From 41bee7d47c976e33b296e8afbc91dbfbae3c55f8 Mon Sep 17 00:00:00 2001
From: Eric Promislow <epromislow@suse.com>
Date: Tue, 14 Jan 2025 13:23:28 -0800
Subject: [PATCH] make charts

---
 ...rancher-webhook-103.0.14+up0.4.15-rc.3.tgz | Bin 0 -> 2806 bytes
 .../103.0.14+up0.4.15-rc.3/Chart.yaml         |  14 +++
 .../templates/_helpers.tpl                    |  22 +++++
 .../templates/deployment.yaml                 |  82 ++++++++++++++++++
 .../templates/rbac.yaml                       |  12 +++
 .../templates/secret.yaml                     |  11 +++
 .../templates/service.yaml                    |  13 +++
 .../templates/serviceaccount.yaml             |  11 +++
 .../templates/webhook.yaml                    |   9 ++
 .../103.0.14+up0.4.15-rc.3/tests/README.md    |  16 ++++
 .../tests/deployment_test.yaml                |  73 ++++++++++++++++
 .../tests/service_test.yaml                   |  18 ++++
 .../103.0.14+up0.4.15-rc.3/values.yaml        |  30 +++++++
 index.yaml                                    |  18 ++++
 14 files changed, 329 insertions(+)
 create mode 100644 assets/rancher-webhook/rancher-webhook-103.0.14+up0.4.15-rc.3.tgz
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15-rc.3/Chart.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/_helpers.tpl
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/deployment.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/rbac.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/secret.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/service.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/webhook.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15-rc.3/tests/README.md
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15-rc.3/tests/deployment_test.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15-rc.3/tests/service_test.yaml
 create mode 100644 charts/rancher-webhook/103.0.14+up0.4.15-rc.3/values.yaml

diff --git a/assets/rancher-webhook/rancher-webhook-103.0.14+up0.4.15-rc.3.tgz b/assets/rancher-webhook/rancher-webhook-103.0.14+up0.4.15-rc.3.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..ffb7881e5057918bdc14e68c8e9f5c1beccfa650
GIT binary patch
literal 2806
zcmV<S3JLWeiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH*KZ`(NX{j9%Y;QW5*hpXggoL0C!!0TrB3N&tz1YH~!i!3dT
zZ8j9Cl9aRFH2?d7)Wec2$K57yx(CmfSbWS3$$63!NqDe8>E7aWA;e94ydYA0D-y96
zPX?V%r!yQ3?B7nOQ~%rT^g1uPgOfq`__#Mb8NBFp2fgEy7tnb+7Pdp8G?6blkET^$
z+}{KU=Ry-r1y{ZU5D-n6n0o=ynxRKUJ3y)FjAH0RCM%7@7Bmcz`_R%d!B*ptn`Daa
z5~ZSo`|$E#KS0;(^}UYUfq$BxZ_Lk^jZ-;^P{kxbAJRrwt(3;7aj;N6Fv^oZ8hc}u
z5!K2qM!mYFJQTO8adfU86}Efc>x}E3_W;up84`uAVZPYBT+tj7(~mjQWzQjTTzq!C
zf!95DW#ILl5LF;)tZm0f!e~e|<?~S(QDsK|lA?o|kZ_Tb0KJM)In88?g>*Z8uj6$G
z|48C8z2}z41MC;-_J2uOg6e4<z%KiL+#lBM|8c*2u>bo28j(2~%P%n&ifSQOh0$o&
zjR$}xb03yvg8^VsoF|N(3r2&L5AS9Zq0c2M<l1rOOiT&OoQr0b7(i;j-{OoUOkd!f
zDs3pYjO$nkr6;Iwg}m`$Mwmj!iGs*XL{6s6_#)$G9OnqMU?@}nWo@8dAY|-9h%pnZ
z2)Xv)5)l?!$I5S8M<h9FRK`q)B2eu>@Bm}2+A3IJm@vxcE-q<c5Vtj<T)Tva?wVTL
zQj3H{pnN8r5+6SN`kTW=h?mGP&_eofckehyM{q8wkW{b6j3_lB5du+)&N+slMVVbE
zu8*`^;~YUOq|Rn3xLwd-kv3@oi9)ztAP1RnPWgPp_M3q|ycrDo2Gco_Btnfc-8hoy
z1#(RT>tF0XT8B+ys!%RbdX5=l4&eyKqoz64@enYIT!RT9ln3u-fKjYhuZniTIR@#;
z-BQMY3k_2&BgN3O<jxXhyQW0paNr^jM40xaxW=PQa*klcn7CzBX%I6QPtvu0C1ZrI
