diff --git a/assets/rancher-webhook/rancher-webhook-2.0.3+up0.3.3.tgz b/assets/rancher-webhook/rancher-webhook-2.0.3+up0.3.3.tgz
new file mode 100644
index 000000000..14cd67742
Binary files /dev/null and b/assets/rancher-webhook/rancher-webhook-2.0.3+up0.3.3.tgz differ
diff --git a/charts/rancher-webhook/2.0.3+up0.3.3/Chart.yaml b/charts/rancher-webhook/2.0.3+up0.3.3/Chart.yaml
new file mode 100644
index 000000000..9688c02da
--- /dev/null
+++ b/charts/rancher-webhook/2.0.3+up0.3.3/Chart.yaml
@@ -0,0 +1,18 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.26.0-0'
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+  catalog.cattle.io/release-name: rancher-webhook
+apiVersion: v2
+appVersion: 0.3.3
+dependencies:
+- condition: capi.enabled
+  name: capi
+  repository: ""
+description: ValidatingAdmissionWebhook for Rancher types
+name: rancher-webhook
+version: 2.0.3+up0.3.3
diff --git a/charts/rancher-webhook/2.0.3+up0.3.3/charts/capi/Chart.yaml b/charts/rancher-webhook/2.0.3+up0.3.3/charts/capi/Chart.yaml
new file mode 100644
index 000000000..388210bef
--- /dev/null
+++ b/charts/rancher-webhook/2.0.3+up0.3.3/charts/capi/Chart.yaml
@@ -0,0 +1,4 @@
+apiVersion: v2
+appVersion: 0.0.0
+name: capi
+version: 0.0.0
diff --git a/charts/rancher-webhook/2.0.3+up0.3.3/charts/capi/templates/service.yaml b/charts/rancher-webhook/2.0.3+up0.3.3/charts/capi/templates/service.yaml
new file mode 100644
index 000000000..08df65d62
--- /dev/null
+++ b/charts/rancher-webhook/2.0.3+up0.3.3/charts/capi/templates/service.yaml
@@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: webhook-service
+  annotations:
+    need-a-cert.cattle.io/secret-name: rancher-webhook-tls
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: 8777
+  selector:
+    app: rancher-webhook
diff --git a/charts/rancher-webhook/2.0.3+up0.3.3/templates/_helpers.tpl b/charts/rancher-webhook/2.0.3+up0.3.3/templates/_helpers.tpl
new file mode 100644
index 000000000..c37a65c6f
--- /dev/null
+++ b/charts/rancher-webhook/2.0.3+up0.3.3/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "rancher-webhook.labels" -}}
+app: rancher-webhook
+{{- end }}
+
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-webhook/2.0.3+up0.3.3/templates/deployment.yaml b/charts/rancher-webhook/2.0.3+up0.3.3/templates/deployment.yaml
new file mode 100644
index 000000000..e4270c1ec
--- /dev/null
+++ b/charts/rancher-webhook/2.0.3+up0.3.3/templates/deployment.yaml
@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rancher-webhook
+spec:
+  selector:
+    matchLabels:
+      app: rancher-webhook
+  template:
+    metadata:
+      labels:
+        app: rancher-webhook
+    spec:
+      {{- if .Values.capi.enabled }}
+      volumes:
+      - name: tls
+        secret:
+          secretName: rancher-webhook-tls
+      {{- end }}
+      {{- if .Values.global.hostNetwork }}
+      hostNetwork: true
+      {{- end }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
+      {{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 6 }}
+      {{- end }}
+      containers:
+      - env:
+        - name: STAMP
+          value: "{{.Values.stamp}}"
+        - name: ENABLE_CAPI
+          value: "{{.Values.capi.enabled}}"
+        - name: ENABLE_MCM
+          value: "{{.Values.mcm.enabled}}"
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: rancher-webhook
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+        ports:
+        - name: https
+          containerPort: 9443
+        - name: capi-https
+          containerPort: 8777
+        {{- if .Values.capi.enabled }}
+        volumeMounts:
+        - name: tls
+          mountPath: /tmp/k8s-webhook-server/serving-certs
+        {{- end }}
+      serviceAccountName: rancher-webhook
