From 568d6aa8f6fffde7ea549e1af67ce47e18898073 Mon Sep 17 00:00:00 2001
From: Kevin Joiner <kevinjoiner@users.noreply.github.com>
Date: Wed, 22 Jun 2022 13:59:49 -0400
Subject: [PATCH] make charts

---
 .../rancher-webhook-1.0.5+up0.2.6-rc5.tgz     | Bin 0 -> 2548 bytes
 .../1.0.5+up0.2.6-rc5/Chart.yaml              |  16 ++++++
 .../1.0.5+up0.2.6-rc5/charts/capi/Chart.yaml  |   4 ++
 .../charts/capi/templates/service.yaml        |  13 +++++
 .../1.0.5+up0.2.6-rc5/templates/_helpers.tpl  |  22 ++++++++
 .../templates/deployment.yaml                 |  52 ++++++++++++++++++
 .../pre-delete-hook-cluster-role-binding.yaml |  19 +++++++
 .../pre-delete-hook-cluster-role.yaml         |  23 ++++++++
 .../templates/pre-delete-hook-job.yaml        |  36 ++++++++++++
 .../templates/pre-delete-hook-psp.yaml        |  33 +++++++++++
 .../pre-delete-hook-service-account.yaml      |  12 ++++
 .../1.0.5+up0.2.6-rc5/templates/rbac.yaml     |  12 ++++
 .../1.0.5+up0.2.6-rc5/templates/service.yaml  |  13 +++++
 .../templates/serviceaccount.yaml             |   4 ++
 .../1.0.5+up0.2.6-rc5/templates/webhook.yaml  |  19 +++++++
 .../1.0.5+up0.2.6-rc5/values.yaml             |  25 +++++++++
 16 files changed, 303 insertions(+)
 create mode 100644 assets/rancher-webhook/rancher-webhook-1.0.5+up0.2.6-rc5.tgz
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc5/Chart.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc5/charts/capi/Chart.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc5/charts/capi/templates/service.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/_helpers.tpl
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/deployment.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-cluster-role-binding.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-cluster-role.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-job.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-psp.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-service-account.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/rbac.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/service.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/webhook.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc5/values.yaml

diff --git a/assets/rancher-webhook/rancher-webhook-1.0.5+up0.2.6-rc5.tgz b/assets/rancher-webhook/rancher-webhook-1.0.5+up0.2.6-rc5.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..04a1e051633875b770809c41e1258e8bc61c9715
GIT binary patch
literal 2548
zcmV<Q2@CcgiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI{_Z`(K)?z4WyffkEAY-G#VbOr1~CQTPzG#MkA?P5_33R*h0
zIiW}mNjc4C{NEQ6b+atTPV2gp8J!m=yc`};{LYP}B;o!7rE`zdg%Ee$iv^Lo^FTuO
z>R{x$t~(wM(_hzh>%Z>Vz<t#l_D93<Xy~4eU%9<ue>{8z?%_n(PO;KNzH+~Mtop;f
z5F(rlO*9o;c@}_AG+|=i@rl+9J5+Ril$y>c1|DQ<rLoz91_5#pY%OE78=G(vqKb%*
z9+*N$Jt&P~V`HH_V3fz78*3w!A=Sz$TAkig9*BF@*jge(qR>eMD4rr;@fL~b2b78m
z?!mHektizubvyme*pdFo3NS(*AonRM&vL*QJfJ#l<dcYYkdrCHzydIXB!w1$#7HQr
zg?#Y9wygk_FKJ}@eISemL{mOL4??Pv5&vUEf|-zTW5fjg5TUY~MPKHE_Bw87^tU)F
z1>X1l*YUq3EJk%$1+WwU{b3#dqyDJH|1pS$WR6~Ksb-6!TVHPgn#?^|mdgwvWiW{u
zn+Qhz2M^xOu7#dRRLHeu&6$`ImZ=ua(xCth@ZaE!#7y7doGP6`1YjYQzD9j7<edjI
z!W3Fo0;i;B2D73(^ux8{MEO`&B=HS0)VNuf$!nx&dgQx!ioRxPy?NMPr$6WnEbA|z
z1w(0cWeQQfK***B0*sh=2$Aa!+#<q4>qvRsl%M3NQ6-uv5WedAg8LY0)m8oigP2i1
zcW_DlgmG6B%C$py;FP0v)6qg95h$Mtt0IR7AAh#E2=Epe`dUa29#_wK|8@Lp3?oJ~
zs_v%+vIwQ>=;$j|!A|^-`ZfHI$KyeZ|6|bOqXPlXC`YgjDnA7VmY-yXOB<Zk%1Rp2
z8FW4v17UET8`(xY7u_OBxt@XjSJkz@hygN%#Xoi_5AtB+Z>#!5wbk8WWQt4~1|*6$
zEo#oG&M0*<oCIhUTxN_MxWhzwRh^eak)@{8%lak-IGdrbJ+QCEt$}{(DTyfImq6FP
z{52-b-u^rlF;oV4Bg49yDV?VZr{?#+9sd=L_Lbhi4*U<?Ufusc8=STHKMGa7UlK*C
zyX;walm{NXDc-*oq9y^+#4G&UI&M^ieo~vSN@HL{qW#7D6mzBkpb>Qd`LfIURmMw*
zt+Ck31Rxh9p`~DPh(#|alUy@Z@KNYX)Ft1%<htn@ow8@MF042%iT*H6*Swj`1<6@t
