From 4bd6af96bcb201af4cddb4d06170257bce8b8b7c Mon Sep 17 00:00:00 2001
From: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
Date: Thu, 21 Sep 2023 15:20:50 -0700
Subject: [PATCH] make forward-port provisioning 100.0.0+up0.0.1

---
 ...cher-provisioning-capi-100.0.0+up0.0.1.tgz | Bin 0 -> 3419 bytes
 .../100.0.0+up0.0.1/Chart.yaml                |  22 ++
 .../100.0.0+up0.0.1/templates/NOTES.txt       |   2 +
 .../100.0.0+up0.0.1/templates/_helpers.tpl    |  18 +
 ...sterrole-capi-aggregated-manager-role.yaml |  11 +
 .../clusterrole-capi-manager-role.yaml        | 323 ++++++++++++++++++
 .../templates/clusterrole-cattle.yaml         |  21 ++
 ...rrolebinding-capi-manager-rolebinding.yaml |  14 +
 .../deployment-capi-controller-manager.yaml   | 106 ++++++
 .../100.0.0+up0.0.1/templates/hardened.yaml   |  81 +++++
 .../role-capi-leader-election-role.yaml       |  26 ++
 ...ding-capi-leader-election-rolebinding.yaml |  15 +
 .../service-capi-webhook-service.yaml         |  15 +
 .../serviceaccount-capi-manager.yaml          |   7 +
 .../100.0.0+up0.0.1/values.yaml               |  25 ++
 index.yaml                                    |  26 ++
 release.yaml                                  |   1 +
 17 files changed, 713 insertions(+)
 create mode 100644 assets/rancher-provisioning-capi/rancher-provisioning-capi-100.0.0+up0.0.1.tgz
 create mode 100644 charts/rancher-provisioning-capi/100.0.0+up0.0.1/Chart.yaml
 create mode 100644 charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/NOTES.txt
 create mode 100644 charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/_helpers.tpl
 create mode 100644 charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/clusterrole-capi-aggregated-manager-role.yaml
 create mode 100644 charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/clusterrole-capi-manager-role.yaml
 create mode 100644 charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/clusterrole-cattle.yaml
 create mode 100644 charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/clusterrolebinding-capi-manager-rolebinding.yaml
 create mode 100644 charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/deployment-capi-controller-manager.yaml
 create mode 100644 charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/hardened.yaml
 create mode 100644 charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/role-capi-leader-election-role.yaml
 create mode 100644 charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/rolebinding-capi-leader-election-rolebinding.yaml
 create mode 100644 charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/service-capi-webhook-service.yaml
 create mode 100644 charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/serviceaccount-capi-manager.yaml
 create mode 100644 charts/rancher-provisioning-capi/100.0.0+up0.0.1/values.yaml

diff --git a/assets/rancher-provisioning-capi/rancher-provisioning-capi-100.0.0+up0.0.1.tgz b/assets/rancher-provisioning-capi/rancher-provisioning-capi-100.0.0+up0.0.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..3a408e613d38e1b5668547a68f8ca4cbc2e8d615
GIT binary patch
literal 3419
zcmV-h4W#lPiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH+}Z`(Ms{o9{{@a{u^eU&Ubj?*Wg57$d`i{7?bBk3-1=q?Ic
z8r!^3q>iNAq*;IWgGfo%Pg`*uCoRlB5{slbLvm&~Gn|pY%$tL-LcteA63z&lSso5a
z?`)2RvTt!fUp%llj^m7mL;c@zobvzv$*BLLKOBx6XE+=>Coi1-XmE1!0yz%_+@?fQ
zVe!IwFs$<AzLA0%;|eRnnRGh{d01h}XSRoxqF@u=^FSyvCE&X#p_SThK9M2Cw-&<z
zxaiXKMB^M)p|dyRcj$~WB{-!Z&<D)$tYNr0@qJ(}>M9XIx3<f5Gy!V?A|BpFNB{r2
zZx4=b$8wHpyT^#h5PRSvQ&}Z>OWsNaLG9~Yx`+}M-PE>*AOfPKmGyf0g)pCgk@dY}
zz&=Q8wh%7DVJK}MLdtIgV5+z1*S?f8YJSFOV4pV6SO5hqA=#2fM(^N|{GJZF=yz}!
