From 79b6cb4a28cb4bea46488c99876dc3827d8ef508 Mon Sep 17 00:00:00 2001
From: Kevin Joiner <kevinjoiner@users.noreply.github.com>
Date: Wed, 21 Dec 2022 09:27:18 -0500
Subject: [PATCH] Make charts.

---
 .../rancher-webhook-2.0.2+up0.3.2-rc3.tgz     | Bin 0 -> 2699 bytes
 .../2.0.2+up0.3.2-rc3/Chart.yaml              |  18 ++++++
 .../2.0.2+up0.3.2-rc3/charts/capi/Chart.yaml  |   4 ++
 .../charts/capi/templates/service.yaml        |  11 ++++
 .../2.0.2+up0.3.2-rc3/templates/_helpers.tpl  |  22 +++++++
 .../templates/deployment.yaml                 |  55 ++++++++++++++++++
 .../pre-delete-hook-cluster-role-binding.yaml |  19 ++++++
 .../pre-delete-hook-cluster-role.yaml         |  25 ++++++++
 .../templates/pre-delete-hook-job.yaml        |  39 +++++++++++++
 .../templates/pre-delete-hook-psp.yaml        |  33 +++++++++++
 .../pre-delete-hook-service-account.yaml      |  12 ++++
 .../2.0.2+up0.3.2-rc3/templates/rbac.yaml     |  12 ++++
 .../2.0.2+up0.3.2-rc3/templates/service.yaml  |  15 +++++
 .../templates/serviceaccount.yaml             |   4 ++
 .../2.0.2+up0.3.2-rc3/templates/webhook.yaml  |  19 ++++++
 .../2.0.2+up0.3.2-rc3/values.yaml             |  28 +++++++++
 16 files changed, 316 insertions(+)
 create mode 100644 assets/rancher-webhook/rancher-webhook-2.0.2+up0.3.2-rc3.tgz
 create mode 100644 charts/rancher-webhook/2.0.2+up0.3.2-rc3/Chart.yaml
 create mode 100644 charts/rancher-webhook/2.0.2+up0.3.2-rc3/charts/capi/Chart.yaml
 create mode 100644 charts/rancher-webhook/2.0.2+up0.3.2-rc3/charts/capi/templates/service.yaml
 create mode 100644 charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/_helpers.tpl
 create mode 100644 charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/deployment.yaml
 create mode 100644 charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-cluster-role-binding.yaml
 create mode 100644 charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-cluster-role.yaml