zipCVwjQAr^?z1@92Ko;C2An1#iH6rDmzrc%rjRO1(Bi)&WX&ypgJzCvg06WVTjX5R
zkyTO0TScupSB;WZ8x(?$pAgg+Jn^PbR@MOWW%;`EC2{-H`PHPd2y(^!_?VBaGzp{C
z%HHUDd42xF`^!%k=aY9&GN=ZLPw=_AxO$RJ=!Z{nxjw(Tyq%n1T-KSql_IPzbATB|
z7Tn-$y)-MI5WVmU6n2Why=ZHkXgEpUQij|o+=mXVR*#Rxi%dIrO6MC^D{rG(lR2zb
zC&h@(YG+NJY7k;?FswC!>ik7QYPGp8QXjrDKgEKY2&p~z`*1ke=##u?XGh1^XJ=<c
ztx;1~BIZpZRJ9dAn6xr4r>n!Ld-qxu+DV~YqU<I=NkHMF)Opvm%*S)zPx?11x4rWP
zE&Z`*yZ;wSbb>UDcG3mrvsh`AjuZ@?Ddhp>^Zh)-9sXah*RREY{b9d<*7|?Ppqdpf
zQYX2YfizMoeMC7Weuu<*Ate1@YK=R0uhXETa2zkpLb(wPe=y5rw*%>vtIaC>y*2M*
zTPRocE{4YV*K*nb_5xYhQHyTU)AnF(uv)cqk95A!wg-0KZm7;65v5kd_F#%LA#;dG
zOou%+8aeiT!~g^H?~G7}ftA1~v%4gs|CAz*o|sh&U}IAEnL`y%e?i|^6enYGyJiNg
ztya~kO;06npIFr!lTGhj=fzNoz*no*lDsJTGX4L&jKD7aKXmK*zd!D~t^Pj-?W6xU
zHPGG`;bkiR-ZxSFF~dwB=Zar>@DXg1Z~tWxQ*{n)_&M9EP$HH-njT@S(~ZMyN_@d*
zbRHK0x9PG(IW^6V<aJi5{!Z(&87_BBP1CxZ&9Y>{1u<5oVe~obW`5aBHgb(bpwN#c
z)emViiVd7&wfmtO)>+c0wO1MKum67$(=SW}@6iAK(O^*1|L)ni)&EDK=lcIsqWwkb
z>;FqkpR42daVLK_mSAuoOHd@pr^LS#v)OwZQtiQDXX<+|5B<xht4Q=#Gv|Bci#8>Y
zm;g!V3Ai8mTS8eZu}yCuExlc)4R^k+N)p$uKIFbR+)_{M$mZ4?n!K)E7h~%IlCoXy
z4_pYY@v~k}T+5iBtA8t$9=L0X*DxfBp85!OcCy1hEgYg#upNiac>-Q8v@;Vi5B`xJ
zU_0IAWSwqtn_ik@vA_L~RP=4^e{V3X+y9>Hj$8YG40^8pH%70!>`hUV+zXh9;5I|2
z0dX7mm2qEgStCi8l;ONQzSelw%@n?yT&x#N-n}UcN^NI?pO~QsCpSsyIe$1w_u=0s
z=4yL=97PO6<eIQ7B&#;Pij_{An+-Tg_`JH49#ZZ>uh6q0`Ru`XG#ZR7fSEEm%>%KM
zNP-_Zd$<uozoiU~fhwnBZI|DH6SIMT^5XRH_oDsvf94fBS)~6ATd?c=-`K64|LqU@
zXYKjlqtJ8pe-ZiBb`$={LEtwr3%?TuwH^OyUiTpP0CwSjIM_J<+iUlKk3&b;+dbr#
zXTAwVf{^mcF6Y)g&TZ$0))dgD{`u3m4cqab+4}>ifL-_>^amT~|3@wUk3ws(sayKp
z&|U-5`mMeq?#U0=Iq9Ds<j3YTk#p3wvviRZTKIx_@YBVlaz-IPQn!A<xbYzH_ny)h
zMLY5Te0P6?cHzJ0j_dnB{Xu*F|0r}2-@b+1i>2-O&jYM)Z~w=m(dPZXHvT^ft=<25
z;vh;H0+jdGv+L>?)t!;;%A(vSv9hI=`t8M_H@KvDp9zyW49i~jW3tTvKBLIB88N#`
zY;@I=`=yn-Egv9AT@Q1xe%b3*F2kpfDtO+c;=s(z{${ajmF^>1*`=qv^zzr3E(ycU
zSfnx?0Ez~9ncfam9$X8a@X<6x5$jv@1rL-5J@;Fv**gCH1(8~HeG<`weG6n4{@t?;
z|9{wi|Km9H<kv6Uj%!uEXR%zb`QD<pbO3q^|A)#2?2P}%?#BLad;aS<^vw9bdfSYq
z7Xmku>>M$0NO}RS@(mudFW3ADp7dsIL%N`T3vYY+AiGi5CI?z-sil_orvC>30RR6q
KESHA>Pyhf|=n5GC

literal 0
HcmV?d00001

diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc5/Chart.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/Chart.yaml
new file mode 100644
index 000000000..93af4cc25
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/Chart.yaml
@@ -0,0 +1,16 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/release-name: rancher-webhook
+apiVersion: v2
+appVersion: 0.2.6-rc5
+dependencies:
+- condition: capi.enabled
+  name: capi
+  repository: ""
+description: ValidatingAdmissionWebhook for Rancher types
+name: rancher-webhook
+version: 1.0.5+up0.2.6-rc5
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc5/charts/capi/Chart.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/charts/capi/Chart.yaml
new file mode 100644
index 000000000..388210bef
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/charts/capi/Chart.yaml
@@ -0,0 +1,4 @@
+apiVersion: v2
+appVersion: 0.0.0
+name: capi
+version: 0.0.0
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc5/charts/capi/templates/service.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/charts/capi/templates/service.yaml
new file mode 100644
index 000000000..08df65d62
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/charts/capi/templates/service.yaml
@@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: webhook-service
+  annotations:
+    need-a-cert.cattle.io/secret-name: rancher-webhook-tls
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: 8777
+  selector:
+    app: rancher-webhook
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/_helpers.tpl b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/_helpers.tpl
new file mode 100644
index 000000000..c37a65c6f
