From 31648c9178be3472b55da0643a6d29a2f227aa70 Mon Sep 17 00:00:00 2001
From: Vaishnav Gaikwad <vaishnavgaikwad721@gmail.com>
Date: Wed, 15 Jun 2022 09:59:13 +0530
Subject: [PATCH 01/10] add gatekeeper:3.8.1

---
 .../generated-changes/patch/Chart.yaml.patch  |  8 ++---
 .../generated-changes/patch/README.md.patch   | 16 ++++-----
 .../gatekeeper-audit-deployment.yaml.patch    | 24 +++++++++----
 ...r-controller-manager-deployment.yaml.patch | 27 +++++++++------
 .../templates/upgrade-crds-hook.yaml.patch    | 14 +++++---
 .../generated-changes/patch/values.yaml.patch | 34 +++++++++----------
 packages/rancher-gatekeeper/package.yaml      |  4 +--
 .../crd-template/templates/_helpers.tpl       | 15 ++++++++
 release.yaml                                  |  2 ++
 9 files changed, 90 insertions(+), 54 deletions(-)

diff --git a/packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch b/packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch
index 6fd0fef19..67f4cba05 100644
--- a/packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch
+++ b/packages/rancher-gatekeeper/generated-changes/patch/Chart.yaml.patch
@@ -5,17 +5,17 @@
 +  catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
 +  catalog.cattle.io/certified: rancher
 +  catalog.cattle.io/display-name: OPA Gatekeeper
-+  catalog.cattle.io/kube-version: '>= 1.16.0-0'
++  catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.25.0-0'
 +  catalog.cattle.io/namespace: cattle-gatekeeper-system
 +  catalog.cattle.io/os: linux
 +  catalog.cattle.io/permits-os: linux,windows
 +  catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1
-+  catalog.cattle.io/rancher-version: '>= 2.6.0-0 <= 2.6.100-0'
++  catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0'
 +  catalog.cattle.io/release-name: rancher-gatekeeper
 +  catalog.cattle.io/type: cluster-tool
 +  catalog.cattle.io/ui-component: gatekeeper
  apiVersion: v2
- appVersion: v3.7.1
+ appVersion: v3.8.1
 -description: A Helm chart for Gatekeeper
 +description: Modifies Open Policy Agent's upstream gatekeeper chart that provides
 +  policy-based control for cloud native environments
@@ -28,4 +28,4 @@
 +name: rancher-gatekeeper
  sources:
  - https://github.com/open-policy-agent/gatekeeper.git
- version: 3.7.1
+ version: 3.8.1
diff --git a/packages/rancher-gatekeeper/generated-changes/patch/README.md.patch b/packages/rancher-gatekeeper/generated-changes/patch/README.md.patch
index 50bb6274d..a31725488 100644
--- a/packages/rancher-gatekeeper/generated-changes/patch/README.md.patch
+++ b/packages/rancher-gatekeeper/generated-changes/patch/README.md.patch
@@ -1,11 +1,11 @@
 --- charts-original/README.md
 +++ charts/README.md
-@@ -71,7 +71,7 @@
- | postInstall.labelNamespace.image.pullSecrets | Image pullSecrets                                                                      | `[]`                                                                      |
- | psp.enabled                                  | Enabled PodSecurityPolicy                                                              | `true`                                                                    |
- | upgradeCRDs.enabled                          | Upgrade CRDs using pre-install/pre-upgrade hooks                                       | `true`                                                                    |
--| auditInterval                                | The frequency with which audit is run                                                  | `60`                                                                      |
+@@ -79,7 +79,7 @@
+ | psp.enabled                                   | Enabled PodSecurityPolicy                                                                                                                                                                                                                           | `true`                                                                    |