zY$If6GF{ni7>^*9Vo5^`f%1Z6%CuoPFrt(4LkxKg$CFeFo?E+jL*4#sjABMKs`m8)
zS&UM7I)0=p*kS)WC&#^-{T~j8#|Qhr54gK?A;cNw2(8p6Ux%qtzLuF)Zh?D$@0fvf
z2HwXsKuE269_=<-^I}>oDc3V-{l99rz6k*`g~dl}%@6W$<F`{@QBAr%MyAMAih#uN
zW_X-qsw1+Qf@_R=$p>VJT)08wy2=@dF-A6&^0T?70cSG|v=6O`xJ=!Q&6GrJ@EJGJ
zI{lmw*4n<F5*sRWE-4RHm$uG;N|>6@f4lyd+|eVW!5#WP7<Nu-`hPO$_73{L4=@7q
zf5zp4|3jgh_WKKDh5$kuXs{ZyPFYDDtM;<%+)y6+@V1Z@Cqhj^qKOF<np02}V_<r7
z2~GpTi0EMP-s)%C0MMwR0J(@}^Gfs#unLN;NC0v+3}nX5ZiH7j`1|{;dns5FVS&`m
z7M2cl15yxE7)aD>;(5!YaeT?xRM@DQ$Wl1G9$JZ!Z7{qAXDtxD1Ih!IgxidX2Va0w
z9-08@^;XWxNWmIl(BeNNV$CDIKr_Y)qm>AH3!fF+TV{2*mDO^B(8y_dK*8wn0Y(GC
zO-6vSBoN4#>r>C=<ML{Bc3zT&+#%fE<+PP1QG9>j+L(Ge8U6VF^!jXk_Tc;|h`cN%
zYQi!eU0uCDy*~eNakYtNjm0JqYjrmX0(^nbiO^UqdX024Iy=2QAB|7zD1VY7DvLhA
zj3Ns!a8_;2+Ruqz_=Wm<#T8#MwxX2lz#1BO8ohu2;g{35*W=0M=0acI-N7e8IkaB2
zny|gBP^=tvmfWT|a=Y_Dpya{*{oP$5T6VIx&aC17-rwlfWL{yS*=SbyDJR>l4TQBJ
zP?ijH)M`^wZDw5BxkALxZOT|8(IhLS?J~|(C-J!yQ!JmlA@Fn6G6KX_0$S|_5~de_
zwyK?$a?5g7?J+63O^E+}b#;DO?wb+H5{Xv}iE1HO=)<s6>W)!T5nf^-c&L0hF1i?9
zB1fg3iS4a??Ql!EV>%NFZ#vaY{{#@3v8n2{briR6UaMTj+%!FIH%*gB!VjFSD!!&s
zVQS_#An^qCkCca(D3>(AinL&m*jo<4HU3fA=77XxN*UD@RdxGG7*-oxn4Df+|M+h5
z_WJVl;^VuLW!m6RrA&;1!0f~10adH5W8*?*jkD>lres{}y=!$WarbQT-}d-lPD$`I
z_rSaI|3SZ7&;Psq&LRHa2b5!ad*a5{2uc665s`QE+9s4mpg(4b(kL$kL!;A_&%Ywz
zmx5sy1(2BjEJYGOK+FNypjDs_(l(cb5#^3brk^k{rq9jhTvqgZD@SR2_M&)q=Ut>v
zb>1Xz-Igx@&%t*6PcxUNumHRCzu!Bq>;G~0p#OV;zmorN4M!?(*<B~M1_AMcEPULY
zlk2MyvIZMc4nnrR{_9nYK75GD=LDVa!JGd5;356Drt}F6z)t-i*6V+U!{OonZ!b`B
zn{`Fr?b;tu&isC@NIBgsIT{T5HUQQ{&QbrB3^SHOi$E|RuEy!bN;Q40-Y7QS{5|)6
ze{Zl;|4AB3J;n^|jQ=~e_rG4J*B>18e;-iO_{J!Dw;6C<w{APW4U?;q&}0C$vc$Z0
z#MWz+E8<$0qpS)dARML$G>TCw!HG_bDyFNLC{-r|%dC=4@YZvm!1Ka({m<V__u&7J
z2b=!Cf6)JZK;=y@FDlJ0w41L0)<vjU?de$X8J#ET@a-zTu8iF<7hgyCEYXi6``ml|
zJ;J8`E3MiWr=z!Lr(P6335}ip|D>+}gOlN*{(mpv9324@0bvm063ppSJ_pK`mPuNi
z=Qtm%vxTk?KP8Moupm;y_#McE!!6YdAoc|%znpWN-+%voO4P#f+NrBnZ97M`0}7_I
zK-u%*3Y9jP6p%SFbZyODN<(nAf;GA$%NJqH4p|_JAZE#&a+p!6G`N+vd~9CzIj4G&
zOuaxvZ8OYGIMrso)h};OwPUE6{cv;kt3%WxUBq*r-BUob{;z9)uI-8+7X$3j|NhCK
zU$6feb`SM`djXYDjhPmfs(6YpFiqTRwP228#U$;c+6T1|2@64?E)`#=`MXW$)Bh?+
zvvQ@d^akw$eooTz@ap@jiZSqVHaz>aF1+})^P9aVus<q~)tk@%Z}R&FLo6GszJVU{
zW$lF=dF^HRp{k2@`G#Sr<uvVG5{EW#$@ehM7o^s2(CHmYuit(1Jlk1N{$94zFtoXy
zTxh$c<#%M5u5z*Tnm3QCNy5Hm_i8WMji<}&?AT)c%?EO->?6BZKlzQ3rN{V<l|15P
zYHRVzJbNSz8;))B1%BIkWTkW<WTkkabTp4XnT*7@Pfb~BJj3xQEndnFZ#)7Kr=?>=
zq8U*?w931OU;7URH^4&0YIRBFYL4o^FO)hyiKjUI>VECe#-`$srn*PiQTzBP39TH{
zBiR1NVwf%EF#9ow&82RIIjqXcD<dHf`v2zmFT4AFis0`n^1tK$M*Vl^<Z%D97bwSn
z`72N@_$xmI?k(~w!jbhW(U#Eep+G8~{N!=eS21T%Klkw--~b0Wz*hKg00030|1;bf
I&;UjN0Bo^`FaQ7m

literal 0
HcmV?d00001

diff --git a/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/Chart.yaml b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/Chart.yaml
new file mode 100644
index 000000000..c10346927
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/Chart.yaml
@@ -0,0 +1,14 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: rancher-webhook
+apiVersion: v2
+appVersion: 0.4.15-rc.3
+description: ValidatingAdmissionWebhook for Rancher types
+name: rancher-webhook
+version: 103.0.14+up0.4.15-rc.3
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/_helpers.tpl b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/_helpers.tpl