zW{-V)Xb(F+NKcSZ=_<WYUbc%?V0ICCJP5HO6AI`HQS(|7=*)SH%3P^Xy1m|vsChK8
zJsza9>*cZQO(>uA0!&!Xi)E4QX}Q#iYZN97gmgO=f&dfhB5y8;w696<HyKHY2kjta
zrhXPTp<hVQ*|ZdrN5TU=>;sX^wyEzpwqra08-?-ze&?wfzEqm!{{qtp<Sq_?P4a&*
za?0}m#5q04|9un^;2Fe{UqHwuQC!?+4AKjT5L|$7c{Gv=gjMAI4nhjgVxghM1VVbS
zaYX5uQ{vsa=-u>!tFZtHOm#Xl$|sm6$Bd#HEJ8-;zJ)1{sJet1kt)Wa8%zCI#(RpI
zj&&F&9dvt&%fPV*x*}}E<OifU1!2xTH01)RIW&s4m2kGv6+k8$V&H;-0;x|x?#Z6V
znFpbgJ?YKCk7&$IupnLxs22+@Wnt!9E9gB9J>UWmVN>48;pL)Fe|9>I`)~ymJjI2J
z?v|a-4?m!>AY2f2dq%O87dQZfr6e;3K2ki7ZznAG)GOP88zt~LTWA<q%=F=Jp{`{G
zpak)xH6hHmu<wi4lzW)Yxm4~e=ath<J5B+sNPsoN3gqh#*qajuW6tU8DW(!$o*A0C
z1S3?hKouK4@{m(LyG?2@Bc@0IS8snwD&FI-x0fJQfWr`ksq8*C@%hb{X8Erm2x+{x
zy^CKzo?qGOMr{dWgZy{;r^Ax`KRrDe9pwK$%H19M(Ke=@mLtn0nq!G301Oc(6{Zw?
z8=cL;yGBGwBo$VXM3Y-2A{JANyOPt$vNAOr-Q6Mk(x{+%Xj8jfq8TU@a$k0zdhUnP
zj{iT;frcQYt-`HT!A<->8V-v5KX69FgZ{Uda(8DTAEtx>>KaY#vu{+f&mz&qy2x5C
zJ8?%cMfUH;EHJuUYHil)aM^32AWThB_kU!syVU?dC1elX6+XcH%I{8oM%os)VihW<
za!E6Qg{~piGxIintlVh3$4%aiD_}YWPr0aj!LN)~r#%upjK_<WvhMkRB22rj(2$8L
zXK*NLkSiZUex%3U|2F)eX#av!Fn$s|n+b^ZK0nowt+=ttR@}t@!{g%;|DW~;#|Qr3
zM@hGmaCR9PlPuZpOHMPxLmCUrLIGCZ{5_rkO{(IOykOs0*RM1oXY^qyo>EBW%gei)
z!~}abj?|nB@>L^YCqpdyoom8;7oDxJ=>(v#j}?wV(;N~N1QHLMa8b^3&HO>@Xt*OH
z3dZz$>aE#J*^2+$FnzA9=l}j-cv|xR3{ITm!}-6LvJY-tD-O2h-x{XXo(UY1p9PP?
