From 77149b5e925ed138bb3f988aae11a29c2fff7832 Mon Sep 17 00:00:00 2001
From: Geet Samra <amangeet.samra@suse.com>
Date: Mon, 13 Feb 2023 14:32:40 -0800
Subject: [PATCH] forward port fleet-0.3.1000+up0.3.10-security1

---
 .../fleet-0.3.1000+up0.3.10-security1.tgz     | Bin 0 -> 3456 bytes
 .../0.3.1000+up0.3.10-security1/Chart.yaml    |  20 ++++
 .../charts/gitjob/.helmignore                 |  23 ++++
 .../charts/gitjob/Chart.yaml                  |   5 +
 .../charts/gitjob/templates/_helpers.tpl      |  22 ++++
 .../charts/gitjob/templates/clusterrole.yaml  |  38 +++++++
 .../gitjob/templates/clusterrolebinding.yaml  |  12 ++
 .../charts/gitjob/templates/deployment.yaml   |  45 ++++++++
 .../charts/gitjob/templates/service.yaml      |  12 ++
 .../gitjob/templates/serviceaccount.yaml      |   4 +
 .../charts/gitjob/values.yaml                 |  26 +++++
 .../templates/_helpers.tpl                    |  22 ++++
 .../templates/configmap.yaml                  |  24 ++++
 .../templates/deployment.yaml                 |  49 ++++++++
 .../templates/rbac.yaml                       | 106 ++++++++++++++++++
 .../templates/serviceaccount.yaml             |  10 ++
 .../0.3.1000+up0.3.10-security1/values.yaml   |  60 ++++++++++
 index.yaml                                    |  24 ++++
 release.yaml                                  |  43 ++++---
 19 files changed, 523 insertions(+), 22 deletions(-)
 create mode 100644 assets/fleet/fleet-0.3.1000+up0.3.10-security1.tgz
 create mode 100644 charts/fleet/0.3.1000+up0.3.10-security1/Chart.yaml
 create mode 100644 charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/.helmignore
 create mode 100644 charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/Chart.yaml
 create mode 100644 charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/_helpers.tpl
 create mode 100644 charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/clusterrole.yaml
 create mode 100644 charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/clusterrolebinding.yaml
 create mode 100644 charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/deployment.yaml
 create mode 100644 charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/service.yaml
 create mode 100644 charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/serviceaccount.yaml
 create mode 100644 charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/values.yaml
 create mode 100644 charts/fleet/0.3.1000+up0.3.10-security1/templates/_helpers.tpl
 create mode 100644 charts/fleet/0.3.1000+up0.3.10-security1/templates/configmap.yaml
 create mode 100644 charts/fleet/0.3.1000+up0.3.10-security1/templates/deployment.yaml
 create mode 100644 charts/fleet/0.3.1000+up0.3.10-security1/templates/rbac.yaml
 create mode 100644 charts/fleet/0.3.1000+up0.3.10-security1/templates/serviceaccount.yaml