new file mode 100644
index 000000000..c37a65c6f
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "rancher-webhook.labels" -}}
+app: rancher-webhook
+{{- end }}
+
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/deployment.yaml b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/deployment.yaml
new file mode 100644
index 000000000..b8a7201da
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/deployment.yaml
@@ -0,0 +1,82 @@
+{{- $auth := .Values.auth | default dict }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rancher-webhook
+spec:
+  selector:
+    matchLabels:
+      app: rancher-webhook
+  template:
+    metadata:
+      labels:
+        app: rancher-webhook
+    spec:
+      {{- if $auth.clientCA }}
+      volumes:
+      - name: client-ca
+        secret:
+          secretName: client-ca
+      {{- end }}
+      {{- if .Values.global.hostNetwork }}
+      hostNetwork: true
+      {{- end }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
+      {{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 6 }}
+      {{- end }}
+      containers:
+      - env:
+        - name: STAMP
+          value: "{{.Values.stamp}}"
+        - name: ENABLE_MCM
+          value: "{{.Values.mcm.enabled}}"
+        - name: CATTLE_PORT
+          value: {{.Values.port | default 9443 | quote}}
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        {{- if $auth.allowedCNs }}
+        - name: ALLOWED_CNS
+          value: '{{ join "," $auth.allowedCNs }}'
+        {{- end }}
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: rancher-webhook
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+        ports:
+        - name: https
+          containerPort: {{ .Values.port | default 9443 }}
+        startupProbe:
+          httpGet:
+            path: "/healthz"
+            port: "https"
+            scheme: "HTTPS"
+          failureThreshold: 60
+          periodSeconds: 5
+        livenessProbe:
+          httpGet:
+            path: "/healthz"
+            port: "https"
+            scheme: "HTTPS"
+          periodSeconds: 5
+        {{- if $auth.clientCA }}
+        volumeMounts:
+        - name: client-ca
+          mountPath: /tmp/k8s-webhook-server/client-ca
+          readOnly: true
+        {{- end }}
+        {{- if .Values.capNetBindService }}
+        securityContext:
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+        {{- end }}
+      serviceAccountName: rancher-webhook
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{.Values.priorityClassName}}"
+      {{- end }}
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/rbac.yaml b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/rbac.yaml
new file mode 100644
index 000000000..f4364995c
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/rbac.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-webhook
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: rancher-webhook
+  namespace: {{.Release.Namespace}}
\ No newline at end of file
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/secret.yaml b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/secret.yaml
new file mode 100644
index 000000000..9fd331dc1