+ | upgradeCRDs.enabled                           | Upgrade CRDs using pre-install/pre-upgrade hooks                                                                                                                                                                                                    | `true`                                                                    |
+ | crds.securityContext | Security context applied to the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 65532, "runAsNonRoot": true, "runAsUser": 65532 }` |
+-| auditInterval                                 | The frequency with which audit is run                                                                                                                                                                                                               | `60`                                                                      |
 +| auditInterval                                | The frequency with which audit is run                                                  | `300`                                                                      |
- | constraintViolationsLimit                    | The maximum # of audit violations reported on a constraint                             | `20`                                                                      |
- | auditFromCache                               | Take the roster of resources to audit from the OPA cache                               | `false`                                                                   |
- | auditChunkSize                               | Chunk size for listing cluster resources for audit (alpha feature)                     | `0`                                                                       |
+ | constraintViolationsLimit                     | The maximum # of audit violations reported on a constraint                                                                                                                                                                                          | `20`                                                                      |
+ | auditFromCache                                | Take the roster of resources to audit from the OPA cache                                                                                                                                                                                            | `false`                                                                   |
+ | auditChunkSize                                | Chunk size for listing cluster resources for audit (alpha feature)                                                                                                                                                                                  | `0`                                                                       |
diff --git a/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch b/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch
index 00dde3b33..f668175b0 100644
--- a/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch
+++ b/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-audit-deployment.yaml.patch
@@ -1,30 +1,40 @@
 --- charts-original/templates/gatekeeper-audit-deployment.yaml
 +++ charts/templates/gatekeeper-audit-deployment.yaml
-@@ -67,8 +67,8 @@
+@@ -40,11 +40,7 @@
+         {{- toYaml .Values.audit.affinity | nindent 8 }}
+       automountServiceAccountToken: true
+       containers:
+-      - {{- if .Values.image.release }}
+-        image: {{ .Values.image.repository }}:{{ .Values.image.release }}
+-        {{- else }}
+-        image: {{ .Values.image.repository }}
+-        {{- end }}