zOg>r0m4uLh%)OhoWY&t*RSOW4T<Z)}_L~y9diWAc!6s<f_c@bxc}`6z9Q|}u2ip^X
z6=aV-P{=(tViqQtnWrf9^MmXX?NlbDEuds?N*Jc(D+sx^o3S7_EqKFB>TwSV+$dl%
z8B2Qu;*nH5NE@_<MzmJAI|`U^uA~w;tY1xyh4C_m6f<b<Mc7nesYK+dNHp|&#w68Z
z9lr4y-jiEAilwZVHQy5I)#{c!{WPfWkh8afoUd3TBiAkBbEl5)V={rc!&qIPd>81~
zH<bzT`Ec!nrqR&r+a<<1V5;Wc9K7rA1OJA$H5*yz_AC#Y1ksRlTESjdu9=-_|8@zq
zGNE;o{mv%ZJejuG?-W6(Kd|--yj1t>&zZJ}mz$pvAvgOsJkF+M7U1w9i@zmoShUoj
z9v2P9{byovHRCA36AjF}6D-%FMM503HoQrQeP4i-9>pZsp|}wy{HHY{nZL)7xNK~A
zB#q&z{kFR*_xJzn+tPbQg>Jh4JFWQtkDX)Z;Q!x8*^&R>IOYpPB(76xu{0ZRe??I1
z-AA9g;u==r?%h92q5^&D{*+W2zE3JF%i7f)WW%fzHR17RpF-MV71I5`C;v|f^Rsk`
z{1r^nP%9WV@&C!msC@r_Iyl__?WJtb34b>`zSB$j8j9+~zb|1L51P{d8dN(7Re846
z#lMUu{{~MbtY!we0<j<-yzx99F{2+;vCXQJ^rCK4<l}RUUT(wxD^Hr$5F)=`AK1YE
zqru5(iT_7^XL#WMeUv=^<1myfR)3rA`omcqr5B!-zVUQXm4u2++StCC$7BdzlF&kl
zhoy`99fZ=jJA-&l7}GuG(rz{>|0ED|OBffrDTZnt_;v^&lrBa3Mw&F2j$$E?2LWdO
zs>)RN@}rmnY*FrI_G|p>+s_woKAc~T-<+KndL*%w{}4QIOAQE32~a<g>$PoTtmbaE
zZg#f$Yms<d_>G`{d-wM7AV<V6N8hIDJ4gq=BE|oO16pnU3lZi6Q>Z^cxiHz~G6%Vm
zv!z)p8A&(Vr7oJwRs&G700vTy1)o51PIINgpFx!;8tVD=j9>q2xseOyqH3F2>?&Qx
z{biXlGh!d>(f)5ZJT8GT!+n9tobzi-f>;zr)gue8xW}oBKAw#?0&r>pG|aJKWC7SG
zTdigM=55=hl;A}=CyX-%H>DvlrToiSkOiSIgLCO&icRLP&cG`4^>BzMgc3zSmJ#y>
z533Yzp*Qc}cZzF~fb#1gh={$BiOx4VIXNCwTYr<WkSsSYIE@1M5UXt!>ImXm!(=@b
zguUxm(kfCyFaD=BArP5+I4#LB1wxe?;!XIK(OVbAmRp&}Tyzw(YH}*9iMF@Va#`WQ
zRq`WRF5ODA!ZWm79_3)BNqzZ=TNVZEgRt~rSR*;&m&#JZyxd4LdJir*yX0JzCN9DA
zco2>SpAuRiXLTEbi;|STB<eo{lvlYg>b33obQJ+%nlgVD*n=?$!u>1oIP>EpKV?Tl
z2Zb}QcK?hEwzy!XE{8&%NQehkZj4fz<{cu;qmkbf{BNVb5KET%)oPVXVm?1;y{Iqr
z$TqGtVnOB?5=<NLEaXb$Q5`j+n$M@L#Wdd`L$oxW&hyA>tSs|lm3WcukIvoD$m$^E
zVj@L8x-NSo&Fff&owfnd-2lUAV5{>mpA~XLq>?)T72sI^yBCb^1wX$5FH$+w)&l|M
z`7J<H=&3{pm3-q>&$?9PySv60S6W66=2M$X-(6{A|Ie}Tfq}p6w;(py|HI?cvi<Lz
zo*wM~y_CHDKZ&j4l>^|Pd{X1>ZX_5>-<nwx7cKQBL%rlmz+u>O?9vyD5bDl>2DY5{
z;<LHyqL52vCArHl%~KT41oolY-7*)dR;VqTu8Yk19(f*s5B^IufhiYY>1ur!OE}A1
z4C_t&d#o3#@d&hEk)okrr$DtvVjDFtr-k<&Csn)z#Ehj<tMUR?2G(wLr3Wc8xpC?p
zBgxfHvO3lpDo#tH<hRrDe>6J&kELwbB#*wT?KgEadjC3ee$C5a-lWfskvfIYr*6`<
z`x15aTEssR0>g&D;+kZB@lPv^|K9!4#gXFL&?@@SKk{o}e{>UDZ<$<8B@`c<Ea+3$
zVtR}w58oqP;kDwAZN$~KiAlvZmWBJfqZz29m*_|XIeO@7)Lr8|_M+_WMyCa|d)@1_
z6qIewxAL}Ri(dl%?2gzn;tbRmF0KiiRp{u#G#MdMGm}IxSlX!+|80qQdY*-`NuT@n
z5kiE`1jsBOS=T|e%ADsPZ$rrH-<da)r*rf0)auuhmp1zUD)Be(J|dj8OaR^(|I;5<
z@_!HC|J+Zx=fSb_H2gY>YJJtW?djSgG_^jom~-JLUdIh-rW)Pt;v-RA;Abfau^6G4
zM1^j%|84od5cpHKX=?(2Hu3+ce^QD686Lj>v6r$1|360H&l-wqFAcU+E2|MgwKC~D
z4G(I=|Jij%%^gS^pWx>BzjFNVaCCCu|GkuT7RpXJyhJyxxw^*T#{hf_>)W^7=dR6d
zoz)D|T-U8ki!5%yN^Z(mQ348!87OnNUx^VYh7z@0i>Kb_rg9JdPn;2j*xy!H0-N}M
xFs$(Z$#8Js|9zDEdMI`j;oF-1pL%@`<xmdgP`=ml-v9sr|Nr$la#8?j004XZrXT<S

literal 0
HcmV?d00001

diff --git a/charts/rancher-provisioning-capi/100.0.0+up0.0.1/Chart.yaml b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/Chart.yaml
new file mode 100644
index 000000000..a9f2f7020
--- /dev/null
+++ b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/Chart.yaml
@@ -0,0 +1,22 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Rancher Provisioning CAPI Controller Manager
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>=1.23.0-0'
+  catalog.cattle.io/namespace: cattle-provisioning-capi-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: apps.deployment/v1
+  catalog.cattle.io/rancher-version: '>= 2.7.0-0'
+  catalog.cattle.io/release-name: rancher-provisioning-capi
+apiVersion: v1
+appVersion: 1.4.4
+description: capi-controller-manager compatible with Rancher Provisioning
+home: https://github.com/rancher/provisioning/blob/main/charts/capi/
+maintainers:
+- email: chris.kim@suse.com
+  name: Chris Kim
+name: rancher-provisioning-capi
+sources:
+- https://github.com/rancher/provisioning/blob/main/charts/capi/
+version: 100.0.0+up0.0.1
diff --git a/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/NOTES.txt b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/NOTES.txt
new file mode 100644
index 000000000..2070555e0
--- /dev/null