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/secret.yaml
@@ -0,0 +1,11 @@
+{{- $auth := .Values.auth | default dict }}
+{{- if $auth.clientCA }}
+apiVersion: v1
+data:
+  ca.crt: {{ $auth.clientCA }}
+kind: Secret
+metadata:
+  name: client-ca
+  namespace: cattle-system
+type: Opaque
+{{- end }}
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/service.yaml b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/service.yaml
new file mode 100644
index 000000000..220afebea
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/service.yaml
@@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: rancher-webhook
+  namespace: cattle-system
+spec:
+  ports:
+  - port: 443
+    targetPort: {{ .Values.port | default 9443 }}
+    protocol: TCP
+    name: https
+  selector:
+    app: rancher-webhook
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/serviceaccount.yaml b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/serviceaccount.yaml
new file mode 100644
index 000000000..9e7ad7e1f
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/serviceaccount.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook-sudo
+  annotations:
+    cattle.io/description: "SA which can be impersonated to bypass rancher-webhook validation"
\ No newline at end of file
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/webhook.yaml b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/webhook.yaml
new file mode 100644
index 000000000..53a0687b6
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/templates/webhook.yaml
@@ -0,0 +1,9 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: rancher.cattle.io
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: rancher.cattle.io
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/tests/README.md b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/tests/README.md
new file mode 100644
index 000000000..6d3059a00
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/tests/README.md
@@ -0,0 +1,16 @@
+
+## local dev testing instructions
+
+Option 1: Full chart CI run with a live cluster
+
+```bash
+./scripts/charts/ci 
+```
+
+Option 2: Test runs against the chart only 
+
+```bash
+# install the helm plugin first - helm plugin install https://github.com/helm-unittest/helm-unittest.git
+bash dev-scripts/helm-unittest.sh
+```
+
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/tests/deployment_test.yaml b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/tests/deployment_test.yaml
new file mode 100644
index 000000000..bbd6e3044
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/tests/deployment_test.yaml
@@ -0,0 +1,73 @@
+suite: Test Deployment
+templates:
+  - deployment.yaml
+
+tests:
+  - it: should set webhook default port values
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].containerPort
+          value: 9443
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: CATTLE_PORT
+            value: "9443"
+
+  - it: should set updated webhook port
+    set:
+      port: 2319
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].containerPort
+          value: 2319
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: CATTLE_PORT
+            value: "2319"
+
+  - it: should not set capabilities by default.
