diff --git a/charts/incubator/meshcentral/Chart.yaml b/charts/incubator/meshcentral/Chart.yaml
index 4f1c3c8db47..bf58cc3a824 100644
--- a/charts/incubator/meshcentral/Chart.yaml
+++ b/charts/incubator/meshcentral/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 kubeVersion: ">=1.16.0-0"
 name: meshcentral
 appVersion: "1.0.90"
-version: 5.0.7
+version: 5.0.8
 description: MeshCentral is a full computer management web site
 type: application
 deprecated: false
diff --git a/charts/incubator/meshcentral/questions.yaml b/charts/incubator/meshcentral/questions.yaml
index d63f55cb327..0d65b78458c 100644
--- a/charts/incubator/meshcentral/questions.yaml
+++ b/charts/incubator/meshcentral/questions.yaml
@@ -37,21 +37,21 @@ questions:
                 description: Set this to the primary DNS name of this MeshCentral server.
                 schema:
                   type: string
-                  required: true
+                  # required: true
                   default: ""
               - variable: tlsOffload
                 label: tlsOffload
                 description: When true, indicates that a TLS offloader is in front of the MeshCentral server. More typically, set this to the IP address of the reverse proxy or TLS offloader so that IP forwarding headers will be trusted. For example 127.0.0.1,traefik.ix-traefik.svc.cluster.local
                 schema:
                   type: string
-                  required: true
+                  # required: true
                   default: ""
               - variable: trustedProxy
                 label: trustedProxy
                 description: Trust forwarded headers from these IPs or domains.  Providing the magic string "CloudFlare" will cause the server to download the IP address list of trusted CloudFlare proxies directly from CloudFlare on each server start. For example 127.0.0.1,traefik.ix-traefik.svc.cluster.local
                 schema:
                   type: string
-                  required: true
+                  # required: true
                   default: ""
               - variable: WANonly
                 label: WANonly
@@ -95,6 +95,12 @@ questions:
                 schema:
                   type: boolean
                   default: false
+              - variable: allowHighQualityDesktop
+                label: allowHighQualityDesktop
+                description: When false, users will only be able to set remote desktop image quality to 60%, this can reduce server bandwidth usage.
+                schema:
+                  type: boolean
+                  default: true
               - variable: browserPing
                 label: browserPing
                 description: When specified, sends data to the browser at x seconds interval and expects a response from the browser.
@@ -235,7 +241,7 @@ questions:
                       description: HTTPS URL when to get the TLS certificate that MeshAgent's will see when connecting to this server. This setting is used when a reverse proxy like Traefik is used in front of MeshCentral.
                       schema:
                         type: string
-                        required: true
+                        # required: true
                         default: ""
                     - variable: title
                       label: title
diff --git a/charts/incubator/meshcentral/templates/_secret.tpl b/charts/incubator/meshcentral/templates/_secret.tpl
index 3b52477ef5d..1a521550a61 100644
--- a/charts/incubator/meshcentral/templates/_secret.tpl
+++ b/charts/incubator/meshcentral/templates/_secret.tpl
@@ -59,6 +59,7 @@ metadata:
 data:
   {{/* Store session_key to reuse */}}
   session_key: {{ $sessionKey | b64enc }}
+  trigger_redeploy: {{ randAlpha 5 }}
   {{/* The actual config */}}
   config.json: |
     {{- toPrettyJson (fromYaml $config) | b64enc | nindent 4 }}
diff --git a/charts/incubator/meshcentral/values.yaml b/charts/incubator/meshcentral/values.yaml
index 967e13c1a95..c7dbfa74ebd 100644
--- a/charts/incubator/meshcentral/values.yaml
+++ b/charts/incubator/meshcentral/values.yaml
@@ -8,8 +8,6 @@ command:
   - meshcentral/meshcentral
   - --configfile
   - /opt/meshcentral/meshcentral-config/config.json
-  - --cert
-  - "{{ .Values.meshcentral.settings.cert }}"
 
 securityContext:
   readOnlyRootFilesystem: false
@@ -19,6 +17,12 @@ podSecurityContext:
   runAsUser: 0
   runAsGroup: 0
 
+env:
+  trigger_redeploy:
+    secretKeyRef:
+      name: '{{ include "tc.common.names.fullname" . }}-secret'
+      key: trigger_redeploy
+
 # - Values with the character _ in-front of them are pruned. Add or remove _ to disable or enable options
 # - More in-depth info for each options can be found here: https://github.com/Ylianst/MeshCentral/blob/master/meshcentral-config-schema.json
 # - Check for this chart's specific info in our webpage https://truecharts.org
@@ -776,7 +780,9 @@ meshcentral:
         proxy: null
       _httpHeaders: null
       # - Key and values to add to the MeshAgent .msh file
-      _agentConfig: []
+      agentConfig:
+        # - Needed if you use traefik https://github.com/traefik/traefik/issues/4487
+        - webSocketMaskOverride=1
       # - Key and values to add to the MeshCentral Assistant .msh file
       _assistantConfig: []
       # - When false, users can't set the clipboard of a remove device.