+++ b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/NOTES.txt
@@ -0,0 +1,2 @@
+{{ $.Chart.Name }} has been installed. Check its status by running:
+  kubectl --namespace {{ .Release.Namespace }} get pods"
\ No newline at end of file
diff --git a/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/_helpers.tpl b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/_helpers.tpl
new file mode 100644
index 000000000..d46154c54
--- /dev/null
+++ b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/_helpers.tpl
@@ -0,0 +1,18 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
diff --git a/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/clusterrole-capi-aggregated-manager-role.yaml b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/clusterrole-capi-aggregated-manager-role.yaml
new file mode 100644
index 000000000..760c5f9a6
--- /dev/null
+++ b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/clusterrole-capi-aggregated-manager-role.yaml
@@ -0,0 +1,11 @@
+aggregationRule:
+  clusterRoleSelectors:
+    - matchLabels:
+        cluster.x-k8s.io/aggregate-to-manager: "true"
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+  name: capi-aggregated-manager-role
+rules: []
diff --git a/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/clusterrole-capi-manager-role.yaml b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/clusterrole-capi-manager-role.yaml
new file mode 100644
index 000000000..d3d02e51a
--- /dev/null
+++ b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/clusterrole-capi-manager-role.yaml
@@ -0,0 +1,323 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    cluster.x-k8s.io/aggregate-to-manager: "true"
+    cluster.x-k8s.io/provider: cluster-api
+  name: capi-manager-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - addons.cluster.x-k8s.io
+    resources:
+      - '*'
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - addons.cluster.x-k8s.io
+    resources:
+      - clusterresourcesets/finalizers
+      - clusterresourcesets/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - bootstrap.cluster.x-k8s.io
+      - controlplane.cluster.x-k8s.io
+      - infrastructure.cluster.x-k8s.io
+    resources:
+      - '*'
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - bootstrap.cluster.x-k8s.io
+      - infrastructure.cluster.x-k8s.io
+    resources:
+      - '*'
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - clusterclasses
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - clusterclasses
+      - clusterclasses/status
+    verbs:
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - clusters
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - clusters
+      - clusters/finalizers
+      - clusters/status
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - clusters
+      - clusters/status
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinedeployments
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinedeployments
+      - machinedeployments/finalizers
+    verbs:
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinedeployments
+      - machinedeployments/finalizers
+      - machinedeployments/status
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinehealthchecks
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinehealthchecks
+      - machinehealthchecks/finalizers
+      - machinehealthchecks/status
+    verbs:
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinepools
+      - machinepools/finalizers
+      - machinepools/status
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machines
+      - machines/finalizers
+      - machines/status
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machines
+      - machines/status
+    verbs:
+      - delete
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinesets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinesets
+      - machinesets/finalizers
+    verbs:
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinesets
+      - machinesets/finalizers