 create mode 100644 charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-job.yaml
 create mode 100644 charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-psp.yaml
 create mode 100644 charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-service-account.yaml
 create mode 100644 charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/rbac.yaml
 create mode 100644 charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/service.yaml
 create mode 100644 charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/webhook.yaml
 create mode 100644 charts/rancher-webhook/2.0.2+up0.3.2-rc3/values.yaml

diff --git a/assets/rancher-webhook/rancher-webhook-2.0.2+up0.3.2-rc3.tgz b/assets/rancher-webhook/rancher-webhook-2.0.2+up0.3.2-rc3.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..55aaf6e35ca2bf1130cf9700843f2622de4c4063
GIT binary patch
literal 2699
zcmV;63Uu`!iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI}<Z{s$y-=FnY3{*ViJ-n4H*^a#@Tn|XI>D?Z7QzPm1a43oe
zEsbq96seMwx4AU``$3|<S(fc&H|unJnqQny<ZwiBKJ$emNy5VwO6LR4S3=wj&R0Zg
z_m;%$#gmcedER6^&VN16YybMbKYihkN2lJzA5Hwp3(p@9PscC7dpZ$zQ>rwPFT78l
zt9^4{2ocVOCYlPa0t+A{nlQ0+L!vc9mx@7%Qqu*+D1c(Gbaq?OC_)~9t!0XKXP29F
zj?NmTqJjr-@|Ul{cm0X$IUf8Oe0P}tdD1zQlNeP(LJYt(I_g$wj5|9E6#%0={k8LI
zf-<IBIaRNhA1IH+2i4iTRF4g@hwikHdg#8|Ewn_2M4^)jUoBp#XckH64<*y}&>~4v
z{p-0Scj(A)WJQ=DkC2BHRbV*~3La6NcM3^DUF2lWFtPy5Bw3>cATbe&Y9Vg}ux%?s
z6-t_zaX%17Bcdr^o<%WL*^K`*BEdpPxH4jbzD-bB-J(~EF?2n5`2T5A3;f*Mxu-``
z8~@jYrKq0P035=9Z{)Y}|I|C}@&6b^W3t4cg&D=B7_=21K$B$v>ssFdat5=Mv6)~r
zyba*Z;!^0DM1@>i){==iVTEbYET0O%p!aKBkd)~wTvDYAtO8gGr7ux`5b`E~1z`#;
zE5o&HWPx{8dmP3a&6)ABtVH5#WT<ibS|P8IqU)A3BNb|vUpF`FyTg$?vaGK_3x?9z
z${Z{83ZYmUh%jN|Hb$;pxJHDP)`<!RIX}r!qsmM|BtkU^1rIUNYM{auMk%9w>EN1%
z8RLN_lxv6Z$f;)=<g>*>B2c~%Rzr>ee*DSeBEoBA7-}H{xVyKkufBqrq(V}Cd(Mbb
zmn23YO3@|92()O5YbEWT`Ga`wjoH&tsEz*`<Af27YVdxAEJ3MUoqVDxIDr4&^mN$5
z|H<TZ)Z_m#=<d#e2p5zi*anr~M+TPP%L12eaPIG|tRr23`-5>146c{nZYQ2s!xBlk
zUV!~SYG8j917r%Tf9zTw<k8mOR`ZTpyW3@Cj!YQ_BuTbi+mch8Q64Ec8PGOxxnShL