++      - image: '{{ template "system_default_registry" . }}{{ .Values.images.gatekeeper.repository }}:{{ .Values.images.gatekeeper.tag }}'
+         args:
+         - --audit-interval={{ .Values.auditInterval }}
+         - --log-level={{ .Values.logLevel }}
+@@ -72,7 +68,7 @@
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
--        image: '{{ .Values.image.repository }}:{{ .Values.image.release }}'
 -        imagePullPolicy: '{{ .Values.image.pullPolicy }}'
-+        image: '{{ template "system_default_registry" . }}{{ .Values.images.gatekeeper.repository }}:{{ .Values.images.gatekeeper.tag }}'
 +        imagePullPolicy: '{{ .Values.images.pullPolicy }}'
          livenessProbe:
            httpGet:
              path: /healthz
-@@ -102,16 +102,20 @@
+@@ -99,16 +95,20 @@
        dnsPolicy: {{ .Values.audit.dnsPolicy }}
        hostNetwork: {{ .Values.audit.hostNetwork }}
        imagePullSecrets:
 -        {{- toYaml .Values.image.pullSecrets | nindent 8 }}
 -      nodeSelector:
 -        {{- toYaml .Values.audit.nodeSelector | nindent 8 }}
--      {{- if .Values.audit.priorityClassName }} 
 +        {{- toYaml .Values.images.pullSecrets | nindent 8 }}
 +      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
 +{{- if .Values.audit.nodeSelector }}
 +{{ toYaml .Values.audit.nodeSelector | indent 8 }}
 +{{- end }}
-+      {{- if .Values.audit.priorityClassName }}
+       {{- if .Values.audit.priorityClassName }}
        priorityClassName:  {{ .Values.audit.priorityClassName }}
        {{- end }}
        serviceAccountName: gatekeeper-admin
@@ -36,5 +46,5 @@
 +{{ toYaml .Values.audit.tolerations | indent 8 }}
 +{{- end }}
        volumes:
-       {{- if .Values.audit.writeToRAMDisk }} 
+       {{- if .Values.audit.writeToRAMDisk }}
        - emptyDir:
diff --git a/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch b/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch
index c34d08055..5d954e7ab 100644
--- a/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch
+++ b/packages/rancher-gatekeeper/generated-changes/patch/templates/gatekeeper-controller-manager-deployment.yaml.patch
@@ -1,17 +1,28 @@
 --- charts-original/templates/gatekeeper-controller-manager-deployment.yaml
 +++ charts/templates/gatekeeper-controller-manager-deployment.yaml
-@@ -76,8 +76,8 @@
+@@ -40,11 +40,8 @@
+         {{- toYaml .Values.controllerManager.affinity | nindent 8 }}
+       automountServiceAccountToken: true
+       containers:
+-      - {{- if .Values.image.release }}
+-        image: {{ .Values.image.repository }}:{{ .Values.image.release }}
+-        {{- else }}
+-        image: {{ .Values.image.repository }}
+-        {{- end }}
++      - image: '{{ template "system_default_registry" . }}{{ .Values.images.gatekeeper.repository }}:{{ .Values.images.gatekeeper.tag }}'
++        imagePullPolicy: '{{ .Values.images.pullPolicy }}'
+         args:
+         - --port={{ .Values.controllerManager.port }}
+         - --health-addr=:{{ .Values.controllerManager.healthPort }}
+@@ -84,7 +81,6 @@
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
--        image: '{{ .Values.image.repository }}:{{ .Values.image.release }}'
 -        imagePullPolicy: '{{ .Values.image.pullPolicy }}'
-+        image: '{{ template "system_default_registry" . }}{{ .Values.images.gatekeeper.repository }}:{{ .Values.images.gatekeeper.tag }}'
-+        imagePullPolicy: '{{ .Values.images.pullPolicy }}'
          livenessProbe:
            httpGet:
              path: /healthz
-@@ -115,18 +115,22 @@
+@@ -115,16 +111,20 @@
        dnsPolicy: {{ .Values.controllerManager.dnsPolicy }}
        hostNetwork: {{ .Values.controllerManager.hostNetwork }}
        imagePullSecrets:
@@ -23,7 +34,7 @@
 +{{- if .Values.controllerManager.nodeSelector }}
 +{{ toYaml .Values.controllerManager.nodeSelector | indent 8 }}