+      - machinesets/status
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - patch
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - get
+      - list
+      - patch
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - watch
+  - apiGroups:
+      - ipam.cluster.x-k8s.io
+    resources:
+      - ipaddressclaims
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - runtime.cluster.x-k8s.io
+    resources:
+      - extensionconfigs
+      - extensionconfigs/status
+    verbs:
+      - get
+      - list
+      - patch
+      - update
+      - watch
diff --git a/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/clusterrole-cattle.yaml b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/clusterrole-cattle.yaml
new file mode 100644
index 000000000..5beeafdda
--- /dev/null
+++ b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/clusterrole-cattle.yaml
@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: provisioning-rke-cattle-io
+  labels:
+    cluster.x-k8s.io/aggregate-to-manager: "true"
+rules:
+  - apiGroups: ["rke.cattle.io"]
+    resources: ["*"]
+    verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: provisioning-rke-machine-cattle-io
+  labels:
+    cluster.x-k8s.io/aggregate-to-manager: "true"
+rules:
+  - apiGroups: ["rke-machine.cattle.io"]
+    resources: ["*"]
+    verbs: ["*"]
diff --git a/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/clusterrolebinding-capi-manager-rolebinding.yaml b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/clusterrolebinding-capi-manager-rolebinding.yaml
new file mode 100644
index 000000000..2fb193d4a
--- /dev/null
+++ b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/clusterrolebinding-capi-manager-rolebinding.yaml
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+  name: capi-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: capi-aggregated-manager-role
+subjects:
+  - kind: ServiceAccount
+    name: capi-manager
+    namespace: "{{ .Release.Namespace }}"
diff --git a/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/deployment-capi-controller-manager.yaml b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/deployment-capi-controller-manager.yaml
new file mode 100644
index 000000000..edfd66fd7
--- /dev/null
+++ b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/deployment-capi-controller-manager.yaml
@@ -0,0 +1,106 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    control-plane: controller-manager
+  name: capi-controller-manager
+  namespace: "{{ .Release.Namespace }}"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      cluster.x-k8s.io/provider: cluster-api
+      control-plane: controller-manager
+  template:
+    metadata:
+      labels:
+        cluster.x-k8s.io/provider: cluster-api
+        control-plane: controller-manager
+    spec:
+      containers:
+        - command:
+            - /manager
+          env:
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
+{{- if .Values.extraEnv }}
+{{ toYaml .Values.extraEnv | indent 12 }}
+{{- end }}
+          imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: healthz
+          name: manager
+          ports:
+            - containerPort: 9443
+              name: webhook-server
+              protocol: TCP
+            - containerPort: 9440
+              name: healthz
+              protocol: TCP
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: healthz
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            privileged: false
+            runAsGroup: 65532
+            runAsUser: 65532
+          volumeMounts:
+            - mountPath: /tmp/k8s-webhook-server/serving-certs
+              name: cert
+              readOnly: true
+          image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+          args:
+            - --leader-elect
+{{ toYaml .Values.args | indent 12 }}
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: capi-manager
