityContext | nindent 12 }}
         - name: {{ printf "%s-%s" .Chart.Name "grafana" }}
           securityContext:
             {{- toYaml .Values.grafana.securityContext | nindent 12 }}
diff --git a/charts/cryostat/templates/ingress.yaml b/charts/cryostat/templates/ingress.yaml
index 0a9535c0..4a051f66 100644
--- a/charts/cryostat/templates/ingress.yaml
+++ b/charts/cryostat/templates/ingress.yaml
@@ -1,4 +1,4 @@
-{{- define "createIngress" }}
+{{- define "cryostat.createIngress" }}
 {{- $svcName := index . 0 }}
 {{- $svcPort := index . 1 }}
 {{- $ := index . 2 }}
@@ -66,5 +66,5 @@ spec:
 
 {{- $fullName := include "cryostat.fullname" . -}}
 {{- if .Values.core.ingress.enabled }}
-{{- include "createIngress" (list $fullName .Values.core.service.httpPort $ .Values.core)}}
+{{- include "cryostat.createIngress" (list $fullName .Values.core.service.httpPort $ .Values.core)}}
 {{- end }}
diff --git a/charts/cryostat/templates/role.yaml b/charts/cryostat/templates/role.yaml
index 0945ae97..98f96c60 100644
--- a/charts/cryostat/templates/role.yaml
+++ b/charts/cryostat/templates/role.yaml
@@ -1,4 +1,4 @@
-{{- define "createRole" -}}
+{{- define "cryostat.createRole" -}}
 {{- $ns := index .  0 -}}
 {{- with index . 1 -}}
 ---
@@ -56,6 +56,6 @@ rules:
 {{- $watchNs = list .Release.Namespace -}}
 {{- end -}}
 {{- range $ns := $watchNs }}
-{{ include "createRole" (list $ns $) }}
+{{ include "cryostat.createRole" (list $ns $) }}
 {{- end -}}
 {{- end -}}
diff --git a/charts/cryostat/templates/rolebinding.yaml b/charts/cryostat/templates/rolebinding.yaml
index 9354e7b6..b2404966 100644
--- a/charts/cryostat/templates/rolebinding.yaml
+++ b/charts/cryostat/templates/rolebinding.yaml
@@ -1,4 +1,4 @@
-{{- define "createRolebinding" -}}
+{{- define "cryostat.createRolebinding" -}}
 {{- $ns := index .  0 -}}
 {{- with index . 1 -}}
 ---
@@ -26,6 +26,6 @@ subjects:
 {{- $watchNs = list .Release.Namespace -}}
 {{- end -}}
 {{- range $ns := $watchNs }}
-{{ include "createRolebinding" (list $ns $) }}
+{{ include "cryostat.createRolebinding" (list $ns $) }}
 {{- end -}}
 {{- end -}}
diff --git a/charts/cryostat/templates/route.yaml b/charts/cryostat/templates/route.yaml
index dcb05f92..608269c1 100644
--- a/charts/cryostat/templates/route.yaml
+++ b/charts/cryostat/templates/route.yaml
@@ -1,4 +1,4 @@
-{{- define "createRoute" }}
+{{- define "cryostat.createRoute" }}
 {{- $svcName := index . 0 }}
 {{- $targetPort := index . 1 }}
 {{- $ := index . 2 }}
@@ -46,5 +46,5 @@ spec:
 
 {{- $fullName := include "cryostat.fullname" . -}}
 {{- if .Values.core.route.enabled }}
-{{- include "createRoute" (list $fullName 4180 $ .Values.core)}}
+{{- include "cryostat.createRoute" (list $fullName 4180 $ .Values.core)}}
 {{- end }}