 +{{- end }}
-       {{- if .Values.controllerManager.priorityClassName }} 
+       {{- if .Values.controllerManager.priorityClassName }}
        priorityClassName:  {{ .Values.controllerManager.priorityClassName }}
        {{- end }}
        serviceAccountName: gatekeeper-admin
@@ -37,7 +48,3 @@
        volumes:
        - name: cert
          secret:
-           defaultMode: 420
--          secretName: gatekeeper-webhook-server-cert
-+          secretName: gatekeeper-webhook-server-cert
-\ No newline at end of file
diff --git a/packages/rancher-gatekeeper/generated-changes/patch/templates/upgrade-crds-hook.yaml.patch b/packages/rancher-gatekeeper/generated-changes/patch/templates/upgrade-crds-hook.yaml.patch
index fdaf30866..173ed369f 100644
--- a/packages/rancher-gatekeeper/generated-changes/patch/templates/upgrade-crds-hook.yaml.patch
+++ b/packages/rancher-gatekeeper/generated-changes/patch/templates/upgrade-crds-hook.yaml.patch
@@ -1,6 +1,6 @@
 --- charts-original/templates/upgrade-crds-hook.yaml
 +++ charts/templates/upgrade-crds-hook.yaml
-@@ -75,14 +75,14 @@
+@@ -75,18 +75,14 @@
      spec:
        serviceAccountName: gatekeeper-admin-upgrade-crds
        restartPolicy: Never
@@ -12,17 +12,21 @@
        {{- end }}
        containers:
        - name: crds-upgrade
+-        {{- if not .Values.image.release }}
+-        image: '{{ .Values.image.crdRepository }}'
+-        {{- else }}
 -        image: '{{ .Values.image.crdRepository }}:{{ .Values.image.release }}'
+-        {{- end }}
 -        imagePullPolicy: '{{ .Values.image.pullPolicy }}'
 +        image: '{{ template "system_default_registry" . }}{{ .Values.images.gatekeepercrd.repository }}:{{ .Values.images.gatekeepercrd.tag }}'
 +        imagePullPolicy: '{{ .Values.images.pullPolicy }}'
          args:
          - apply
          - -f
-@@ -98,7 +98,6 @@
-           runAsGroup: 65532
-           runAsNonRoot: true
-           runAsUser: 65532
+@@ -95,7 +91,6 @@
+           {{- toYaml .Values.crds.resources | nindent 10 }}
+         securityContext:
+           {{- toYaml .Values.crds.securityContext | nindent 10 }}
 -      nodeSelector:
 -        kubernetes.io/os: linux
 -
diff --git a/packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch b/packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch
index d575342de..88a50b94c 100644
--- a/packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch
+++ b/packages/rancher-gatekeeper/generated-changes/patch/values.yaml.patch
@@ -1,55 +1,53 @@
 --- charts-original/values.yaml
 +++ charts/values.yaml
-@@ -1,5 +1,5 @@
- replicas: 3
--auditInterval: 60
-+auditInterval: 300
- auditMatchKindOnly: false
- constraintViolationsLimit: 20
- auditFromCache: false
-@@ -22,14 +22,17 @@
+@@ -30,8 +30,8 @@
    labelNamespace:
      enabled: true
      image:
 -      repository: openpolicyagent/gatekeeper-crds
--      tag: v3.7.1
+-      tag: v3.8.1
 +      repository: rancher/kubectl
 +      tag: v1.20.2
        pullPolicy: IfNotPresent
        pullSecrets: []
+   securityContext:
+@@ -60,10 +60,13 @@
+     runAsGroup: 999
+     runAsNonRoot: true
+     runAsUser: 1000
 -image:
 -  repository: openpolicyagent/gatekeeper
 -  crdRepository: openpolicyagent/gatekeeper-crds
--  release: v3.7.1
+-  release: v3.8.1
 +images:
 +  gatekeeper:
 +    repository: rancher/mirrored-openpolicyagent-gatekeeper
-+    tag: v3.7.1
++    tag: v3.8.1
 +  gatekeepercrd:
 +    repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
-+    tag: v3.7.1
++    tag: v3.8.1
    pullPolicy: IfNotPresent
    pullSecrets: []
  podAnnotations:
-@@ -59,7 +62,7 @@
+@@ -93,7 +96,7 @@
              topologyKey: kubernetes.io/hostname
            weight: 100
    tolerations: []
--  nodeSelector: { kubernetes.io/os: linux }
+-  nodeSelector: {kubernetes.io/os: linux}
 +  nodeSelector: {}
    resources:
      limits:
        cpu: 1000m
-@@ -75,7 +78,7 @@
+@@ -118,7 +121,7 @@
    priorityClassName: system-cluster-critical
    affinity: {}
    tolerations: []
--  nodeSelector: { kubernetes.io/os: linux }
+-  nodeSelector: {kubernetes.io/os: linux}
 +  nodeSelector: {}
    writeToRAMDisk: false
    resources:
      limits:
-@@ -89,6 +92,12 @@
+@@ -150,6 +153,12 @@
  pdb:
    controllerManager:
      minAvailable: 1
@@ -60,5 +58,5 @@
 +    repository: rancher/kubectl
 +    tag: v1.20.2
  service: {}
- disabledBuiltins:
+ disabledBuiltins: ["{http.send}"]
  psp:
diff --git a/packages/rancher-gatekeeper/package.yaml b/packages/rancher-gatekeeper/package.yaml
index bf18d743c..ac75a2b77 100644
--- a/packages/rancher-gatekeeper/package.yaml
+++ b/packages/rancher-gatekeeper/package.yaml
@@ -1,5 +1,5 @@
-url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.7.1.tgz
-version: 100.1.1
+url: https://open-policy-agent.github.io/gatekeeper/charts/gatekeeper-3.8.1.tgz
+version: 100.2.0
 additionalCharts:
   - workingDir: charts-crd
     crdOptions:
diff --git a/packages/rancher-gatekeeper/templates/crd-template/templates/_helpers.tpl b/packages/rancher-gatekeeper/templates/crd-template/templates/_helpers.tpl
index 39b26c195..6a89079bc 100644
--- a/packages/rancher-gatekeeper/templates/crd-template/templates/_helpers.tpl
+++ b/packages/rancher-gatekeeper/templates/crd-template/templates/_helpers.tpl
@@ -5,3 +5,18 @@
 {{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
diff --git a/release.yaml b/release.yaml
index 03c3caaf3..daa75e9fe 100644
--- a/release.yaml
+++ b/release.yaml
@@ -10,8 +10,10 @@ system-upgrade-controller:
 - 100.0.3+up0.3.2
 rancher-gatekeeper:
 - 100.1.1+up3.7.1
+- 100.2.0+up3.8.1
 rancher-gatekeeper-crd:
 - 100.1.1+up3.7.1
+- 100.2.0+up3.8.1
 rancher-aks-operator:
 - 100.0.5+up1.0.6-rc1
 - 100.0.5+up1.0.6-rc2

From d4c3b6e869c3d9003b671ead2b0a6f310e4e2536 Mon Sep 17 00:00:00 2001
From: Vaishnav Gaikwad <vaishnavgaikwad721@gmail.com>
Date: Fri, 17 Jun 2022 15:19:07 +0530
Subject: [PATCH 02/10] remove 100.1.1+up3.7.1 chart and assets

---
 ...rancher-gatekeeper-crd-100.1.1+up3.7.1.tgz | Bin 9230 -> 0 bytes
 .../rancher-gatekeeper-100.1.1+up3.7.1.tgz    | Bin 10893 -> 0 bytes
 .../100.1.1+up3.7.1/Chart.yaml                |  10 -
 .../100.1.1+up3.7.1/README.md                 |   2 -
 .../assign-customresourcedefinition.yaml      | 444 -----------------
 ...signmetadata-customresourcedefinition.yaml | 376 ---------------
 .../config-customresourcedefinition.yaml      | 105 -----
 ...intpodstatus-customresourcedefinition.yaml |  67 ---
 ...ainttemplate-customresourcedefinition.yaml | 303 ------------
 ...atepodstatus-customresourcedefinition.yaml |  66 ---
 .../modifyset-customresourcedefinition.yaml   | 446 ------------------
 ...torpodstatus-customresourcedefinition.yaml |  65 ---
 .../provider-customresourcedefinition.yaml    |  44 --
 .../100.1.1+up3.7.1/templates/_helpers.tpl    |   7 -
 .../100.1.1+up3.7.1/templates/jobs.yaml       | 108 -----
 .../100.1.1+up3.7.1/templates/manifest.yaml   |  14 -
 .../100.1.1+up3.7.1/templates/rbac.yaml       |  72 ---
 .../100.1.1+up3.7.1/values.yaml               |  11 -
 .../100.1.1+up3.7.1/.helmignore               |  21 -
 .../100.1.1+up3.7.1/CHANGELOG.md              |  15 -
 .../100.1.1+up3.7.1/Chart.yaml                |  26 -
 .../100.1.1+up3.7.1/README.md                 | 130 -----
 .../100.1.1+up3.7.1/app-readme.md             |  14 -
 .../100.1.1+up3.7.1/templates/_helpers.tpl    |  64 ---
 .../templates/allowedrepos.yaml               |  35 --
 .../gatekeeper-admin-podsecuritypolicy.yaml   |  38 --
 .../gatekeeper-admin-serviceaccount.yaml      |  11 -
 .../gatekeeper-audit-deployment.yaml          | 126 -----
 ...ekeeper-controller-manager-deployment.yaml | 136 ------
 ...ontroller-manager-poddisruptionbudget.yaml |  26 -