z4Q9rx8G&SmEO(`XVr<rciv@-{0Q*v08|cp?C6Q$OGU&E1en|<lci&G#3{?QWkzv!!
z)DcjFQ}^@Vt^W-Z@rmBx0sSBO({W4xr=#hl*Z*TsGYln3q6TZ<x}iJ@;C1!<tr#_l
zh$cZ5Xtwo6B^YK`%Ux+4teEI<^)}Zz(*V$^bpYkIE5<eE%ZP2T*vSN-6eFXxU}=oi
zD5sEIGga|X7)sPN-?HVh>mHqYWH%Nz9M=p#OxF!>ws1j976s6lhL#g|2b6~_jdm%$
z3%>!UJVLJFRn4U(S(7Q`KnYs>i^QzE$8XThaYN7z?{kNo8yMLXb+S{`rgPmXX|qEm
z=wy$eq2QS}jk2)^kgw~<U2ci%@6X=N8k?X5?z_8kZly__+~3<<LoY7RzIl7`{`_qA
zW-o(gwq_5Xcjxc+vWdfZAD7FscNf>Qv-68KlW(Pno7)^<L6JpQxY%qh+Gj+sf=UbB
zD*IOTH9-`dWKXHk+&%7t3-|YTch!T;2fKCf1^4&C)@4nWaDRVN&Dae)8}c-RP<xAE
zs|z&OFA-9!?R}BQaE<k;Hq=Z=9l)Q)<I&cb>_IyR2ELk3r`1&hQ}0B|yF_TB6+oQz
zG7o2<<79C2N>%8jP_9u9vY#xV3{mQGXx<j$Sr}&HJHf46C$}QQTDiJ{#(JM_U9DHU
zp{CDm`+C~v|0NQgC{Lp}`34JFsx(SR3Wm;{@`&=~!#u--=Rd<%{5KpA{b}$29fP(s
zzDS*wW(M*|srC`&oP;h(^-4(k@7x-@H?Q)bqjDV2%|^Kr48Jkk<gf$j)Vs~9{JjnD
zVpk~F^e)B*pIT>H0QL%5?5fou8)*lyF<I-f^8x8{rR@Ohq1|!0P>CeBB6a|CTnJgJ
zh{Sx_mj;p3Fhq<nGXE|JWf)nR`V@ATB=oORq{*IDwE(sj^&xAh()rIA8jIo-EUq`q
zfVI=AI<4ht9KK~%^~xM;xtC=#G$QaG)xR+MIQ)NHM&J<spN_m1{tqYqu*d&n&_nQl
z8-X5d5xz{|_dg5prwj``E`eVK@FUoyJclnLrsf*j@KbSAr9>)2G$Z0v=O_5Zl7xaU
z=rXMWZZl+!a&EdC$=j@Q{LZfzD_oZ@n67O(yJabY3u3HF$LvegS!21;&PhV%lu=Dl
zxo5LC#XeH*--rU+tnOg#&ruV9FcZ-=hG`Z`n6S+@54tT{@lZMiOhlv#9(gy49YUt+
z@cMLY+49B;)At2h!H47j&tm?OiQohHKb*GfzlPqlum3s@J=Xu96CJK<U;po7{#cBE
zh&%bau>_+hvIJFvd``j}u~@vNG1UQ#4yL{z<e`83a#e}mX6F0>`J!zJj+;6%4H7fu
z)n(G}JN_-9ES1=&)Q^@@uTzx=cL>ypW4n2i56v6b*mNL+-0o;{$#z?eokdG^ztV9y
z7hL17dNWxrQ+}rYp-=|kZ6tf+m}J=aBiKbXk^QoA!d`;yICRM~z~DkV3z72Z>%3_8
z<srxJ<qlWvQ{0Y++y6u*pU3|D<97YW(3?*C{NGWifDFQ;JwCwyeyZ30e{DBnb41}x
zY>n%~$2xp04Rj*unlfD0Rgj$}lcw>_?0mCf_U3inPy?6=d{Tx1oLptCXZ-dgKhA%f
zS)kq5(<EUSBiDo#;aIclyHx4CyE(^`gfE*1@-gKB_!V@<<ktWur>CP+3t*v4YV?WN
zNhHyCoZVgtp}(aJjm@c-Vxw5VffG{)aPlQabdRHl<A325Iz^=a2wQNd{%_*7>VJl#
z;iRwsJ_<cH{;MLt)@i~YISBkLc>X&<mfiZF=XIatJ&;5CKOSw>|N8y;?{Vk|XS+{%
z<XIj<ktn9Tamu;#jB{7r&;|f)<If+~-nVJD{ulQC2_WFG{-5^s|Ib7lYSXs#hgEw+
zk=n23ZrNXs7&#=bO>4X-YkckQ*JSge+bZ-a%k-T5&j88-JWb>hb*m~bkwS}5umHY4
zpEar-%Hq7uQsvH);^%%iN1%iH|9E$Qiw^0(?@ikIpW(3A|D({8`1bz|it-1g-TGe!