 create mode 100644 charts/fleet/0.3.1000+up0.3.10-security1/values.yaml

diff --git a/assets/fleet/fleet-0.3.1000+up0.3.10-security1.tgz b/assets/fleet/fleet-0.3.1000+up0.3.10-security1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..df33e67ea4054a0635509bf26d9d2aecc74fbad2
GIT binary patch
literal 3456
zcmV-`4S(_<iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH;Na@#nP`OT;3lj|zGK8vDc+0L<MQ|I$!_EMM0xa`dAZEbC(
zAhIPPh5!x#O7VJh&whmuQ6xoKj_k;{6LqQ-6KFJ=KzE}XXmH37b?0JCqz-S%guVC*
z5JgdR+V9){qbREX-|e0CUv&G&r^lz!$#Hb{BI@>zqvID4eGO*nkSk5(i|EmP)nD$P
z1PJFs6HNtIaR87IO_&&k3DKHiNJWR_TC^!wnlKiF6_<7*(?3m!PR5Nb5|o+_DW)+<
z!jmz|Ml}4Kp`;V!ny?sJTISelL>$vJMSd>|Clgc|NiYUi*mjJnTcvT**hHup80Gor
z#@Y<!glg3;u#RSwr(&j>v89;O6jggPl`$kNR~n@XEe|EMX_v5UOuCIUBr+rl+vZjL
zI0q!7zo1l9@EE4OfMi+m7=_1SH)<<Pa!K`VH%Ku<o+3{usyJvvB6v!*#T`*CG8G~x
z1BPh;;QAO*{YeZ00EwAUR10|<!;mtJJDsqT7?Yqn9w|kYNSZl%KN#lVN5aVnCA8ts
zRR5GIAR4X{!Z4tT!5V9wskq|_g<ce_NGXL{b(k0l)p3KQrlX+z=F{qXM$y0J*~%+F
zx9<ENz}f#PVL7U=wE%3e|Hu7qw{HJWj{AH2zYCxfGQzlK1iY>~-3$OU8O1PN(LVs&
z`Z8ziQZSm_#_)FdUg%4S3b_sfGD5E3ZtS6L@gC970sJ83!tR2^5mj2+MGf>AA<GAh
zCh+ssI}k%#^56LYB}a`4&M)7BLODeVlU!*SASl!@Mv1`zy!lKf8N;PDLst+cViKSB
z`^UycU)$zCU%iW=)!NJrP5^l#QcS_>-GZr$^Dk!a?GP9aHQ*%Ew?H*e1w^TQf+^@R
zRdq@q-d!6MMMoS{7~BGZ88QYpT+BFJoQKQTxj0|E%{ipG=U-__`3QzW!dT2e3^j7F
zv!_6fMb1(?%Tfb@F%qc<NVF4!i!mlQl)vQ~<<zeD-IIx>|Ccf9F-o`<Im`&xpal@d
z#H<*@JQKV&kOEYO2_4>=0izNa86Z<(Ku26iyl@S#N=@Ebgcyc|DKy=h8U363J7iLP
zzV%}q9Jog}-*Kn&U9M1?h3WNwe3ucWW<sW~<L`3GUdP{=7kzC=C1NrmpfDqnXiR}o
zrOjNXVnQfaASBQXNSaDi3Ki%v(J-To0T&u_g-$R`&jA;gj)QLRER4**&a0ztwEXj|
z7j{qWL$`O-{de>9$~~SQg=(4{g?`vVCKAGeU?7AxqmUUTJb({lgu-7cu`)m~zFs2H
zz60T@<;oH%W@3TqCIcm=K)LrQyaVP`+V#EK-^@s^C2aAW@K}Mmr!&HjfDWCMTbfq3
zZFP!6k~1qaHJ8s)e!t|a)v`^`t%O<`OH<>sc;6N@os@?o#f*ttgSWz12p>%URz{U2
zDmYpWa>j0<7;neX5m5b78Gmd@M+-$VqiZ^~RjHV9r6rO{;X7KYlv~1TEOhAYr+*EF
ziA3!m2G*FyFd?RC0FV(qR!)0IObiI~p1o$)4g<I``rZwlSCU(=?g#K*r0Dg@PE00J
zV^rvf8)w~MT;XtO5pN0;V|=?*B&uVSraj7OiXAReY%64#nD_1k2M2*Ey0#@k#&9<`
z6yJG`F?FB`H3r2Dy<lim3jQGR*PKeMShUxFf^K;F$G~IR7zY0K_aJZ%uX$JR^TuFe
zhagCCkdGENz&^agDY6)%Z`GM}{-4H4#)wAM`8Y<FnczidPv#14ivOe2di>u%J=@3s
zJAu2qwy~j<Bea}Z_~=dQN5A0SwxB(q2L_Q2A^gRK3eK=B;@3ulQZ&mX<$4IMe^s5<
zRs@hKEFM}*evqdte+PGWox|WSE?TcHCC1<v>xHo~*1Xy9-Wnct6d05N8sEbemrRSX
zM>8RBm>{V!=f>GF-dHlmG-t-)GE0R}Sf&^pc07NJLAI4`YZgny-8;4628|sq?@|~G
zZ{5V$w>1Sg9AaYZ|9f%m`!~fRGxUsAZN2$5C#+Q;nMO90x5bW!syScol9VVtx6JP0
z>7Z`^otrWt*%NLCY_k7nXZ861q!*p+?f)*Ivc=d9ZYWP<xUfR-BgujZYLXI7;$qj(
z?*I#~rC<zYu&8#D6T@%T#k{k>0IlU7Kr4pU-5o4s?Vj}}g!%mLZn07<DTK={g!w#f
z#L#3kpSO-ydtdGzcs?2$*R~m;La7wzI|>DXQcYuvi*wgtaN0+nz)HJ|^A(nB(Q>WB
z28=R=4KZ*lh9#{Hxbt~IwFqlWdtV69vcX1`zXCI~l_k~yT4oB@p_{rYwhMID;k(*u
z3l|NwVrXvSs;f<k=yY8_1wyr5HNsrixQbPxupHVM4#q;<Tw#K=Ny1j^%hNrgdYlh_
zzIt~laY#Q`o7O7l^OkKkU&K3g`|rYD6X-qN0<gjU_fC)N{{Kn8*WKIyT|n9XlPpu6
zViEYhkc5Y<0xH8KwmTC(u(x7n4+;Iwn-^D-Wev@tSQdQ4QjZ2$g~oa+01HM8m?}a!
z%A%$5VW&$nZT~v&&wqS#eR+QIrl|2w_YYD`;!+{NkRnU3a9Az%<(EW{<AV96-6(Kt
zQIy+zoX=Mn`mYZkE<avg{q#S7t#f3I_ruy>KZd~jpB~WK?^TxDFT#XUkvn35mtV5>
z7hTZWx({~YuT^U@g8BSq(c>B!tuRzRO=zu9Z14n%=61K2r)4R!T{ZMnn{K<~R2}Vh
z+ZL{tv>8s3mCEn#;MZJetWvZ4R~sh4bHRm%(y~xG5?*16DpTHeSnEkElvA4Ed6J0S
zt#NBdy|(Fh2b3o)PuE4FA^ZlM@)Ws-SFpPMP$uW9L5shV32Vmq4eGQi?@`%6T*F%>
zSl`56dE20oyE4LB=5}HK>+8Q9kmRY)fj6E19(Pab`+wd3KK|PYl-GYd_axV2A?ZJ?
zaE3Rpl*?RMM20?45DXvU708^qY!s5wKTDCjP5HJ@Jy~YI*wYOqa+#pVczI~d`4r`#
zRIoy)mSM9k8GDRUYgw$_%07BiN1UlsTM~5vi=$ZVv^<2^+NoLX!*6*?!944wf&t|z
z<s(<V#Hdx(m<ihLcCfvi{HG)QAaM~4y=%32|9g5109J)^y@Q$$K4GG*G`eQjmDOu~
z%gX8I-CcO)GPS}|Ot;k-JywaD1nfSc+Lp(!KY?Fs<{l}z4|wBt5$CU+CTD^kWS4fN
zXJw|pp2n4W*?I;`G#;Xb&%K!b6GGkptFCiT;|Xr?|DxV;-Tyo7o$U92b^?w2|26G=
zfZ<=UUE9+t>HKpK&Nl!~|0~JfPktL@lm2&C&;O!+wAcS#z`a)tx?%6Mn)-iHsHsbp
zlR1Y^VxV9^6s91!3GD!<Xkw(wHG^r5>~p{P9xOEJ|5M)v*mVBi?Vr{4|2XRH^?w)O
zrhHv`esM);k(qB)x0IP5XuQ#auWRmV+qtGpRfwEylbQPMWNiN~l5i`zw$Cl*dsqWa
z_W!A~fj8Oz)%@SH{_%eQe<!fd|J~>R?(=`YUAW)=myV7e5e{th|D&jC|9jE#@qYhr
zC-9`FBR*X4Cm{f}vk;eF(i#w*j9ofS<y6E~zx*Ty%BAuY$0NSRo|!b$Tu&|&=^Apz
z=YP3;9AWusW|-WjKYzsggm17s)B9qg^>g;Mop?;uS}Ex$O?2)nYF)PuThA@Odw3i?