+      terminationGracePeriodSeconds: 10
+      volumes:
+        - name: cert
+          secret:
+            secretName: capi-webhook-service-cert
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
+      {{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 6 }}
+      {{- else }}
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/controlplane
+        value: "true"
+      - effect: NoSchedule
+        key: "node-role.kubernetes.io/control-plane"
+        operator: "Exists"
+      - effect: NoSchedule
+        key: "node-role.kubernetes.io/master"
+        operator: "Exists"
+      - effect: "NoExecute"
+        key: "node-role.kubernetes.io/etcd"
+        operator: "Exists"
+      {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{.Values.priorityClassName}}"
+      {{- end }}
diff --git a/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/hardened.yaml b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/hardened.yaml
new file mode 100644
index 000000000..c56951b43
--- /dev/null
+++ b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/hardened.yaml
@@ -0,0 +1,81 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: rancher-provisioning-capi-patch-sa
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: rancher-provisioning-capi-patch-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    metadata:
+      name: rancher-provisioning-capi-patch-sa
+      labels:
+        app: rancher-provisioning-capi-patch-sa
+    spec:
+      serviceAccountName: rancher-provisioning-capi-patch-sa
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+      restartPolicy: Never
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+      containers:
+        - name: patch-sa-{{ .Release.Namespace }}
+          image: {{ template "system_default_registry" $ }}{{ $.Values.global.kubectl.repository }}:{{ $.Values.global.kubectl.tag }}
+          imagePullPolicy: {{ $.Values.global.kubectl.pullPolicy }}
+          command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+          args: ["-n", "{{ .Release.Namespace }}"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rancher-provisioning-capi-patch-sa
+  labels:
+    app: rancher-provisioning-capi-patch-sa
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - serviceaccounts
+    verbs: ['get', 'patch']
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-provisioning-capi-patch-sa
+  labels:
+    app: rancher-provisioning-capi-patch-sa
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rancher-provisioning-capi-patch-sa
+subjects:
+  - kind: ServiceAccount
+    name: rancher-provisioning-capi-patch-sa
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-provisioning-capi-patch-sa
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: rancher-provisioning-capi-patch-sa
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector: {}
+  ingress:
+    - {}
+  egress:
+    - {}
+  policyTypes:
+    - Ingress
+    - Egress
diff --git a/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/role-capi-leader-election-role.yaml b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/role-capi-leader-election-role.yaml
new file mode 100644
index 000000000..d1b53aafc
--- /dev/null
+++ b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/role-capi-leader-election-role.yaml
@@ -0,0 +1,26 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+  name: capi-leader-election-role
+  namespace: "{{ .Release.Namespace }}"
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
diff --git a/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/rolebinding-capi-leader-election-rolebinding.yaml b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/rolebinding-capi-leader-election-rolebinding.yaml
new file mode 100644
index 000000000..28c91de65
--- /dev/null
+++ b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/rolebinding-capi-leader-election-rolebinding.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+  name: capi-leader-election-rolebinding