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{.Values.priorityClassName}}"
+      {{- end }}
diff --git a/charts/rancher-webhook/2.0.3+up0.3.3/templates/rbac.yaml b/charts/rancher-webhook/2.0.3+up0.3.3/templates/rbac.yaml
new file mode 100644
index 000000000..9afaae6c6
--- /dev/null
+++ b/charts/rancher-webhook/2.0.3+up0.3.3/templates/rbac.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-webhook
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: rancher-webhook
+  namespace: {{.Release.Namespace}}
diff --git a/charts/rancher-webhook/2.0.3+up0.3.3/templates/service.yaml b/charts/rancher-webhook/2.0.3+up0.3.3/templates/service.yaml
new file mode 100644
index 000000000..74a8a9e5a
--- /dev/null
+++ b/charts/rancher-webhook/2.0.3+up0.3.3/templates/service.yaml
@@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: rancher-webhook
+  namespace: cattle-system
+spec:
+  ports:
+  - port: 443
+    targetPort: 9443
+    protocol: TCP
+    name: https
+  selector:
+    app: rancher-webhook
diff --git a/charts/rancher-webhook/2.0.3+up0.3.3/templates/serviceaccount.yaml b/charts/rancher-webhook/2.0.3+up0.3.3/templates/serviceaccount.yaml
new file mode 100644
index 000000000..f9251b418
--- /dev/null
+++ b/charts/rancher-webhook/2.0.3+up0.3.3/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook
diff --git a/charts/rancher-webhook/2.0.3+up0.3.3/templates/webhook.yaml b/charts/rancher-webhook/2.0.3+up0.3.3/templates/webhook.yaml
new file mode 100644
index 000000000..53a0687b6
--- /dev/null
+++ b/charts/rancher-webhook/2.0.3+up0.3.3/templates/webhook.yaml
@@ -0,0 +1,9 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: rancher.cattle.io
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: rancher.cattle.io
diff --git a/charts/rancher-webhook/2.0.3+up0.3.3/values.yaml b/charts/rancher-webhook/2.0.3+up0.3.3/values.yaml
new file mode 100644
index 000000000..7ed0f9951
--- /dev/null
+++ b/charts/rancher-webhook/2.0.3+up0.3.3/values.yaml
@@ -0,0 +1,22 @@
+image:
+  repository: rancher/rancher-webhook
+  tag: v0.3.3
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  hostNetwork: false
+
+capi:
+  enabled: false
+
+mcm:
+  enabled: true
+
+# tolerations for the webhook deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more info
+tolerations: []
+nodeSelector: {}
+
+## PriorityClassName assigned to deployment.
+priorityClassName: ""
diff --git a/index.yaml b/index.yaml
index b35d84d7f..f1cce8404 100755
--- a/index.yaml
+++ b/index.yaml
@@ -12865,6 +12865,28 @@ entries:
     - assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000.tgz
     version: 2.1.000
   rancher-webhook:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.26.0-0'
+      catalog.cattle.io/namespace: cattle-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+      catalog.cattle.io/release-name: rancher-webhook
+    apiVersion: v2
+    appVersion: 0.3.3
+    created: "2023-04-21T12:21:09.922002-04:00"
+    dependencies:
+    - condition: capi.enabled
+      name: capi
+      repository: ""
+    description: ValidatingAdmissionWebhook for Rancher types
+    digest: 1ef4f80cdda914e9010c414a4aa57fd1a0d76d54bb4d38afee117cf49bc02f61
+    name: rancher-webhook
+    urls:
+    - assets/rancher-webhook/rancher-webhook-2.0.3+up0.3.3.tgz
+    version: 2.0.3+up0.3.3
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
diff --git a/packages/rancher-webhook/package.yaml b/packages/rancher-webhook/package.yaml
index dd8eeb862..3c56b357b 100644
--- a/packages/rancher-webhook/package.yaml
+++ b/packages/rancher-webhook/package.yaml
@@ -1,2 +1,2 @@
-url: https://github.com/rancher/webhook/releases/download/v0.3.2/rancher-webhook-0.3.2.tgz
-version: 2.0.2
+url: https://github.com/rancher/webhook/releases/download/v0.3.3/rancher-webhook-0.3.3.tgz
+version: 2.0.3