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "rancher-webhook.labels" -}}
+app: rancher-webhook
+{{- end }}
+
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/deployment.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/deployment.yaml
new file mode 100644
index 000000000..a8554d605
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/deployment.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rancher-webhook
+spec:
+  selector:
+    matchLabels:
+      app: rancher-webhook
+  template:
+    metadata:
+      labels:
+        app: rancher-webhook
+    spec:
+      volumes:
+      - name: tls
+        secret:
+          secretName: rancher-webhook-tls
+      {{- if .Values.global.hostNetwork }}
+      hostNetwork: true
+      {{- end }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
+      {{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 6 }}
+      {{- end }}
+      containers:
+      - env:
+        - name: STAMP
+          value: "{{.Values.stamp}}"
+        - name: ENABLE_CAPI
+          value: "{{.Values.capi.enabled}}"
+        - name: ENABLE_MCM
+          value: "{{.Values.mcm.enabled}}"
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: rancher-webhook
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+        ports:
+        - name: https
+          containerPort: 9443
+        - name: capi-https
+          containerPort: 8777
+        volumeMounts:
+        - name: tls
+          mountPath: /tmp/k8s-webhook-server/serving-certs
+      serviceAccountName: rancher-webhook
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-cluster-role-binding.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-cluster-role-binding.yaml
new file mode 100644
index 000000000..ca439ff48
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-cluster-role-binding.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-webhook-pre-delete
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "2"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rancher-webhook-pre-delete
+subjects:
+  - kind: ServiceAccount
+    name: rancher-webhook-pre-delete
+    namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-cluster-role.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-cluster-role.yaml
new file mode 100644
index 000000000..36a1c7fef
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-cluster-role.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.preDelete.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rancher-webhook-pre-delete
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+rules:
+  - apiGroups: [ "admissionregistration.k8s.io" ]
+    resources: [ "mutatingwebhookconfigurations" ]
+    verbs: [ "delete" ]
+    resourceNames: [ "rancher.cattle.io" ]
+  - apiGroups: [ "" ]
+    resources: [ "serviceaccounts" ]
+    verbs: [ "get" ]
+  - apiGroups: [ "policy" ]
+    resources: [ "podsecuritypolicies" ]
+    verbs: [ "use" ]
+    resourceNames: [ "rancher-webhook-pre-delete" ]
+{{- end }}
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-job.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-job.yaml
new file mode 100644
index 000000000..81f306b86
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-job.yaml
@@ -0,0 +1,36 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: rancher-webhook-pre-delete
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "3"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  backoffLimit: 3
+  template:
+    metadata:
+      name: rancher-webhook-pre-delete
+      labels: {{ include "rancher-webhook.labels" . | nindent 8 }}
+    spec:
+      serviceAccountName: rancher-webhook-pre-delete
+      restartPolicy: OnFailure
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
+      {{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 6 }}
+      {{- end }}
+      containers:
+        - name: rancher-webhook-pre-delete
+          image: "{{ include "system_default_registry" . }}{{ .Values.preDelete.image.repository }}:{{ .Values.preDelete.image.tag }}"
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            runAsUser: 0
+          command: [ "kubectl", "delete", "--ignore-not-found=true", "mutatingwebhookconfigurations", "rancher.cattle.io" ]
+{{- end }}
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-psp.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-psp.yaml
new file mode 100644
index 000000000..8acf758d0
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-psp.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: rancher-webhook-pre-delete
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+spec:
+  privileged: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  volumes:
+    - 'secret'
+{{- end }}
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-service-account.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-service-account.yaml
new file mode 100644
index 000000000..93e215394
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/pre-delete-hook-service-account.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook-pre-delete
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+{{- end }}
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/rbac.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/rbac.yaml
new file mode 100644
index 000000000..9afaae6c6
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/rbac.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-webhook
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: rancher-webhook
+  namespace: {{.Release.Namespace}}
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/service.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/service.yaml
new file mode 100644
index 000000000..74a8a9e5a
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/service.yaml
@@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: rancher-webhook
+  namespace: cattle-system
+spec:
+  ports:
+  - port: 443
+    targetPort: 9443
+    protocol: TCP
+    name: https
+  selector:
+    app: rancher-webhook
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/serviceaccount.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/serviceaccount.yaml
new file mode 100644
index 000000000..f9251b418
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/webhook.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/webhook.yaml
new file mode 100644
index 000000000..4f95ae896
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/templates/webhook.yaml
@@ -0,0 +1,19 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: rancher.cattle.io
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: rancher-webhook
+      namespace: cattle-system
+      path: /v1/webhook/validation
+      port: 443
+  failurePolicy: Ignore
+  matchPolicy: Equivalent
+  name: rancher.cattle.io
+  sideEffects: None
+  timeoutSeconds: 10
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc5/values.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/values.yaml
new file mode 100644
index 000000000..7f088e801
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc5/values.yaml
@@ -0,0 +1,25 @@
+image:
+  repository: rancher/rancher-webhook
+  tag: v0.2.6-rc5
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  hostNetwork: false
+
+capi:
+  enabled: false
+
+mcm:
+  enabled: true
+
+preDelete:
+  enabled: true
+  image:
+    repository: rancher/kubectl
+    tag: v1.23.3
+
+# tolerations for the webhook deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more info
+tolerations: []
+nodeSelector: {}
\ No newline at end of file