+  namespace: "{{ .Release.Namespace }}"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: capi-leader-election-role
+subjects:
+  - kind: ServiceAccount
+    name: capi-manager
+    namespace: "{{ .Release.Namespace }}"
diff --git a/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/service-capi-webhook-service.yaml b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/service-capi-webhook-service.yaml
new file mode 100644
index 000000000..109b368d4
--- /dev/null
+++ b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/service-capi-webhook-service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+  name: capi-webhook-service
+  namespace: "{{ .Release.Namespace }}"
+  annotations:
+    need-a-cert.cattle.io/secret-name: capi-webhook-service-cert
+spec:
+  ports:
+    - port: 443
+      targetPort: webhook-server
+  selector:
+    cluster.x-k8s.io/provider: cluster-api
diff --git a/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/serviceaccount-capi-manager.yaml b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/serviceaccount-capi-manager.yaml
new file mode 100644
index 000000000..afba51620
--- /dev/null
+++ b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/serviceaccount-capi-manager.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+  name: capi-manager
+  namespace: "{{ .Release.Namespace }}"
diff --git a/charts/rancher-provisioning-capi/100.0.0+up0.0.1/values.yaml b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/values.yaml
new file mode 100644
index 000000000..0be412e18
--- /dev/null
+++ b/charts/rancher-provisioning-capi/100.0.0+up0.0.1/values.yaml
@@ -0,0 +1,25 @@
+image:
+  repository: rancher/mirrored-cluster-api-controller
+  tag: v1.4.4
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+    pullPolicy: IfNotPresent
+
+# tolerations for the capi-controller-manager deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more info
+tolerations: []
+
+nodeSelector: {}
+
+## PriorityClassName assigned to deployment.
+priorityClassName: ""
+
+extraEnv: []
+args:
+  - "--metrics-bind-addr=localhost:8080"
+  - "--feature-gates=MachinePool=false,ClusterResourceSet=false,ClusterTopology=false,RuntimeSDK=false,LazyRestmapper=false"
diff --git a/index.yaml b/index.yaml
index 0577b0821..94237c592 100755
--- a/index.yaml
+++ b/index.yaml
@@ -14164,6 +14164,32 @@ entries:
     urls:
     - assets/rancher-provisioning-capi/rancher-provisioning-capi-103.0.0+up0.0.1.tgz
     version: 103.0.0+up0.0.1
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: Rancher Provisioning CAPI Controller Manager
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>=1.23.0-0'
+      catalog.cattle.io/namespace: cattle-provisioning-capi-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: apps.deployment/v1
+      catalog.cattle.io/rancher-version: '>= 2.7.0-0'
+      catalog.cattle.io/release-name: rancher-provisioning-capi
+    apiVersion: v1
+    appVersion: 1.4.4
+    created: "2023-09-21T15:20:40.064263-07:00"
+    description: capi-controller-manager compatible with Rancher Provisioning
+    digest: 40721dd822b35c4e8c8de0117f0989334a5dd4b19dfb274f6ffd52f8bb8fd7f0
+    home: https://github.com/rancher/provisioning/blob/main/charts/capi/
+    maintainers:
+    - email: chris.kim@suse.com
+      name: Chris Kim
+    name: rancher-provisioning-capi
+    sources:
+    - https://github.com/rancher/provisioning/blob/main/charts/capi/
+    urls:
+    - assets/rancher-provisioning-capi/rancher-provisioning-capi-100.0.0+up0.0.1.tgz
+    version: 100.0.0+up0.0.1
   rancher-pushprox:
   - annotations:
       catalog.cattle.io/hidden: "true"
diff --git a/release.yaml b/release.yaml
index 4a79009d4..f6cd97dd6 100644
--- a/release.yaml
+++ b/release.yaml
@@ -19,6 +19,7 @@ fleet-crd:
   - 103.1.0+up0.9.0-rc.1
 rancher-provisioning-capi:
   - 103.0.0+up0.0.1
+  - 100.0.0+up0.0.1
 rancher-webhook:
   - 103.0.0+up0.4.0-rc7
 rancher-aks-operator: