From c224d488e283d5d15c16898ebd570c42f40da3e2 Mon Sep 17 00:00:00 2001
From: Arvind Iyengar <arvind.iyengar@rancher.com>
Date: Thu, 21 Sep 2023 11:37:51 -0700
Subject: [PATCH 1/2] Create 3.x.x release line for rancher-windows-gmsa

---
 packages/rancher-windows-gmsa/package.yaml | 3 +--
 release.yaml                               | 4 ++++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/packages/rancher-windows-gmsa/package.yaml b/packages/rancher-windows-gmsa/package.yaml
index 05dd818f4..701bd3dc7 100644
--- a/packages/rancher-windows-gmsa/package.yaml
+++ b/packages/rancher-windows-gmsa/package.yaml
@@ -1,9 +1,8 @@
 url: local
-version: 2.0.0
+version: 3.0.0
 additionalCharts:
   - workingDir: charts-crd
     crdOptions:
       templateDirectory: crd-template
       crdDirectory: templates
       addCRDValidationToMainChart: true
-doNotRelease: true 
diff --git a/release.yaml b/release.yaml
index 0db878d25..4a79009d4 100644
--- a/release.yaml
+++ b/release.yaml
@@ -78,3 +78,7 @@ rancher-logging:
   - 103.0.0+up3.17.10
 rancher-logging-crd:
   - 103.0.0+up3.17.10
+rancher-windows-gmsa:
+  - 3.0.0
+rancher-windows-gmsa-crd:
+  - 3.0.0

From 87f57132673d5e4108e676c405a241f7c4dcf64b Mon Sep 17 00:00:00 2001
From: Arvind Iyengar <arvind.iyengar@rancher.com>
Date: Thu, 21 Sep 2023 11:40:56 -0700
Subject: [PATCH 2/2] make charts

---
 .../rancher-windows-gmsa-crd-3.0.0.tgz        | Bin 0 -> 907 bytes
 .../rancher-windows-gmsa-3.0.0.tgz            | Bin 0 -> 4497 bytes
 .../rancher-windows-gmsa-crd/3.0.0/Chart.yaml |  10 ++
 .../3.0.0/templates/crds.yaml                 | 119 ++++++++++++++++++
 charts/rancher-windows-gmsa/3.0.0/Chart.yaml  |  29 +++++
 .../rancher-windows-gmsa/3.0.0/app-readme.md  |   9 ++
 .../rancher-windows-gmsa/3.0.0/questions.yaml |  53 ++++++++
 .../3.0.0/templates/_helpers.tpl              |  48 +++++++
 .../3.0.0/templates/clusterrole.yaml          |  16 +++
 .../3.0.0/templates/clusterrolebinding.yaml   |  15 +++
 .../3.0.0/templates/credentialspec.yaml       |  24 ++++
 .../3.0.0/templates/deployment.yaml           |  68 ++++++++++
 .../3.0.0/templates/issuer.yaml               |  26 ++++
 .../3.0.0/templates/mutatingwebhook.yaml      |  34 +++++
 .../3.0.0/templates/networkpolicy.yaml        |  16 +++
 .../3.0.0/templates/service.yaml              |  13 ++
 .../3.0.0/templates/serviceaccount.yaml       |   8 ++
 .../3.0.0/templates/validate-install-crd.yaml |  14 +++
 .../3.0.0/templates/validatingwebhook.yaml    |  34 +++++
 charts/rancher-windows-gmsa/3.0.0/values.yaml |  42 +++++++
 index.yaml                                    |  47 +++++++
 21 files changed, 625 insertions(+)
 create mode 100644 assets/rancher-windows-gmsa-crd/rancher-windows-gmsa-crd-3.0.0.tgz
 create mode 100644 assets/rancher-windows-gmsa/rancher-windows-gmsa-3.0.0.tgz
 create mode 100644 charts/rancher-windows-gmsa-crd/3.0.0/Chart.yaml
 create mode 100644 charts/rancher-windows-gmsa-crd/3.0.0/templates/crds.yaml
 create mode 100644 charts/rancher-windows-gmsa/3.0.0/Chart.yaml
 create mode 100644 charts/rancher-windows-gmsa/3.0.0/app-readme.md
 create mode 100644 charts/rancher-windows-gmsa/3.0.0/questions.yaml
 create mode 100644 charts/rancher-windows-gmsa/3.0.0/templates/_helpers.tpl
 create mode 100644 charts/rancher-windows-gmsa/3.0.0/templates/clusterrole.yaml
 create mode 100644 charts/rancher-windows-gmsa/3.0.0/templates/clusterrolebinding.yaml
 create mode 100644 charts/rancher-windows-gmsa/3.0.0/templates/credentialspec.yaml
 create mode 100644 charts/rancher-windows-gmsa/3.0.0/templates/deployment.yaml
 create mode 100644 charts/rancher-windows-gmsa/3.0.0/templates/issuer.yaml
 create mode 100644 charts/rancher-windows-gmsa/3.0.0/templates/mutatingwebhook.yaml
 create mode 100644 charts/rancher-windows-gmsa/3.0.0/templates/networkpolicy.yaml
 create mode 100644 charts/rancher-windows-gmsa/3.0.0/templates/service.yaml
 create mode 100644 charts/rancher-windows-gmsa/3.0.0/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-windows-gmsa/3.0.0/templates/validate-install-crd.yaml
 create mode 100644 charts/rancher-windows-gmsa/3.0.0/templates/validatingwebhook.yaml
 create mode 100644 charts/rancher-windows-gmsa/3.0.0/values.yaml

diff --git a/assets/rancher-windows-gmsa-crd/rancher-windows-gmsa-crd-3.0.0.tgz b/assets/rancher-windows-gmsa-crd/rancher-windows-gmsa-crd-3.0.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..708bb3817df8fa0d66e744126d3dc176bb5132be
GIT binary patch
literal 907
zcmV;619bc!iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI-XZsRr+_O$@N1L1q?@W-+D*IjA@X$mA*tlRDNgc?h1B$D8a
zy!G1`v@IugeA=i7ETHd3AU&KJ&glc~K+6K%@SD<^`9{OMA{a`SMbiQthbyScUR%U*
z9FIq%^*4^=!*6_>jC#rFHoi&X@pzQ<;^cNR8TUlo+VT~siNW>a*0v5W_k#emHVmwc
zrZf;j0z+x?Py%y_p)!#~$7-Q4OU1TUj*1m3%TT9cz^=x@Q4tLlk_CyW*lg|>9j%D5
zI(pJ!i9k5?8g_2HE7<_7`ihQ}(WzJ_L53uqvb<hDXksW!5?r8|ewmS27$<(;s1Wy$
z^Sdy(pq^J2QvueNO0FXoEE{V#VI0Q6f1S&Z;AH<ZR<;C2ilob^)gZXg|C7=G;)DL5
zj3-Ig|NjQw_6%5se==&nqVVMt`QBS5{oqCEEEUt5*i>JTOzkAjaG|vFZO{)YWXOOa
z?FT|^y2#g&beN%L1tnRO6mDy5tJ%xGoj!go!~m=sg0;>pF$-VnXLK4F{eeL$1_iUF
zG>US?Mg1H~Q$?>b5$Xc8#0oW2#11j4fEZo$f|epuc~j=m_|yOQN`BA}ypL-qa%XCr
ziuc}b+r4phxV`E!fzlR`Y<7hpbW1-j{UqG&v2l=NDi%=EZZ|{gPy)Y`mIYRjHcKIl
zMSb`A;p@%(@E0LAW63=Kfs)_uTW74F-AH@lLin`oF8daH1JjR0G2LZQ%q_~p1E)-%
zHScjJSuJs<97;BBH8pyn@*{HRO<XkNaqqMF2pV$C=IEA6;+>SH)_m$jV-%c&)hQ9h
zSe;gI+3zd8-{8sD**Ss69<ft8KPNet#<th>vmxF_@l5W-m2tQ#3ZKh5SNi_9huK;0
zuZzP**@Lz<{~g+lV|XrcD)VNReq8CaqK$XQgK?oW&z0qQyE9XP(!Us`|H*EgX*yfX
zmjgc2^s7T`spY;_S&QS3APc3NLDJHfC*+@$X&aaMcU|a}yRKrbj+{DjI)#p$I&#`O
z+>uj9P6zlNa*{?b_X?HR0b{;O#goz4JTaRjZr-Mz5MKG<l@4rKJ1CDnN4)^82acGQ
hwSOk|gZ>ZsA5Mo39Xfmje+2*l|Nqr&H;e!p001SuzU2S_

literal 0
HcmV?d00001

diff --git a/assets/rancher-windows-gmsa/rancher-windows-gmsa-3.0.0.tgz b/assets/rancher-windows-gmsa/rancher-windows-gmsa-3.0.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..9252a344a19401695a6bbc7fae4148482f156b47
GIT binary patch
literal 4497
zcmV;C5pM1uiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKBxZ{xO>c>nzcnD20)w3wtfmSyMFpLe_1)Jc1@?W94Rwzw#Y
zfR>JJHnOOalr!GxeD?((lBtJdkCSHFTl0^ZL_9n^e4RHLPLgnfy!Aknh&_nbcq&M{
zKOtQDb25!Td5#hUL2z<(r2h|sp!$F3G&uUCb95XWc7l_Wqs}Km=eT>={RDz%>3v1X
zge3fv;K_Ye2lp2#BuSVglCnhfb^t;mNzBH6NTiI>r>spf$yziKlEiTjnzl<T<k6Q?
zBEv}|f)Kf+BZ^Vcx)Cg*B8|zsm5?d+;3tD0zIih^YXrx)DRMf+M3T4%p5z&Njez&r
z5L+|kg0iFsum9^y==j}^AG8AaPxa%G`tfyRQ$>nMNr*i#AIrlQb0Kls*pi7JSlGt;
z6#0}&(Nb_RO|rKKk3w@cqY;YMc*YC7{{0uir_5KRgd8JGBqgy(F%<1trx8!Sc%|9s
z`d`?|==%SE`CM>}kqETQ)3gnCNJ@XqG0(a?Bu$H71OLzub|MrZr>WGR+!cmCOGb2@
zalH|DXs7@tQl_HUZik8)3Ey_9x1<m#MLT9=CfY6uzL<@7?s5LWcqDo|t-O=PPi8~4
z^8e04NoNS>lw&9vpYKcwO(dZSa@`)MgvLGil}su6>4e5HO~rqUOrRe!we)5>ZtT8(
zWO4+{c!(NlKCm&BlWeFE=}pQLlqgz)j?07Ek@FOLK+-g(p_!m!0T2Da4|bk%{u}xK
zjKmp=XA=M`_<#4XdtBxJN2kG-|Gz}B+&Lr?Memh5`pD%Ql8`ZS{X4)eTqI-|qppIf
zsRNow9Ge5{L*K0t6PCph3=v4okwkN_;sYZf666Ho{tE$NoC%5C^ntpEs0WIXn@`0i
z_dNAs7cNJdf>r|sKm|lpXdDNSr7<Is1{M$zNnkG|e#qqk$XKW!fFzOr`5x!{K!hep
zV8~HkktqUAG?|3}Py{ThdtmrK@)`1$>gLtXtDOZC*7H^yQN$E;`5#6T!|m+sMu{*u
zJr7{_{AvK_8W7ai0_2t>7GPB<xM55h&~Zj1i|U&nF3-)!DG4Vu!Lu-ASt1u`eh|pj
z5P^;Ka5XC?2FkQdP<}<3OW@VT?N^uIHxMao$Gd~ebA?bLQ`17HWQ=;O98)H!VzUL0
zY)>iYjANwOo@GIju~@Y3zpzsF0f!UD?iB(_#yyy6S)zW`n6I-qzGg8E=RLR_T`_sh
zQDCB1WE``hT@541?35e9eU2lN#qtKnR7gdW*=LFshcdRHO*C5w17K+C_}#95V!ou0
zP_(-X0}L}x<-E@liEkxLSR4sRS=5SghOydax*mv>oDMUILhsg)O{Xk@kXiWz0;QzM
zSoj(($I(J$F2sq}tXL@8l8AfJ4y~NUmg=y;)y_NBpYW}0E1a)(QWjOnH4B*~XX1(_
zYTNZ-L}G#Fg!VJeF_H27066}ZQH~Kvrr^~X<BUm&GE|>Z#w84C647J~4^&R<i7QC*
zi;mPT?LqKrM^s3Gckk7lN){ux8Z7+$i~97jnd)DtG|GR8(==8Rp?x>OI7KdenQpEM
ztdRf5L2y`+|EDM2&Q|`vMA^-iS9NaQy=y^)Bbp$1hDqK<hD+XY%O*W&y?<{Y=?MHE
zjizWgZEh|!^4CSXl+#3x!23+Jz0ELS5;gpyer<maeU3yTXtO~}aLqogHlg@XCNP5G
z-0&L>6_X*xK78KJapsetjS3CJab$<Cf9=7$ci<a8i59`{-?tWDtla~@EBO(V5W)M0
z2i~0rF3}Fn=O~p$m>?{SC>SwbR(R_4xz#>NsU4-I6hOg#s(>uakI13-C4fj{D#7y?
z^Y7|`zM}*B`NTOG=?EByJ-<&<GNdt;6or3weQ607{y&MR&_-E%*75dXPp!q?Si)Y6
zNtHDJF4%`)ANKG!*rSPTtnci@-WZqEcU1d*J+rPgS|=qR3dRCA9?uXZd7eQ9D+bj$
zS!-09pl2BxiPH(`zRcJ<YmLoNwBg`#OvY!DV|%`}i{<l-ue^94u#GJ{sj`+br&yeC
zGR%@FM$cj8`4sHMjNNA`czj4gpJZ~vIQ?H^=M~fEf!8<Y+YO7+Q+mJW?e9adV9TEx
zdr7gI0;O&^(BD1qZ;VSx^G|JMH8Z1y-L+qmJ#oHf24EjLi|RuA+{=Yc{|vs;W43l2
zy#7qQR(4)t<C!nhOh~}DRLCW~(XkTiBiL6nv5-t^5nYlKCSh+v#J4yv=EqY8s<;0f
zv{L~%P38O<D0c;{J!TEW``WnnjB%~j{}CW-d9ML=k8=g}T#IQ<3UFNj_c%W&d;n^a
z{sTrVQ@>9TMl6omgECC+aV~OSfa$3RpNUPTw=~R0=DPID7-jQJLw$!`UJWj8ZtwaR
zH@BBxU-r*#FYdm+`Tot_;G%zXal51^!zMnq3c4*Hv8=HFtdowj7&mtZudx4u)6-7b
z{_6(EhsRs{?<LBvW^OlMo%KO2GRTQ_(OSP7B#4m!$$GDLb^$&IjwCXk!Y~t(O@X70
zZCHSCg5f=s6bIE_nO(M>;^jI}^=jvyCQ%O@U81b<Jf?%Z+L@vxiZ5!Xl!?748_Z?C
zV5}Bx;0aw#lQ7Prx^3sf?~u?W!bHN6ZpO3N`ovqxEc=GDEEPTY*(*ojykBxxVIJdw
zpS^~tTn;xwJ~S{Wy#w$vfu^d`OVh9$`-)jeVv!Ah#ZZzkL?JlNC_dDC47F+OxjwS>
z&%gE7ZNLUro&S^LpmP4Z!O79~{J%um)m~V0><t58?(u&uKp>yd5Ep@g+L`^z?2JFr
z(Y2=`KfQ+Hff>kIDZueq*8oliKo!QQb(&AG7;kW-`)c54D>})~{3A2=M=EKn&VPxA
zZKwjQivM<kZsq)UI!9ai|01R0$X%?rZv&XdVsKA(S^VkaY_`3U?)?J6AjNR$L9cgL
z4UhWus3rUkF?&G%6waV}R9jioW70p0?2l4hRv${^1dYm^Ls$sKS+1ToqQqr3stiJw
zu8+_O&pKE>HdQvFZ87wx;yTX8G|8u}Rh@SA`Mfzeex3)%H|koqUqsF~Me>b~sju65
zoYAOg`lccB{)GLXqrGy&@=w_;gAW;*pk*gxYwJGv>z5VsKf*L-^C>1zNe5mb|Bt#y
zRrwzr9-VIG|4S5Cu#+?ujyOLr*1jUf-JD^YQG;Q~rm3H&X!tss;g|DJQWo`qXNja!
zY}>f<O7(ax4SZ88A=d*q>fB1vgO17cinV0w<>^y0oP1|G$Yml))1@TmrzdajPMs=o
z8P(&+017Hqsi<r91RY0i*YjoGfn@(8)A+IWi%I&z!R304bL_58boIC$1wck4nov1+
zhMlko&+4C{aQL5RoF?NzIKe23X)?YXC#?8<@fO2OrxLqO4c38Oz+2=~QK?r7h+ff)
zw<$*<oLyW6yT^GC%6piJCQtyDA}4Cgz-7`5VRC94dosQ0JaBiuAE=xZE9GQ4IkW2K
zJ}oe-#`!|8y`Dwpm5Zsh%0M>7<oN0RW%vFg`6E8OfA44<x~;#+vxE2Vd$npw#!X$i
z$$zyr6^KfEjwGT93USTZ5G%_vkuv=TWo@xUI6*ZX|Gd4u9#kt+A}2j)PmsiNQmbTK
z_TcE~(5+A(t2?5#ScvPUHWdaSmY#lCj{{T@EVfIhTftV}Gpfv3oK5jf*)S^a9vRn8
z%~Zi(>lyRfD8sf8al7$yiFHJIRSaqYzfa=1n=)()CbK1k+<rH>`}X2rRaE+D_FyeK
z+BST+yo3JD?UOqQxy*5x`E5Fsm1(sB%5vXs(z2`OF9}?hmll9ZY-FICGd9iy6enRx
zwbR%cWmDtO<W+xc4e8&ztkD0d5E=3(-UL~p|91|LtM@-nkAuUl{{IrC>i=7o23Yb2
zmIVFM97JEU6YCLQ;QbKi|BGn<*59-6Pc;zZFYDeHvvAXPzKyQ=I)bOKH0a}&2NUve
z!lnMYM!;eNZr^IPHd)V{q(9kG3XDesI!-V$w*$7Ws#RqL|DR^c&`-uzIoV7Qtcw2x
zC&$(J&*ACT|MMcH<o}7LR2#(BSgS>C&Dnor_ry<TPn7QNeh5eSP|;)Kr8VbMH7%AV
zzhWp`A!&^`n=WTJ?MLWZ*f|?9Bzs))__LXYVtR8`-!I=?rejeAeD%0uiis@6LkhQx
z>qc2^p_h1XeJ)(k)Y@eF;G<XZJL$yDbr)>k^)3*Tuvu{uG-oASNwetLwK^ABIY#Ij
z&x^hN<@Ika&TcRA#1{Z4=hRdx@<ee}^|@PD%CAXTRHV|32#qt2xzpimLhU`kVsUSD
z?v0Ci*6|L&%dZPqM1n?mF&gP41-N2~wP1H4V##Z%ugtLoK7Ds}_U2-6eb&FIW+V*C
zPD*&psby`h>V3+*ESy(YOqTsu)@ubn=eKLO_v`+>$_n|PpnPEbKGpkuQ!{W?{?}3W
zw3h!7Z14ZQNO9%AU2K|+7ee34{3}ys_})Us7b4!ed0Qlo*@OCbJ&k`e`D*n29RMA^
zuxt?CDQq+uEB@EhVpo5`>IbuzZ|5o6ua~Bc{`tcE`1j#(E6%@FH=gDIT6z9E4flVy
z{+|~qrAK=T72hU2{psv`H)7JN2UR5DW0a-1NhOxMJk<I()oRu||2FsckIDZGYVZGa
zJKbRW{@aU`U3<B$l;f?ho;z9K<^0bYn<z4>{~X-nZ+en9D=W_bjKnk|67v@TTOp4=
zm<z0m|J40|-OlOu{J%)qefI0$JG<uD33H*g_a#I$lum^}nOAzXRC03*zFp5G_sly(
z4jxXDF~ZWz{|+P_L4MiT^t&h7KysRl!QZ!V|F1$?2}JVD?b${Y8h<lXeR_8QpXyuW
zLd}51S)ynUe=9)r&`OjPcb>hQ{HOlSxd6fuw4*5*`*5w9X8yXGeLsnF6e%+gEA?;A
z?F%PE95G&isyaEL!c_X6y^s9(@SI;h_NLvIXDjRR|EEQOR>glhK~4WV+1~$qnX*Cr
z=f`4CY$HH_$q3MLeY+e3%9X#rY82=IydSR5xACBDJZM{%l}7nb(zL~qL{s#q(bM}_
z<^MT8I<3C{d~$TMmH#hMcFPa3pXF=|e#-g6tDW1zQ~>jWgjhTm+`l<LfQ6}MURA1L
z@!@uYz(yk)QW8VN!c0HiuitLg?=WSOaY|wVAxU6}_Bp1XC&=-ay$^gbec!il?Ot=#
zhLoTZh5A;1@!h<9AhJ}umd&kSu-ATb{}$vIe>H-~VHC)>1#S9e;Lbn(#2m8m{Qs7r
z(8Bb2o`7F*{*Qv{`#+tN?l%7OGNo8*tEkQhr%JH*p#BtqQ3PzL*S&X9{=*IvloRA2
zndKHhEUPFG!ovg;*BPPfe{wYut#q%2%)pyJk}zZ}Mq)LVv3XX*bNbbuB&%>u*u$O3
zhWP~C(UChOr^eMY8>eTDtJ@15$_~tMTkCEwLzHH7^&9Pr(F^Uca<x|DIx1h0S$7cQ
zj7D{`i$~>al&Y$n${JJrBMB7^bPkr1IapBXuE8HmqD?Wck=gj%e~siTXZ;Oopowbx
zhZCJYp3q3Rs<hNEA^e6h`vmjLQ|~-?P@_KoBL<JnxdT#!!%QdshZ9~RdWFHf9+&+=
zVEJ)q$zY6$GTgA#MLm}19_NM@ASaw<<4FnqY9{M+`51>S{#w8~EVlXHg1cgNlI+;Z
zf0CndUG+spAh38sbi~;dNMas+Rl>+TP+PqFsW!mkT~XrbzPS@8Z&7+~RKFdX&wc-_
zG{g4Kk?bGn%G>V-<yw3BZQnjoYC%#?XR7)h=LSUo?Gnk9w(LG>o>NuZ^@|~Yt%iJ2
j9`A>4>W{6sY|FN6%eHLGlgj@E00960sctVw0CWHV!out$

literal 0
HcmV?d00001

diff --git a/charts/rancher-windows-gmsa-crd/3.0.0/Chart.yaml b/charts/rancher-windows-gmsa-crd/3.0.0/Chart.yaml
new file mode 100644
index 000000000..3478358ca
--- /dev/null
+++ b/charts/rancher-windows-gmsa-crd/3.0.0/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-windows-gmsa-system
+  catalog.cattle.io/release-name: rancher-windows-gmsa-crd
+apiVersion: v1
+description: Installs the CRDs for Windows GMSA.
+name: rancher-windows-gmsa-crd
+type: application
+version: 3.0.0
diff --git a/charts/rancher-windows-gmsa-crd/3.0.0/templates/crds.yaml b/charts/rancher-windows-gmsa-crd/3.0.0/templates/crds.yaml
new file mode 100644
index 000000000..de31c4561
--- /dev/null
+++ b/charts/rancher-windows-gmsa-crd/3.0.0/templates/crds.yaml
@@ -0,0 +1,119 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gmsacredentialspecs.windows.k8s.io
+  annotations:
+    "api-approved.kubernetes.io": "https://github.com/kubernetes/enhancements/tree/master/keps/sig-windows/689-windows-gmsa"
+spec:
+  group: windows.k8s.io
+  versions:
+    - name: v1alpha1
+      served: true
+      storage: false
+      deprecated: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            credspec:
+              description: GMSA Credential Spec
+              type: object
+              properties:
+                ActiveDirectoryConfig:
+                  type: object
+                  properties:
+                    GroupManagedServiceAccounts:
+                      type: array
+                      items:
+                        type: object
+                        properties:
+                          Name:
+                            type: string
+                          Scope:
+                            type: string
+                    HostAccountConfig:
+                      type: object
+                      properties:
+                        PluginGUID:
+                          type: string
+                        PluginInput:
+                          type: string
+                        PortableCcgVersion:
+                          type: string
+                CmsPlugins:
+                  type: array
+                  items:
+                    type: string
+                DomainJoinConfig:
+                  type: object
+                  properties:
+                    DnsName:
+                      type: string
+                    DnsTreeName:
+                      type: string
+                    Guid:
+                      type: string
+                    MachineAccountName:
+                      type: string
+                    NetBiosName:
+                      type: string
+                    Sid:
+                      type: string
+    - name: v1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            credspec:
+              description: GMSA Credential Spec
+              type: object
+              properties:
+                ActiveDirectoryConfig:
+                  type: object
+                  properties:
+                    GroupManagedServiceAccounts:
+                      type: array
+                      items:
+                        type: object
+                        properties:
+                          Name:
+                            type: string
+                          Scope:
+                            type: string
+                    HostAccountConfig:
+                      type: object
+                      properties:
+                        PluginGUID:
+                          type: string
+                        PluginInput:
+                          type: string
+                        PortableCcgVersion:
+                          type: string
+                CmsPlugins:
+                  type: array
+                  items:
+                    type: string
+                DomainJoinConfig:
+                  type: object
+                  properties:
+                    DnsName:
+                      type: string
+                    DnsTreeName:
+                      type: string
+                    Guid:
+                      type: string
+                    MachineAccountName:
+                      type: string
+                    NetBiosName:
+                      type: string
+                    Sid:
+                      type: string
+  conversion:
+    strategy: None
+  names:
+    kind: GMSACredentialSpec
+    plural: gmsacredentialspecs
+  scope: Cluster
+
diff --git a/charts/rancher-windows-gmsa/3.0.0/Chart.yaml b/charts/rancher-windows-gmsa/3.0.0/Chart.yaml
new file mode 100644
index 000000000..52c25c8ce
--- /dev/null
+++ b/charts/rancher-windows-gmsa/3.0.0/Chart.yaml
@@ -0,0 +1,29 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-windows-gmsa-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Windows GMSA
+  catalog.cattle.io/experimental: "true"
+  catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.24.0-0'
+  catalog.cattle.io/namespace: cattle-windows-gmsa-system
+  catalog.cattle.io/os: windows
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: windows.k8s.io.gmsacredentialspecs/v1
+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+  catalog.cattle.io/release-name: rancher-windows-gmsa
+apiVersion: v2
+appVersion: 0.3.0
+description: Windows GMSA Configuration
+icon: https://charts.rancher.io/assets/logos/windows-gmsa.svg
+keywords:
+- Windows
+- Windows GMSA
+- GMSA
+- Active Directory
+maintainers:
+- email: jamie.phillips@suse.com
+  name: Rancher
+name: rancher-windows-gmsa
+sources:
+- https://github.com/kubernetes-sigs/windows-gmsa
+type: application
+version: 3.0.0
diff --git a/charts/rancher-windows-gmsa/3.0.0/app-readme.md b/charts/rancher-windows-gmsa/3.0.0/app-readme.md
new file mode 100644
index 000000000..b6a21b135
--- /dev/null
+++ b/charts/rancher-windows-gmsa/3.0.0/app-readme.md
@@ -0,0 +1,9 @@
+# Windows GMSA Admission Webhook
+
+This chart creates the GMSA CRD, Credential, and Admission Webhook. The official documentation and tutorials can be found [here](https://github.com/kubernetes-sigs/windows-gmsa).
+
+## Prerequisites
+
+- Active Directory that supports Group Managed Service Accounts
+- A Group Managed Service Account
+- Kubernetes v1.21+
diff --git a/charts/rancher-windows-gmsa/3.0.0/questions.yaml b/charts/rancher-windows-gmsa/3.0.0/questions.yaml
new file mode 100644
index 000000000..70f16989e
--- /dev/null
+++ b/charts/rancher-windows-gmsa/3.0.0/questions.yaml
@@ -0,0 +1,53 @@
+questions:
+  - variable: credential.enabled
+    default: true
+    description: Whether to create a GMSA Credential when installing GMSA Webhook
+    label: Whether to create a GMSA Credential
+    type: boolean
+    group: "Credential Spec"
+    show_subquestion_if: true
+    subquestions:
+      - variable: credential.domainJoinConfig.machineAccountName
+        label: GMSA Account Name
+        description: Username of the GMSA account
+        type: string
+        required: true
+      - variable: credential.domainJoinConfig.guid
+        label: GUID
+        description: GUID of the Service Account
+        type: string
+        required: true
+      - variable: credential.domainJoinConfig.sid
+        label: SID
+        description: SID of the GMSA Account
+        type: string
+        required: true
+      - variable: credential.domainJoinConfig.dnsName
+        label: DNS Domain Name
+        description: Name of the domain in DNS
+        type: string
+        required: true
+      - variable: credential.domainJoinConfig.dnsTreeName
+        label: DNS Tree Domain
+        description: Root name of the domain in DNS
+        type: string
+        required: true
+      - variable: credential.domainJoinConfig.netBiosName
+        label: NETBIOS Name
+        description: NETBIOS Name for the domain.
+        type: string
+        required: true
+  - variable: certificates.certManager.enabled
+    default: true
+    description: Use cert-manager to generate certificates for the webhook
+    label: Generate certificate through cert-manager
+    type: boolean
+    group: "Certificates"
+    show_subquestion_if: false
+    subquestions:
+      - variable: certificates.secretName
+        default: webhook-server-cert
+        description: Mount a CA Bundle from an existing Secret in the same namespace as the GMSA webhook. Secret must contain keys for the CA certificate (ca.crt), the TLS certificate (tls.crt), and the TLS private key (tls.key) to be used by the webhook.
+        label: CA Bundle From Existing Secret
+        type: string
+        required: true
diff --git a/charts/rancher-windows-gmsa/3.0.0/templates/_helpers.tpl b/charts/rancher-windows-gmsa/3.0.0/templates/_helpers.tpl
new file mode 100644
index 000000000..61576a7c8
--- /dev/null
+++ b/charts/rancher-windows-gmsa/3.0.0/templates/_helpers.tpl
@@ -0,0 +1,48 @@
+# Rancher
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Create chart name and version as used by the chart label. */}}
+{{- define "gmsa.chartref" -}}
+chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+{{- end }}
+
+{{/* Determine apiVersion for cert-manager */}}
+{{- define "cert-manager.apiversion" -}}
+  {{- $certmanagerVer :=  split "." .Values.certificates.certManager.version -}}
+  {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }}
+apiVersion: cert-manager.io/v1
+  {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }}
+apiVersion: cert-manager.io/v1beta1
+  {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }}
+apiVersion: cert-manager.io/v1alpha2
+  {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }}
+apiVersion: cert-manager.io/v1alpha1
+  {{- else }}
+apiVersion: cert-manager.io/v1
+  {{- end }}
+{{- end }}
+
+{{- define "certificates.cabundle"}}
+{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.certificates.secretName) -}}
+{{- if lt (len $secret) 1 -}}
+{{- required (printf "CA Bundle secret '%s' in namespace '%s' must exist" .Values.certificates.secretName .Release.Namespace) "" -}}
+{{- else -}}
+{{- if not (hasKey $secret "data") -}}
+{{- required (printf "CA Bundle secret '%s' in namespace '%s' is empty" .Values.certificates.secretName .Release.Namespace) "" -}}
+{{- end -}}
+{{- if or (not (hasKey $secret.data "ca.crt")) (not (hasKey $secret.data "tls.crt")) (not (hasKey $secret.data "tls.key")) -}}
+{{- required (printf "CA Bundle secret '%s' in namespace '%s' must contain ca.crt, tls.key, and tls.cert; found the following keys in the secret: %s" .Values.certificates.secretName .Release.Namespace $secret.data) "" -}}
+{{- end -}}
+{{- end -}}
+{{- get $secret.data "ca.crt" }}
+{{- else -}}
+INSERT_CERTIFICATE_FROM_SECRET
+{{- end -}}
+{{- end }}
+
diff --git a/charts/rancher-windows-gmsa/3.0.0/templates/clusterrole.yaml b/charts/rancher-windows-gmsa/3.0.0/templates/clusterrole.yaml
new file mode 100644
index 000000000..6e7667209
--- /dev/null
+++ b/charts/rancher-windows-gmsa/3.0.0/templates/clusterrole.yaml
@@ -0,0 +1,16 @@
+# the RBAC role that the webhook needs to:
+#  * read GMSA custom resources
+#  * check authorizations to use GMSA cred specs
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Release.Name }}
+  labels: {{ include "gmsa.chartref" . | nindent 4 }}
+rules:
+  - apiGroups: ["windows.k8s.io"]
+    resources: ["gmsacredentialspecs"]
+    verbs: ["get", "use"]
+  - apiGroups: ["authorization.k8s.io"]
+    resources: ["localsubjectaccessreviews"]
+    verbs: ["create"]
+
diff --git a/charts/rancher-windows-gmsa/3.0.0/templates/clusterrolebinding.yaml b/charts/rancher-windows-gmsa/3.0.0/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..7f477c426
--- /dev/null
+++ b/charts/rancher-windows-gmsa/3.0.0/templates/clusterrolebinding.yaml
@@ -0,0 +1,15 @@
+# bind that role to the webhook's service account
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Release.Name }}
+  labels: {{ include "gmsa.chartref" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Release.Name }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Release.Name }}
+  apiGroup: rbac.authorization.k8s.io
+
diff --git a/charts/rancher-windows-gmsa/3.0.0/templates/credentialspec.yaml b/charts/rancher-windows-gmsa/3.0.0/templates/credentialspec.yaml
new file mode 100644
index 000000000..f4ff13efd
--- /dev/null
+++ b/charts/rancher-windows-gmsa/3.0.0/templates/credentialspec.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.credential.enabled -}}
+apiVersion: windows.k8s.io/v1
+kind: GMSACredentialSpec
+metadata:
+  name: {{ .Values.credential.domainJoinConfig.machineAccountName | lower }}
+  labels: {{ include "gmsa.chartref" . | nindent 4 }}
+credspec:
+  ActiveDirectoryConfig:
+    GroupManagedServiceAccounts:
+      - Name: {{ .Values.credential.domainJoinConfig.machineAccountNamename }}
+        Scope: {{ .Values.credential.domainJoinConfig.netBiosName }}
+      - Name: {{ .Values.credential.domainJoinConfig.machineAccountNamename }}
+        Scope: {{ .Values.credential.domainJoinConfig.dnsName }}
+  CmsPlugins:
+    - ActiveDirectory
+  DomainJoinConfig:
+    DnsName: {{ .Values.credential.domainJoinConfig.dnsName }}
+    DnsTreeName:  {{ .Values.credential.domainJoinConfig.dnsName }}
+    Guid:  {{ .Values.credential.domainJoinConfig.guid }}
+    MachineAccountName:  {{ .Values.credential.domainJoinConfig.machineAccountName }}
+    NetBiosName:  {{ .Values.credential.domainJoinConfig.netBiosName }}
+    Sid:  {{ .Values.credential.domainJoinConfig.sid }}
+{{- end -}}
+
diff --git a/charts/rancher-windows-gmsa/3.0.0/templates/deployment.yaml b/charts/rancher-windows-gmsa/3.0.0/templates/deployment.yaml
new file mode 100644
index 000000000..9dc4d7fb5
--- /dev/null
+++ b/charts/rancher-windows-gmsa/3.0.0/templates/deployment.yaml
@@ -0,0 +1,68 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    seccomp.security.alpha.kubernetes.io/pod: runtime/default
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "gmsa.chartref" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}
+    spec:
+      {{- if .Values.podSecurityContext }}
+      securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ .Release.Name }}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: kubernetes.io/os
+                    operator: In
+                    values:
+                      - linux
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ .Release.Name }}
+          image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+          imagePullPolicy: {{ .Values.image.imagePullPolicy }}
+          readinessProbe:
+            httpGet:
+              scheme: HTTPS
+              path: /health
+              port: 443
+          ports:
+            - containerPort: 443
+          {{- if .Values.securityContext }}
+          securityContext: {{ toYaml .Values.securityContext | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: tls
+              mountPath: "/etc/ssl/rancher-windows-gmsa-webhook"
+              readOnly: true
+          env:
+            - name: TLS_KEY
+              value: /etc/ssl/rancher-windows-gmsa-webhook/tls.key
+            - name: TLS_CRT
+              value: /etc/ssl/rancher-windows-gmsa-webhook/tls.crt
+      volumes:
+        - name: tls
+          secret:
+            secretName: {{ .Values.certificates.secretName }}
+            items:
+              - key: tls.key
+                path: tls.key
+              - key: tls.crt
+                path: tls.crt
+
diff --git a/charts/rancher-windows-gmsa/3.0.0/templates/issuer.yaml b/charts/rancher-windows-gmsa/3.0.0/templates/issuer.yaml
new file mode 100644
index 000000000..d100da93b
--- /dev/null
+++ b/charts/rancher-windows-gmsa/3.0.0/templates/issuer.yaml
@@ -0,0 +1,26 @@
+{{- if .Values.certificates.certManager.enabled -}}
+{{ template "cert-manager.apiversion" . }}
+kind: Certificate
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "gmsa.chartref" . | nindent 4 }}
+spec:
+  dnsNames:
+    - {{ .Release.Name }}.{{ .Release.Namespace }}.svc
+    - {{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local
+  issuerRef:
+    kind: Issuer
+    name: {{ .Release.Name }}
+  secretName: {{ .Values.certificates.secretName }}
+---
+{{ template "cert-manager.apiversion" . }}
+kind: Issuer
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "gmsa.chartref" . | nindent 4 }}
+spec:
+  selfSigned: {}
+{{- end -}}
+
diff --git a/charts/rancher-windows-gmsa/3.0.0/templates/mutatingwebhook.yaml b/charts/rancher-windows-gmsa/3.0.0/templates/mutatingwebhook.yaml
new file mode 100644
index 000000000..321394565
--- /dev/null
+++ b/charts/rancher-windows-gmsa/3.0.0/templates/mutatingwebhook.yaml
@@ -0,0 +1,34 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ .Release.Name }}
+  {{- if .Values.certificates.certManager.enabled }}
+  annotations:
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Release.Name }}
+  {{- end }}
+  labels: {{ include "gmsa.chartref" . | nindent 4 }}
+webhooks:
+  - name: admission-webhook.windows-gmsa.sigs.k8s.io
+    clientConfig:
+      service:
+        name: {{ .Release.Name }}
+        namespace: {{.Release.Namespace}}
+        path: "/mutate"
+      {{- if not (.Values.certificates.certManager.enabled) }}
+      caBundle: {{ template "certificates.cabundle" . }}
+      {{- end }}
+    rules:
+      - operations: ["CREATE"]
+        apiGroups: [""]
+        apiVersions: ["*"]
+        resources: ["pods"]
+    failurePolicy: Fail
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    # don't run on ${NAMESPACE}
+    namespaceSelector:
+      matchExpressions:
+        - key: gmsa-webhook
+          operator: NotIn
+          values: [disabled]
+
diff --git a/charts/rancher-windows-gmsa/3.0.0/templates/networkpolicy.yaml b/charts/rancher-windows-gmsa/3.0.0/templates/networkpolicy.yaml
new file mode 100644
index 000000000..4d60f0915
--- /dev/null
+++ b/charts/rancher-windows-gmsa/3.0.0/templates/networkpolicy.yaml
@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "gmsa.chartref" . | nindent 4 }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
+
diff --git a/charts/rancher-windows-gmsa/3.0.0/templates/service.yaml b/charts/rancher-windows-gmsa/3.0.0/templates/service.yaml
new file mode 100644
index 000000000..768f3f25d
--- /dev/null
+++ b/charts/rancher-windows-gmsa/3.0.0/templates/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "gmsa.chartref" . | nindent 4 }}
+spec:
+  ports:
+    - port: 443
+      targetPort: 443
+  selector:
+    app: {{ .Release.Name }}
+
diff --git a/charts/rancher-windows-gmsa/3.0.0/templates/serviceaccount.yaml b/charts/rancher-windows-gmsa/3.0.0/templates/serviceaccount.yaml
new file mode 100644
index 000000000..d4bfa87c0
--- /dev/null
+++ b/charts/rancher-windows-gmsa/3.0.0/templates/serviceaccount.yaml
@@ -0,0 +1,8 @@
+# the service account for the webhook
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "gmsa.chartref" . | nindent 4 }}
+
diff --git a/charts/rancher-windows-gmsa/3.0.0/templates/validate-install-crd.yaml b/charts/rancher-windows-gmsa/3.0.0/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..3f1ad6df7
--- /dev/null
+++ b/charts/rancher-windows-gmsa/3.0.0/templates/validate-install-crd.yaml
@@ -0,0 +1,14 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "windows.k8s.io/v1alpha1/GMSACredentialSpec" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-windows-gmsa/3.0.0/templates/validatingwebhook.yaml b/charts/rancher-windows-gmsa/3.0.0/templates/validatingwebhook.yaml
new file mode 100644
index 000000000..e13c5b33b
--- /dev/null
+++ b/charts/rancher-windows-gmsa/3.0.0/templates/validatingwebhook.yaml
@@ -0,0 +1,34 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: {{ .Release.Name }}
+  {{- if .Values.certificates.certManager.enabled }}
+  annotations:
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Release.Name }}
+  {{- end }}
+  labels: {{ include "gmsa.chartref" . | nindent 4 }}
+webhooks:
+  - name: admission-webhook.windows-gmsa.sigs.k8s.io
+    clientConfig:
+      service:
+        name: {{ .Release.Name }}
+        namespace: {{ .Release.Namespace }}
+        path: "/validate"
+      {{- if not (.Values.certificates.certManager.enabled) }}
+      caBundle: {{ template "certificates.cabundle" . }}
+      {{- end }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["*"]
+        resources: ["pods"]
+    failurePolicy: Fail
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    # don't run on ${NAMESPACE}
+    namespaceSelector:
+      matchExpressions:
+        - key: gmsa-webhook
+          operator: NotIn
+          values: [disabled]
+
diff --git a/charts/rancher-windows-gmsa/3.0.0/values.yaml b/charts/rancher-windows-gmsa/3.0.0/values.yaml
new file mode 100644
index 000000000..f7ea06ba0
--- /dev/null
+++ b/charts/rancher-windows-gmsa/3.0.0/values.yaml
@@ -0,0 +1,42 @@
+certificates:
+  certManager:
+    # Enable cert manager integration. Cert manager should be already installed at the k8s cluster
+    enabled: true
+    version: ""
+  # If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt and tls.key) as k8s secretName in the namespace
+  secretName: gmsa-server-cert
+
+credential:
+  enabled: true
+  domainJoinConfig:
+    dnsName: ""  #DNS Domain Name
+    dnsTreeName: "" #DNS Domain Name Root
+    guid: ""  #GUID
+    machineAccountName: "" #Username of the GMSA account
+    netBiosName: ""  #NETBIOS Domain Name
+    sid: "" #SID of GMSA
+
+image:
+  repository: rancher/mirrored-sigwindowstools-k8s-gmsa-webhook
+  tag: v0.3.0
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.22.6
+    pullPolicy: IfNotPresent
+
+## SecurityContext holds pod-level security attributes and common container settings.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+podSecurityContext:
+  runAsNonRoot: false
+  # Currently, required to run as root due to port binding within the container.
+  runAsUser: 0
+securityContext: {}
+
+tolerations: []
+
diff --git a/index.yaml b/index.yaml
index 9c368efa6..0577b0821 100755
--- a/index.yaml
+++ b/index.yaml
@@ -15776,6 +15776,39 @@ entries:
     - assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000.tgz
     version: 0.1.000
   rancher-windows-gmsa:
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-windows-gmsa-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: Windows GMSA
+      catalog.cattle.io/experimental: "true"
+      catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.24.0-0'
+      catalog.cattle.io/namespace: cattle-windows-gmsa-system
+      catalog.cattle.io/os: windows
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: windows.k8s.io.gmsacredentialspecs/v1
+      catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+      catalog.cattle.io/release-name: rancher-windows-gmsa
+    apiVersion: v2
+    appVersion: 0.3.0
+    created: "2023-09-21T11:38:26.167179-07:00"
+    description: Windows GMSA Configuration
+    digest: 5e04fb626c5546bc5afdba5770e767b53a4eaea2c04f847748dbba46a656589a
+    icon: https://charts.rancher.io/assets/logos/windows-gmsa.svg
+    keywords:
+    - Windows
+    - Windows GMSA
+    - GMSA
+    - Active Directory
+    maintainers:
+    - email: jamie.phillips@suse.com
+      name: Rancher
+    name: rancher-windows-gmsa
+    sources:
+    - https://github.com/kubernetes-sigs/windows-gmsa
+    type: application
+    urls:
+    - assets/rancher-windows-gmsa/rancher-windows-gmsa-3.0.0.tgz
+    version: 3.0.0
   - annotations:
       catalog.cattle.io/auto-install: rancher-windows-gmsa-crd=match
       catalog.cattle.io/certified: rancher
@@ -15843,6 +15876,20 @@ entries:
     - assets/rancher-windows-gmsa/rancher-windows-gmsa-1.0.0.tgz
     version: 1.0.0
   rancher-windows-gmsa-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-windows-gmsa-system
+      catalog.cattle.io/release-name: rancher-windows-gmsa-crd
+    apiVersion: v1
+    created: "2023-09-21T11:38:26.168407-07:00"
+    description: Installs the CRDs for Windows GMSA.
+    digest: bae5dee0ade0816af85f0ba2d987d087bc0b6835db827d4709bb5492f13ea9a2
+    name: rancher-windows-gmsa-crd
+    type: application
+    urls:
+    - assets/rancher-windows-gmsa-crd/rancher-windows-gmsa-crd-3.0.0.tgz
+    version: 3.0.0
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"