zSfAhiPfk1Re;@xJg*M***;9y8hXC~lB#Q4woHtJ?c7sK2@vUNO<$ilL=@qUiekc>m
z#>}t%;>V<k0YXNRYcpf<D!IX`z2~KkYdc((++i?<^=p67_!vTdtAdwZ8g9qJoHbS_
zNcowLRlM|6wqE>_(lueY9g8%U13=LTFY>noRREWQXM8k`QKb4BL%|~zfbV?{m~HES
zxFS-kK}Zt%WZwchr2pP@)YkuTU;l9&+WQ$A&-JXvhh^5ASDst+o}PgA>HkyZ0uJf_
zaNPF)eXo!Ik3)})|C?`{Wdk}w^Y*)QyF>NjJ-9v)@2RJrdU^)>PXGV_|NlPuhDiWa
F007&bR~G;P

literal 0
HcmV?d00001

diff --git a/charts/rancher-webhook/2.0.2+up0.3.2-rc3/Chart.yaml b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/Chart.yaml
new file mode 100644
index 000000000..e8bb085be
--- /dev/null
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/Chart.yaml
@@ -0,0 +1,18 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.26.0-0'
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+  catalog.cattle.io/release-name: rancher-webhook
+apiVersion: v2
+appVersion: 0.3.2-rc3
+dependencies:
+- condition: capi.enabled
+  name: capi
+  repository: ""
+description: ValidatingAdmissionWebhook for Rancher types
+name: rancher-webhook
+version: 2.0.2+up0.3.2-rc3
diff --git a/charts/rancher-webhook/2.0.2+up0.3.2-rc3/charts/capi/Chart.yaml b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/charts/capi/Chart.yaml
new file mode 100644
index 000000000..388210bef
--- /dev/null
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/charts/capi/Chart.yaml
@@ -0,0 +1,4 @@
+apiVersion: v2
+appVersion: 0.0.0
+name: capi
+version: 0.0.0
diff --git a/charts/rancher-webhook/2.0.2+up0.3.2-rc3/charts/capi/templates/service.yaml b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/charts/capi/templates/service.yaml
new file mode 100644
index 000000000..d9864c82b
--- /dev/null
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/charts/capi/templates/service.yaml
@@ -0,0 +1,11 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: webhook-service
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: 8777
+  selector:
+    app: rancher-webhook
diff --git a/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/_helpers.tpl b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/_helpers.tpl
new file mode 100644
index 000000000..c37a65c6f
--- /dev/null
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "rancher-webhook.labels" -}}
+app: rancher-webhook
+{{- end }}
+
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/deployment.yaml b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/deployment.yaml
new file mode 100644
index 000000000..e5f70be95
--- /dev/null
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/deployment.yaml
@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rancher-webhook
+spec:
+  selector:
+    matchLabels:
+      app: rancher-webhook
+  template:
+    metadata:
+      labels:
+        app: rancher-webhook
+    spec:
+      volumes:
+      - name: tls
+        secret:
+          secretName: rancher-webhook-tls
+      {{- if .Values.global.hostNetwork }}
+      hostNetwork: true
+      {{- end }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
+      {{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 6 }}
+      {{- end }}
+      containers:
+      - env:
+        - name: STAMP
+          value: "{{.Values.stamp}}"
+        - name: ENABLE_CAPI
+          value: "{{.Values.capi.enabled}}"
+        - name: ENABLE_MCM
+          value: "{{.Values.mcm.enabled}}"
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: rancher-webhook
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+        ports:
+        - name: https
+          containerPort: 9443
+        - name: capi-https
+          containerPort: 8777
+        volumeMounts:
+        - name: tls
+          mountPath: /tmp/k8s-webhook-server/serving-certs
+      serviceAccountName: rancher-webhook
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{.Values.priorityClassName}}"
+      {{- end }}
diff --git a/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-cluster-role-binding.yaml b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-cluster-role-binding.yaml
new file mode 100644
index 000000000..ca439ff48
--- /dev/null
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-cluster-role-binding.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-webhook-pre-delete
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "2"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rancher-webhook-pre-delete
+subjects:
+  - kind: ServiceAccount
+    name: rancher-webhook-pre-delete
+    namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-cluster-role.yaml b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-cluster-role.yaml
new file mode 100644
index 000000000..777392aad
--- /dev/null
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-cluster-role.yaml
@@ -0,0 +1,25 @@
+{{- if .Values.preDelete.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rancher-webhook-pre-delete
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+rules:
+  - apiGroups: [ "admissionregistration.k8s.io" ]
+    resources: [ "mutatingwebhookconfigurations" ]
+    verbs: [ "delete" ]
+    resourceNames: [ "rancher.cattle.io" ]
+  - apiGroups: [ "" ]
+    resources: [ "serviceaccounts" ]
+    verbs: [ "get" ]
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+  - apiGroups: [ "policy" ]
+    resources: [ "podsecuritypolicies" ]
+    verbs: [ "use" ]
+    resourceNames: [ "rancher-webhook-pre-delete" ]
+{{- end }}
+{{- end }}
diff --git a/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-job.yaml b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-job.yaml
new file mode 100644
index 000000000..d3608f366
--- /dev/null
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-job.yaml
@@ -0,0 +1,39 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: rancher-webhook-pre-delete
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "3"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  backoffLimit: 3
+  template:
+    metadata:
+      name: rancher-webhook-pre-delete
+      labels: {{ include "rancher-webhook.labels" . | nindent 8 }}
+    spec:
+      serviceAccountName: rancher-webhook-pre-delete
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{.Values.priorityClassName}}"
+      {{- end }}
+      restartPolicy: OnFailure
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
+      {{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 6 }}
+      {{- end }}
+      containers:
+        - name: rancher-webhook-pre-delete
+          image: "{{ include "system_default_registry" . }}{{ .Values.preDelete.image.repository }}:{{ .Values.preDelete.image.tag }}"
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            runAsUser: 0
+          command: [ "kubectl", "delete", "--ignore-not-found=true", "mutatingwebhookconfigurations", "rancher.cattle.io" ]
+{{- end }}
diff --git a/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-psp.yaml b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-psp.yaml
new file mode 100644
index 000000000..df29bf8ff
--- /dev/null
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-psp.yaml
@@ -0,0 +1,33 @@
+{{- if and .Values.preDelete.enabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: rancher-webhook-pre-delete
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+spec:
+  privileged: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  volumes:
+    - 'secret'
+{{- end }}
diff --git a/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-service-account.yaml b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-service-account.yaml
new file mode 100644
index 000000000..93e215394
--- /dev/null
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/pre-delete-hook-service-account.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook-pre-delete
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+{{- end }}
diff --git a/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/rbac.yaml b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/rbac.yaml
new file mode 100644
index 000000000..9afaae6c6
--- /dev/null
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/rbac.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-webhook
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: rancher-webhook
+  namespace: {{.Release.Namespace}}
diff --git a/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/service.yaml b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/service.yaml
new file mode 100644
index 000000000..63c87998e
--- /dev/null
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/service.yaml
@@ -0,0 +1,15 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: rancher-webhook
+  namespace: cattle-system
+  annotations:
+    need-a-cert.cattle.io/secret-name: rancher-webhook-tls
+spec:
+  ports:
+  - port: 443
+    targetPort: 9443
+    protocol: TCP
+    name: https
+  selector:
+    app: rancher-webhook
diff --git a/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/serviceaccount.yaml b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/serviceaccount.yaml
new file mode 100644
index 000000000..f9251b418
--- /dev/null
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook
diff --git a/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/webhook.yaml b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/webhook.yaml
new file mode 100644
index 000000000..4f95ae896
--- /dev/null
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/templates/webhook.yaml
@@ -0,0 +1,19 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: rancher.cattle.io
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: rancher-webhook
+      namespace: cattle-system
+      path: /v1/webhook/validation
+      port: 443
+  failurePolicy: Ignore
+  matchPolicy: Equivalent
+  name: rancher.cattle.io
+  sideEffects: None
+  timeoutSeconds: 10
diff --git a/charts/rancher-webhook/2.0.2+up0.3.2-rc3/values.yaml b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/values.yaml
new file mode 100644
index 000000000..eb0ef4d45
--- /dev/null
+++ b/charts/rancher-webhook/2.0.2+up0.3.2-rc3/values.yaml
@@ -0,0 +1,28 @@
+image:
+  repository: rancher/rancher-webhook
+  tag: v0.3.2-rc3
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  hostNetwork: false
+
+capi:
+  enabled: false
+
+mcm:
+  enabled: true
+
+preDelete:
+  enabled: true
+  image:
+    repository: rancher/kubectl
+    tag: v1.23.3
+
+# tolerations for the webhook deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more info
+tolerations: []
+nodeSelector: {}
+
+## PriorityClassName assigned to deployment.
+priorityClassName: ""