+    asserts:
+      - isNull:
+          path: spec.template.spec.containers[0].securityContext
+
+  - it: should set net capabilities when capNetBindService is true.
+    set:
+      capNetBindService: true
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].securityContext.capabilities.add
+          content: NET_BIND_SERVICE
+
+  - it: should not set volumes or volumeMounts by default
+    asserts:
+      - isNull:
+          path: spec.template.spec.volumes
+      - isNull:
+          path: spec.template.spec.volumeMounts
+
+  - it: should set CA fields when CA options are set
+    set:
+      auth.clientCA: base64-encoded-cert
+      auth.allowedCNs:
+        - kube-apiserver
+        - joe
+    asserts:
+      - contains:
+          path: spec.template.spec.volumes
+          content:
+            name: client-ca
+            secret:
+              secretName: client-ca
+      - contains:
+          path: spec.template.spec.containers[0].volumeMounts
+          content:
+            name: client-ca
+            mountPath: /tmp/k8s-webhook-server/client-ca
+            readOnly: true
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ALLOWED_CNS
+            value: kube-apiserver,joe
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/tests/service_test.yaml b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/tests/service_test.yaml
new file mode 100644
index 000000000..03172ad03
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/tests/service_test.yaml
@@ -0,0 +1,18 @@
+suite: Test Service
+templates:
+  - service.yaml
+
+tests:
+  - it: should set webhook default port values
+    asserts:
+      - equal:
+          path: spec.ports[0].targetPort
+          value: 9443
+
+  - it: should set updated target port
+    set:
+      port: 2319
+    asserts:
+      - equal:
+          path: spec.ports[0].targetPort
+          value: 2319
diff --git a/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/values.yaml b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/values.yaml
new file mode 100644
index 000000000..a3e0c7d3d
--- /dev/null
+++ b/charts/rancher-webhook/103.0.14+up0.4.15-rc.3/values.yaml
@@ -0,0 +1,30 @@
+image:
+  repository: rancher/rancher-webhook
+  tag: v0.4.15-rc.3
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  hostNetwork: false
+
+mcm:
+  enabled: true
+
+# tolerations for the webhook deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more info
+tolerations: []
+nodeSelector: {}
+
+## PriorityClassName assigned to deployment.
+priorityClassName: ""
+
+# port assigns which port to use when running rancher-webhook
+port: 9443
+
+# Parameters for authenticating the kube-apiserver.
+auth:
+  # CA for authenticating kube-apiserver client certs. If empty, client connections will not be authenticated.
+  # Must be base64-encoded.
+  clientCA: ""
+  # Allowlist of CNs for kube-apiserver client certs. If empty, any cert signed by the CA provided in clientCA will be accepted.
+  allowedCNs: []
diff --git a/index.yaml b/index.yaml
index 8e9d24d04..ba2c20ef0 100755
--- a/index.yaml
+++ b/index.yaml
@@ -24433,6 +24433,24 @@ entries:
     - assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000.tgz
     version: 2.1.000
   rancher-webhook:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
+      catalog.cattle.io/namespace: cattle-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: rancher-webhook
+    apiVersion: v2
+    appVersion: 0.4.15-rc.3
+    created: "2025-01-14T13:23:09.606536-08:00"
+    description: ValidatingAdmissionWebhook for Rancher types
+    digest: 391d1a7b8543a6d87bd4c92d6bdcd7874a1625d73b640394108680b0a455ceb1
+    name: rancher-webhook
+    urls:
+    - assets/rancher-webhook/rancher-webhook-103.0.14+up0.4.15-rc.3.tgz
+    version: 103.0.14+up0.4.15-rc.3
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"