z*#7(cfNhq6P5Zz7Ufuq8PtW%IzdM1iao+62sO=@@DbJYw0<%0%HdbiOiSo*4ZfYmU
zuzG|H-=1%Kzy3eXZGa8>-#h8`>;7N&bnpM|1h&loUnt@iW&L}XqP1PNf2nmf%fBfL
zxuo<>*8q&!@M-B^bS15vKW!YVwR!2j-X*5DN=fu9Hfh0PEvI~$C0Q!kluq81P~Mmk
z?hyU<yd8*2)pldz$gLj}U%xsgl`9#r;aUc)znTH}T+e_9U(winNdq=r)PRTGwW!ls
zy|A$bp@xea%~TpLZ#2ltK5zg3XWsr(!TsyMH?5C63f|=Z_fDhL{r~;<-*y7`<!o(U
z_cI~2UsM<NXRLMBeieBQH3%^*AEnSD5iEue7nchqCUS)O(j!{bsyk6x{hxchesAy~
z{eNUO=qCM-&Q9v_f7IQd|Lp{}%h~j1;JKOK!=s@||HCn|iTg0blk~Ak|4&x$|MyPz
z`+qxu1GpqwqjcxnZqi{kMh=6VvXt@>WF)yEBUE8<;68k)^2{#$pvK4;jF=d>n4j{|
z5lCc2(<$1|5SGdbPlE&CIC5V={6l6xNP#KLs2;<={4s=|IJ>o9Jj@(RkfA-E$1n)L
zzy5fwh5hL1g_ukPhhHwPA*E6UCfM%SU&nqB4*nrK_IFV*9(Bym;!#a`XGv&4lAAoU
zU%pnsVW?(Va2O8AO>h|MiTPVdItmW|H#mS_h@>J{@b>#RDll=_Croq@(iBO@p-b^8
i2&XC$DR!QFZuhW<J?!B=_`d)E0RR7vW!^;qWB>p`BEq8p

literal 0
HcmV?d00001

diff --git a/charts/fleet/0.3.1000+up0.3.10-security1/Chart.yaml b/charts/fleet/0.3.1000+up0.3.10-security1/Chart.yaml
new file mode 100644
index 000000000..242aeaf06
--- /dev/null
+++ b/charts/fleet/0.3.1000+up0.3.10-security1/Chart.yaml
@@ -0,0 +1,20 @@
+annotations:
+  catalog.cattle.io/auto-install: fleet-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/experimental: "true"
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-fleet-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1
+  catalog.cattle.io/release-name: fleet
+apiVersion: v2
+appVersion: 0.3.10-security1
+dependencies:
+- condition: gitops.enabled
+  name: gitjob
+  repository: file://./charts/gitjob
+description: Fleet Manager - GitOps at Scale
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet
+version: 0.3.1000+up0.3.10-security1
diff --git a/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/.helmignore b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/.helmignore
new file mode 100644
index 000000000..691fa13d6
--- /dev/null
+++ b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
\ No newline at end of file
diff --git a/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/Chart.yaml b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/Chart.yaml
new file mode 100644
index 000000000..d3d7e3a52
--- /dev/null
+++ b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+appVersion: 0.1.26
+description: Controller that run jobs based on git events
+name: gitjob
+version: 0.1.26
diff --git a/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/_helpers.tpl b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/_helpers.tpl
new file mode 100644
index 000000000..6cd96c3ac
--- /dev/null
+++ b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/clusterrole.yaml b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/clusterrole.yaml
new file mode 100644
index 000000000..bcad90164
--- /dev/null
+++ b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/clusterrole.yaml
@@ -0,0 +1,38 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gitjob
+rules:
+  - apiGroups:
+      - "batch"
+    resources:
+      - 'jobs'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - 'pods'
+    verbs:
+      - 'list'
+      - 'get'
+      - 'watch'
+  - apiGroups:
+      - ""
+    resources:
+      - 'secrets'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - 'configmaps'
+    verbs:
+      - '*'
+  - apiGroups:
+      - "gitjob.cattle.io"
+    resources:
+      - "gitjobs"
+      - "gitjobs/status"
+    verbs:
+      - "*"
\ No newline at end of file
diff --git a/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/clusterrolebinding.yaml b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..0bf07c4ef
--- /dev/null
+++ b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: gitjob-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: gitjob
+subjects:
+  - kind: ServiceAccount
+    name: gitjob
+    namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/deployment.yaml b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/deployment.yaml
new file mode 100644
index 000000000..86bb61edd
--- /dev/null
+++ b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/deployment.yaml
@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitjob
+spec:
+  selector:
+    matchLabels:
+      app: "gitjob"
+  template:
+    metadata:
+      labels:
+        app: "gitjob"
+    spec:
+      serviceAccountName: gitjob
+      containers:
+        - image: "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}"
+          name: gitjob
+          command:
+          - gitjob
+          {{- if .Values.debug }}
+          - --debug
+          {{- end }}
+          - --tekton-image
+          - "{{ template "system_default_registry" . }}{{ .Values.tekton.repository }}:{{ .Values.tekton.tag }}"
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          {{- if .Values.proxy }}
+            - name: HTTP_PROXY
+              value: {{ .Values.proxy }}
+            - name: HTTPS_PROXY
+              value: {{ .Values.proxy }}
+            - name: NO_PROXY
+              value: {{ .Values.noProxy }}
+          {{- end }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
diff --git a/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/service.yaml b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/service.yaml
new file mode 100644
index 000000000..bf57c1b55
--- /dev/null
+++ b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitjob
+spec:
+  ports:
+    - name: http-80
+      port: 80
+      protocol: TCP
+      targetPort: 8080
+  selector:
+    app: "gitjob"
\ No newline at end of file
diff --git a/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/serviceaccount.yaml b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/serviceaccount.yaml
new file mode 100644
index 000000000..5f8aecb04
--- /dev/null
+++ b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gitjob
diff --git a/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/values.yaml b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/values.yaml
new file mode 100644
index 000000000..5e7c584cc
--- /dev/null
+++ b/charts/fleet/0.3.1000+up0.3.10-security1/charts/gitjob/values.yaml
@@ -0,0 +1,26 @@
+gitjob:
+  repository: rancher/gitjob
+  tag: v0.1.26-security1
+
+tekton:
+  repository: rancher/tekton-utils
+  tag: v0.1.5
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+# http[s] proxy server
+# proxy: http://<username>@<password>:<url>:<port>
+
+# comma separated list of domains or ip addresses that will not use the proxy
+noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+debug: false
diff --git a/charts/fleet/0.3.1000+up0.3.10-security1/templates/_helpers.tpl b/charts/fleet/0.3.1000+up0.3.10-security1/templates/_helpers.tpl
new file mode 100644
index 000000000..6cd96c3ac
--- /dev/null
+++ b/charts/fleet/0.3.1000+up0.3.10-security1/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet/0.3.1000+up0.3.10-security1/templates/configmap.yaml b/charts/fleet/0.3.1000+up0.3.10-security1/templates/configmap.yaml
new file mode 100644
index 000000000..6b8d6f05a
--- /dev/null
+++ b/charts/fleet/0.3.1000+up0.3.10-security1/templates/configmap.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fleet-controller
+data:
+  config: |
+    {
+      "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}",
+      "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}",
+      "apiServerURL": "{{.Values.apiServerURL}}",
+      "apiServerCA": "{{b64enc .Values.apiServerCA}}",
+      "agentCheckinInterval": "{{.Values.agentCheckinInterval}}",
+      "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}},
+      "bootstrap": {
+        "paths": "{{.Values.bootstrap.paths}}",
+        "repo": "{{.Values.bootstrap.repo}}",
+        "secret": "{{.Values.bootstrap.secret}}",
+        "branch":  "{{.Values.bootstrap.branch}}",
+        "namespace": "{{.Values.bootstrap.namespace}}",
+        "agentNamespace": "{{.Values.bootstrap.agentNamespace}}",
+      },
+      "webhookReceiverURL": "{{.Values.webhookReceiverURL}}",
+      "githubURLPrefix": "{{.Values.githubURLPrefix}}"
+    }
diff --git a/charts/fleet/0.3.1000+up0.3.10-security1/templates/deployment.yaml b/charts/fleet/0.3.1000+up0.3.10-security1/templates/deployment.yaml
new file mode 100644
index 000000000..3ebc1fe2b
--- /dev/null
+++ b/charts/fleet/0.3.1000+up0.3.10-security1/templates/deployment.yaml
@@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fleet-controller
+spec:
+  selector:
+    matchLabels:
+      app: fleet-controller
+  template:
+    metadata:
+      labels:
+        app: fleet-controller
+    spec:
+      containers:
+      - env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        {{- if .Values.proxy }}
+        - name: HTTP_PROXY
+          value: {{ .Values.proxy }}
+        - name: HTTPS_PROXY
+          value: {{ .Values.proxy }}
+        - name: NO_PROXY
+          value: {{ .Values.noProxy }}
+        {{- end }}
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: fleet-controller
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+        command:
+        - fleetcontroller
+        {{- if .Values.debug }}
+        - --debug
+        - --debug-level
+        - {{ quote .Values.debugLevel }}
+        {{- end }}
+        {{- if not .Values.gitops.enabled }}
+        - --disable-gitops
+        {{- end }}
+      serviceAccountName: fleet-controller
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
diff --git a/charts/fleet/0.3.1000+up0.3.10-security1/templates/rbac.yaml b/charts/fleet/0.3.1000+up0.3.10-security1/templates/rbac.yaml
new file mode 100644
index 000000000..59df51b1f
--- /dev/null
+++ b/charts/fleet/0.3.1000+up0.3.10-security1/templates/rbac.yaml
@@ -0,0 +1,106 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-controller
+rules:
+- apiGroups:
+  - gitjob.cattle.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - fleet.cattle.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - serviceaccounts
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  verbs:
+  - '*'
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  - clusterrolebindings
+  - roles
+  - rolebindings
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-controller
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller
+  namespace: {{.Release.Namespace}}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: fleet-controller
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: fleet-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: fleet-controller
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-controller-bootstrap
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-controller-bootstrap
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-controller-bootstrap
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller-bootstrap
+  namespace: {{.Release.Namespace}}
diff --git a/charts/fleet/0.3.1000+up0.3.10-security1/templates/serviceaccount.yaml b/charts/fleet/0.3.1000+up0.3.10-security1/templates/serviceaccount.yaml
new file mode 100644
index 000000000..bd99d9958
--- /dev/null
+++ b/charts/fleet/0.3.1000+up0.3.10-security1/templates/serviceaccount.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-controller
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-controller-bootstrap
diff --git a/charts/fleet/0.3.1000+up0.3.10-security1/values.yaml b/charts/fleet/0.3.1000+up0.3.10-security1/values.yaml
new file mode 100644
index 000000000..3f03e3d23
--- /dev/null
+++ b/charts/fleet/0.3.1000+up0.3.10-security1/values.yaml
@@ -0,0 +1,60 @@
+image:
+  repository: rancher/fleet
+  tag: v0.3.10-security1
+  imagePullPolicy: IfNotPresent
+
+agentImage:
+  repository: rancher/fleet-agent
+  tag: v0.3.10-security1
+  imagePullPolicy: IfNotPresent
+
+# For cluster registration the public URL of the Kubernetes API server must be set here
+# Example: https://example.com:6443
+apiServerURL: ""
+
+# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here
+# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
+apiServerCA: ""
+
+# A duration string for how often agents should report a heartbeat
+agentCheckinInterval: "15m"
+
+# Whether you want to allow cluster upon registration to specify their labels.
+ignoreClusterRegistrationLabels: false
+
+# http[s] proxy server
+# proxy: http://<username>@<password>:<url>:<port>
+
+# comma separated list of domains or ip addresses that will not use the proxy
+noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
+
+bootstrap:
+  # The namespace that will be autocreated and the local cluster will be registered in
+  namespace: fleet-local
+  # The namespace where the fleet agent for the local cluster will be ran, if empty
+  # this will default to fleet-system
+  agentNamespace: ""
+  # A repo to add at install time that will deploy to the local cluster. This allows
+  # one to fully bootstrap fleet, it's configuration and all it's downstream clusters
+  # in one shot.
+  repo: ""
+  secret: ""
+  branch: master
+  paths: ""
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+gitops:
+  enabled: true
+
+debug: false
+debugLevel: 0
diff --git a/index.yaml b/index.yaml
index 7c0720860..4d922ea56 100755
--- a/index.yaml
+++ b/index.yaml
@@ -416,6 +416,30 @@ entries:
     urls:
     - assets/fleet/fleet-100.0.0+up0.3.6.tgz
     version: 100.0.0+up0.3.6
+  - annotations:
+      catalog.cattle.io/auto-install: fleet-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/experimental: "true"
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-fleet-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1
+      catalog.cattle.io/release-name: fleet
+    apiVersion: v2
+    appVersion: 0.3.10-security1
+    created: "2023-02-13T14:32:26.941542-08:00"
+    dependencies:
+    - condition: gitops.enabled
+      name: gitjob
+      repository: file://./charts/gitjob
+    description: Fleet Manager - GitOps at Scale
+    digest: 4f35b4a24c984663ee4c3b8219fc67be043f8dabfa7ebab707be8b36bd264d2f
+    icon: https://charts.rancher.io/assets/logos/fleet.svg
+    name: fleet
+    urls:
+    - assets/fleet/fleet-0.3.1000+up0.3.10-security1.tgz
+    version: 0.3.1000+up0.3.10-security1
   - annotations:
       catalog.cattle.io/auto-install: fleet-crd=match
       catalog.cattle.io/certified: rancher
diff --git a/release.yaml b/release.yaml
index 7dcfa5e5a..c354091d2 100644
--- a/release.yaml
+++ b/release.yaml
@@ -1,17 +1,20 @@
 epinio:
-- 102.0.1+up1.6.2
+  - 102.0.1+up1.6.2
 epinio-crd:
-- 102.0.1+up1.6.2
+  - 102.0.1+up1.6.2
 fleet:
-- 102.0.0+up0.6.0-rc.4
+  - 102.0.0+up0.6.0-rc.4
+  - 0.3.1000+up0.3.10-security1
 fleet-agent:
 - 102.0.0+up0.6.0-rc.4
 fleet-crd:
 - 102.0.0+up0.6.0-rc.4
 longhorn:
-- 101.2.0+up1.4.0
+  - 102.2.0+up1.4.0
+  - 101.2.0+up1.4.0
 longhorn-crd:
-- 101.2.0+up1.4.0
+  - 101.2.0+up1.4.0
+  - 102.2.0+up1.4.0
 neuvector:
 - 102.0.0+up2.4.2
 neuvector-crd:
@@ -23,7 +26,7 @@ rancher-aks-operator:
 rancher-aks-operator-crd:
 - 102.0.0+up1.1.0-rc5
 rancher-alerting-drivers:
-- 102.0.0
+  - 102.0.0
 rancher-backup:
 - 102.0.0+up3.1.0-rc2
 rancher-backup-crd:
@@ -33,27 +36,27 @@ rancher-cis-benchmark:
 rancher-cis-benchmark-crd:
 - 4.0.0-rc3
 rancher-csp-adapter:
-- 2.0.1+up2.0.1-rc1
+  - 2.0.1+up2.0.1-rc1
 rancher-eks-operator:
-- 101.1.0+up1.1.6-rc1
-- 101.2.0+up1.2.0-rc2
+  - 101.1.0+up1.1.6-rc1
+  - 101.2.0+up1.2.0-rc2
 rancher-eks-operator-crd:
-- 101.1.0+up1.1.6-rc1
-- 101.2.0+up1.2.0-rc2
+  - 101.1.0+up1.1.6-rc1
+  - 101.2.0+up1.2.0-rc2
 rancher-gatekeeper:
 - 102.0.0+up3.10.0
 rancher-gatekeeper-crd:
 - 102.0.0+up3.10.0
 rancher-gke-operator:
-- 101.0.1+up1.1.5
+  - 101.0.1+up1.1.5
 rancher-gke-operator-crd:
-- 101.0.1+up1.1.5
+  - 101.0.1+up1.1.5
 rancher-istio:
-- 102.0.0+up1.15.3
+  - 102.0.0+up1.15.3
 rancher-logging:
-- 102.0.0+up3.17.10
+  - 102.0.0+up3.17.10
 rancher-logging-crd:
-- 102.0.0+up3.17.10
+  - 102.0.0+up3.17.10
 rancher-monitoring:
 - 102.0.0+up40.1.2
 rancher-monitoring-crd:
@@ -61,7 +64,7 @@ rancher-monitoring-crd:
 rancher-project-monitoring:
 - 2.0.0+up0.2.1
 rancher-pushprox:
-- 102.0.0
+  - 102.0.0
 rancher-vsphere-cpi:
 - 102.0.0+up1.4.1
 rancher-vsphere-csi:
@@ -77,8 +80,4 @@ system-upgrade-controller:
 ui-plugin-operator:
 - 102.0.0+up0.2.0-rc3
 ui-plugin-operator-crd:
-- 102.0.0+up0.2.0-rc3
-longhorn:
-  - 102.2.0+up1.4.0
-longhorn-crd:
-  - 102.2.0+up1.4.0
+- 102.0.0+up0.2.0-rc3
\ No newline at end of file