 ...atekeeper-critical-pods-resourcequota.yaml |  23 -
 .../gatekeeper-manager-role-clusterrole.yaml  | 165 -------
 .../gatekeeper-manager-role-role.yaml         |  34 --
 ...anager-rolebinding-clusterrolebinding.yaml |  20 -
 ...eeper-manager-rolebinding-rolebinding.yaml |  21 -
 ...guration-mutatingwebhookconfiguration.yaml |  40 --
 ...ration-validatingwebhookconfiguration.yaml |  66 ---
 ...gatekeeper-webhook-server-cert-secret.yaml |  12 -
 .../gatekeeper-webhook-service-service.yaml   |  30 --
 .../templates/namespace-post-install.yaml     | 109 -----
 .../templates/requiredlabels.yaml             |  57 ---
 .../templates/upgrade-crds-hook.yaml          | 103 ----
 .../templates/validate-install-crd.yaml       |  22 -
 .../100.1.1+up3.7.1/values.yaml               | 108 -----
 index.yaml                                    |  44 --
 45 files changed, 3636 deletions(-)
 delete mode 100644 assets/rancher-gatekeeper-crd/rancher-gatekeeper-crd-100.1.1+up3.7.1.tgz
 delete mode 100644 assets/rancher-gatekeeper/rancher-gatekeeper-100.1.1+up3.7.1.tgz
 delete mode 100644 charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/Chart.yaml
 delete mode 100644 charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/README.md
 delete mode 100644 charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/assign-customresourcedefinition.yaml
 delete mode 100644 charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/assignmetadata-customresourcedefinition.yaml
 delete mode 100644 charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/config-customresourcedefinition.yaml
 delete mode 100644 charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/constraintpodstatus-customresourcedefinition.yaml
 delete mode 100644 charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/constrainttemplate-customresourcedefinition.yaml
 delete mode 100644 charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml
 delete mode 100644 charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/modifyset-customresourcedefinition.yaml
 delete mode 100644 charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml
 delete mode 100644 charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/provider-customresourcedefinition.yaml
 delete mode 100644 charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/templates/_helpers.tpl
 delete mode 100644 charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/templates/jobs.yaml
 delete mode 100644 charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/templates/manifest.yaml
 delete mode 100644 charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/templates/rbac.yaml
 delete mode 100644 charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/values.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/.helmignore
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/CHANGELOG.md
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/Chart.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/README.md
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/app-readme.md
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/_helpers.tpl
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/allowedrepos.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-admin-podsecuritypolicy.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-admin-serviceaccount.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-audit-deployment.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-controller-manager-deployment.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-critical-pods-resourcequota.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-manager-role-clusterrole.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-manager-role-role.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-manager-rolebinding-rolebinding.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-webhook-server-cert-secret.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-webhook-service-service.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/namespace-post-install.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/requiredlabels.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/upgrade-crds-hook.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/validate-install-crd.yaml
 delete mode 100644 charts/rancher-gatekeeper/100.1.1+up3.7.1/values.yaml

diff --git a/assets/rancher-gatekeeper-crd/rancher-gatekeeper-crd-100.1.1+up3.7.1.tgz b/assets/rancher-gatekeeper-crd/rancher-gatekeeper-crd-100.1.1+up3.7.1.tgz
deleted file mode 100644
index 85846ec1798a5002cdedbff8ee3eb50353a488d0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 9230
zcmai)WmFvBlE85Z1cJK_7Tnz-1a}MW?(V@o1RdN5NN^ZJaCaxTOK=_BVK(`{_jdQ}
zm+cST)wk>1s#D#!y6V?W5r={c^LK+Xz%ZH0s<WHRD)B1%3h<b5X|r2s@Yw2U2=J<C
zYx64UIM|swS@>$IIg7|zIyl0d1lqfA^MVgP-_{(c-=?KBr!lWwEgqNae{0*88{y-^
zNw-ceuW~pe2IymdWe7zJ{s}yJzSFP?#$~vmRrstF%=S}Um{=TSe1Jp~7sfF18gAPr
zsi=AjPjuFq%UOo(&Kvg%_9e!M>Rn(np5EAUX?pg)KRUlL#xNr95cYFFf1Eo8b)sV$
zwF~m!qoFrWdE3hatuEPm<Dc}%SGnYvzeZSP#eE`!z#u5r%PJzl&ItCv5<J1mj}Mae
zn!7Zq>pG0|zS}lGu+2290n3hAeaFV%<X9X7OqVrJ^H)^Tb4ZrfIv?$eGgF;lDBQEX
z$0NAlFrYXI{|+~dqtrQRR-%i`Fr^XRNbv2=fTT7z_oD5I<Rp$TQW^~wrp<s?bv-#|
zWN&x(=4Q~h;a{8Mn<o2pIt~8iOV9;oc{Rrvm>;K5kWSR-6Lfqu{WDbT!y}Ti>)5nx
znBiqsm1&|`?bX|WJU2uG*s!3S0G|yCGy!uxa};y(LI#&ui9VVho|K$;fMx;Wmv`8u
zxRG7vEGDe#sKnNCeca{U6B9Jp)c69AAZl(X?5E_-uGTJ89leQ!!iANkEiT?db!?o%
zCj7myFh3|GnP~xt3}&1zk{BH$Dy-M~2R#Mn+zB+m^A^g}|6ZaDNwArT!DbEGo4)%J
z#82AcdwK_zDt6xNalOeEdp(efHYcaPK3RX#vEke3EM5r|IS6`?M0_Ab>ik4!>g_yG
z%jE57#F8XDZ+`H?*09m40Z$mk1Qoj_72Th0fkO4a@B-oWZlTA$e522QLa{~C38etw
z?e1aCbbCM_P4;64w>X}~IF>UDt*B<k&h?l`p%=*Lm0tHr<L^2G4w11lKk9U$-j~is
z09VRLEql}1gkZ2pOpBT0tmV{y{l@4@)`OeMHsdDwe)y^xU9rwVBY7y=82Xa;0;Izk
zmh|W>jxNGNtJb!^llr1+E{27Lxz}!9pa?{QHH+T*D$mZIYvtbsr<#MBqG#P({QDEh
zAX?&$JQUQn2b+fwB5VFqSNe@8ZYg}0BUC2*9+evXN1|rdphRjUN_+I+q2opXgh{6W
z8U7x#PZ)z^{+#a<?NR^UiS^WP3I}|x^m|O^M$71W65?QdEcwP9&sw~ZA7MK04c;2o
ziKDr^3Da~F31TvfZ}h9v<BV6CmBBJbDNN{o|8rMGj48GF>8;^sO0#jFFW}mpz$gZM
zHgs352R<04p)7{s+NzK{jLlJkFeImFP4C*o;H}a0ZQx{<5<c~~zpx7EAZH3nI59vG
zA)5Z3eLli1BxC#&DLDc7u~zK2t3-!U0K48rTj~r&x_uGGEj(7jgN0aPp@fm>M@vV=
zh~x!;y!CzeW;^4pVa|~BsX8p^ZSDCt{wy|@G$pQ?J%O2-Z2-HFu2L_O2QR%?{{|O%
z38#IpBoKZUCD!o{ULkgKK`pM$t8-&x36AAw@oAxLU7z$Iro01MyPw$;J@rrFy+=p*
zZXiF-!Xm|0hV-*{YTk*c2zaHBoowq~p2#Z3O=Pgd-{b4UV%E$;lHLszdwH!YVg9O<
zuh;TvW2=I?=FgJS6XdI(-dk~y@=6v!duooG&E#p6ocX#X_5&I}cD_If#5R9nc!%0^
z0gZsweZ<eV{H}Q07zXhTw>y`j`3Tc)mi@$Lq*~t&k=LS)qelr+%E&wGHilXfyN=^2
zthtC7!kJwVftA%(BHvujjDGPY3=y>-Ct}Pm8V7qqN3qb(7GAx%g#+pxphAATlTdOR
zygM-#9)%lC*;k>MtFVgBGFSpMk!#0P#`sIg4~sxv{)RHcxiPd+ZqDQ|EawMI^<q>l
zP`*zE2k#UkGI1^}W6}tWVHu^C-WXU>aB8zS>jcICL|SHk@4297?saG49lHE1_oc(}
zwJvn&%(>)jYr(Lh>+DtgDDkpa@mnE)6c5kMF!TD@sk~M*1*HhF@iTFn65KJ%<c2Tl
zrH@-e1r4CBtBxUCNfZ8y5KIN(EJl*N3^YE3&Y|{33^;qE9Cp+LOrsadpDuZw&z^A9
zHMMi?G24B;=|<rh6&EGgqK`_}77lXw&gHHEc;HEJ3EkrOqFaoPRQn#AZ+|Juo6!WT
z-bqL|rcCvb`iO+8W+c;k-+7d1-}+nJmx#GwaqbVhgkECB^2WG|Z(D_6-fUd)x3d62
zob(qt9pB`zx6sYUix5Th9NiZ7h+#nm_hUW*=*Z1hT;`2~e_jX`ARQqXbIZH&w5-t|
z0$l9aYO)+gigI!c$GuL~KBra!Z{TD6?uMi3Mc3TRlc22YxjCPG_%b3^4nRs!A%4H+
z6DW`H<tqhda!1*fm+&yD6eT-1*>$SzCR1K&S<kzVSMtsygXGyNr)5^qbX?m~-2A>5
z!R{6<A%}HnO#()w!Yf5ojZp{b;|ug%*?UFpLmkAm&@^Zd3)HsbnRd%<x03x`T^b-3
zJ=RpXNnVCu-WRv1c);D&pWlavkW~(ds8>|_l*vAm4LaI&tLz`|X7+5ykO#UAyPM6W
zw3sRHHLNXf<*D|jV!4(CF<W%(Px$11D6>#Q3K!AcxuA*9V78#c#v8GJ7U+oWS9%s1
ze6NXCsE7#YHeds1fkx=q>$8n1YTsvaGToJ##MVDMXwneo=j6Y*U6-Z4RlN*pOoVSN
zUcsj|Holq(eM7%*9oFUrkPcOMXC`CBohtG8q<Un(5Nxg>5GA=%K|&bmgg`k^@Xa8k
zuaErO)b9)j{4mOKXYn_L@`!ef)9<-aJmb~F`otB@Uj5gJeTlQ3hMX*YfFFtKhXi>c
zuyIlubpo>7r;@}3dM;;Y=Mu6A<O%&8iVe!M7q743#|}&gX1ogK)%#E3a{;M#RCAxB
z7YI+8L=U-$6q^UczhU3$_B<gtIB+=Oe@-F6@KQ*zhDS?H`)F)zfkVza29}UJj&rP7
zR%51{vB-RA^0_;7ck->paoYD%(_|@KQp8FaeD641hs$M$xXq3wJbz6c%|Ae_DVXKz
zI1kxiV06?rfpLyO>O!GXk}TyQ?b1beUP1>oevEH}$nn;fJz8D1C|!YTByb+3yx1F3
zW&9TXztH>nq1Pm6cg%a_2G)+M-K$=!eE;Ovnkhz0n0l)d9jj1J!98Q+mBhk#z|StI
z_{yw3sC~AQ1}L&=<>|WQz+_I+@)v*wvB;poGSj!a^n!*=kP)X%WcgDf@cIY~)D<U8
z!(kQh;EX^yY>Zc#WyO>n0NW&G3z~ip-4V4e8Z~|_m$3NxANjq{y=-FT-6PS>14|>%
zv&z!Z#JgY8wgzN}OO;j-##J!dKqlOi+$R(O4)A#<nN-?4be%$5J??Be#EL$<a<X`(
zhM{JIaJk_<AgxUjMa>gnFaRCJ&dXJQPIi$WoJQ98v<`G%qHbI}+!_A3@GjQ0Nrsfn
zd5JmZoRIZx8YaFdey5(U*?`aU%C1SH5Rh|633&#eUo3+YKaM51jMJbmF_vh-g=@Fl
z!&E2=^$6XmmrC;UcyFroPbL(ah4%uWHP_3FA1bM4p?<M$F!UV7b+mz7ZitUDBkC9;
zyB8LoGCUCaHrl8%c0Ql^O=W657P${Z33NPqC31jbZT6Tx8w+r}Qx(t@3?J;>I5@?X
z>;{#dOjZ#3kZrxYNse;Jne2gkQNRatuL#b`MDj#jy|ny|g2dwFgNvlt^1wL*j)isd
z%HS=U;dq7`>q75Lq0r~s)0)7$jX37xR_NnxKHKXIbUzOAdR!BqU21B~11U!;nhx9x
z`f);!!u~7rEzwU)!l<>%5x21Cf^S`Q12m;8H%0PDAeP*<M%p)3Hd|AzA0W1e(aV^d
z4(RpV)50-n`mRcZ!rlhM4i;E4?(aBSO6b?43-#q^MkNcV-*lN*$ZEP`9&|~-6a=hl
zr;m`HKaVNpXfP{JOs<~Gi!&0M(x5-a!Jc$1($?|B8mMKFr5__qi!cqRe6XBDK)}1`
z8mk6usrT^*qeX3cf}HyCvIW^;4!R->;&DW|`Qro1+EJ(b-T4+qkVY0w?8W!)?SMGh
zcaYg3*Wbh?zjP9BO}>)B7a3q{5&uH&dAPGcb+OCFD1|t^b>i=y=0xljP&Vt*E!rOq
zw07t!$Xqdp=MUkJFKQ{O8&c55_!)@F0<YIOQ4*t1M8TF^PHRJ^map3|uDlBP#?I3a
z*jQw8RgT}{eq?<c5nYnPm#R^I7u=0EQT6KBcY{DXil#v0n0tGNH&K?TF+j3;EIFpw
z(&OtMQc_5aLP}L{&P#+q|0~}iL))Fov9aXls}Rwpt}fbY03(54TkeUWCH?&7bSizM
z^iDP_m*;a2fP7EsQ=35C-6m*iZ?aW?8ZzdW^G1^*qBN)K?P6%%yo+IQi$wF{G&5IT
z(P^(6cD?q)tP7%bT@rA$X$ZrT1gvE7OoQ*5k0NJD;v^W(JpNJ2y_!MY;grCBKlW2F
zRX78zQW{CAYY%)zVNRkVh2jcbGd!BEJxhx#?@<46Y4sBll(^G+W_e_Z_+FbY1I?jW
z;s8~O)4cwm4M*#cyP{%t&6TStohyxS?4>tRS~8C<k)1V0jDcJQz#O<;hsT6Ao`K&4
zS5Lmc%o)Dua6vfL!muO!qf6s<(~2>*1WdD%h2*Eh4>_$e@rN*<>4vt4ZU}hN!#2ol
z_<5U4k(Hz@!_7rD0S`B5opEL6m2zpHz)NS!z*TtAH&$F$UJj`_OUpu&%brAHQW#YV
zW_7c|6%OjruMdtveYlauM{i*|jNc#lyV&Ageh7adNOzH%r&_s^Jzy}%!aPaF4}GQ3
zvOTTkiLXLzaBrk!!)B#hj|(@Vxdv=$Bb`V~vSI%W-u~wh6TWT+wZZp49+_svvr_)R
zTRWoe{ADH+*vr)!k@zP~4^MWbYIIc-B`m&|9Br=@(_`hVW}D`v)aaqfE@VZd)4|vk
zX3JR1wG^k=N;Pz+;+o+hLq%ymlSsW8Jp@>-gnd4S;l#V$>~Yla7B^YxIsa;Q@+o#H
zN?s*Kub_iX({+tR-8y9CMIOIgb1&M|R!t=7fbK|*dYrTlodv54op^V`eS|%;y2ke)
ze8%D9X*B1>a4rdvnRjLi^|#*4jr8%#HXOFYE_Bq=uV~U2kTgt0fOb~DpcI+ZlUr20
zLz`ZgrI%Nr?n=Mo#*`ot=;PdEz~*C_XXtT4E`fpcqVG2jIz<&RkRFEbq`J4{hLAUl
zR<40Qc5e`0_L0@0i^>oaVt|8eM4=iIW$Ou7HTo!dS0)n65|8{Yd*m#ilf`7Bavcao
zQ;<<}?mKs6^IC}V1ItL#b~c{Etzyj{PIGfSQNpYd5pQ*+RLo6n9hqUdhef0xDxtkC
zyKssEmsA9mcAO`V-F40)nLu!Tunp-}sFe;%Pb_8ZIHzDQ?kf8}RyE?LV{!}{5fnUr
z(KI_QX3js1+G?oo152T9iD*ZO%5mpSS&$@(f?8M*qQ?iP!<5peW0#pc$AjGdR$1xF
z^RQC1bKDM>RM4q(XSo)JNZ`e2EG%(%OMpmKR&<LaZrQ?|5@Ut=+kS3C+DO5oCZm^Z
zbD>B3F9B=EUBM0EagXxl_N(uohQ(CAL?f*)NjP(h5#TXbW!EnwGlk~FO-at9cI?V~
zUnuqZFk7hB0G4gZQL(7vD)bZ8HBrr2dTa8-y-T~nF?|fWvv>&1xr)Q)43g7Gava{0
zIb6Akik)SNoKhvLN&`2xWZuDNmlONVSnb=1$QF*~Xz4?gX0dJhCl-WCG+HPi-|kEb
zI4nS>G&&xOfa9Xx#DZ&h0mG~y_escmrvbE2!pO;pD3>g<(x*S8Kl5&7%W6A*L|P9$
zd<$|RyuDhorT?{?g3qau#<}zSaKepap?<0GM$No{Dm9?;PQ0W$mGB048%|y&GZf1V
z9XrgSd4QO<tjU>8Ii_x9=>FY@@~Zp10V=$u`i@&pCAa)5lKK(v+{iB&FTr)K+LhW&
zg-?SCO3)f(UN37(gVl|nv&P9A>0W%qSNs^oK%h3~sU|*xV@X7@&<`*S?(d!w1zeNv
zz0Cx+5_Vh?YYfph{W693?^FE~Brmq8M1}jJqVCTVOLlst0(^$@Uu%c|p1-3Y2cz=;
zx%dR9O#?yu#H9&AI|zhrXESlU><C^bIFEUNdpv(9|3~9rOTLf*wOzIe*l-T`BjuOL
z9<bbs3Ky>g2l&YHv3LD@%HMx&$Vy*sQO*6!%K5(?@F0u8#4P;df}qwKx3ERh3@O>=
zBHQBq54oe)SB=u+YAA;0)ssri*GMKvP^W;;;RZA?@!GQuni}Hb3=y}CWPGfBCfB^J
z+cW&GTX%N(q#BW+a*+Fdm30BPES;n?pf4|B@e0dd=>SvZaP7N;yZ767V<X-TQnQ0B
zj<lgef?D6rTq53Pj>h<vWJe?%`XbSXi<S-!Uf*ZrDRo_Nh^&Xy1ALJuvI_l>l_6b+
zWc>Ci-kaALIVxizGlSQvmmDI0^WHx}IFRnCs*Ly>j(bIEN$0vd4v{q^kHHLbim2^v
z7y04AEf1n?k%x(W<i)kXg9VY^>WdP#tGN1v{B^^C$ds9x`blfCKw)3Ze9`=X*9V+{
zpxd(-hU@yoPOSpC<34z6u3ocGl?hvb_(DE&okcD*dRMb{{Un33+}2aY@Brb)zGNoC
zD-@lju)Djv*Vpxpji)F7AZX-STPJkJ7o$fg+s|49;;<|{z7j;<;~&BrbY)ba(pS3E
zF5XV?{SIyoffRyxl<>@yEOuE#R4#UTC-eF`)XDom9Tc<!?fd%NPVk=gkH+83?w2(6
z_x7)j==uDWCN*iU@%<r)%Z}pfXdZ~~|7iW4^Z@&09c|V>#E(t&KO=UJjP2qtRg*#0
zv%9bR;(g|#y3qA~W}Xdb0DFKyK!XSLsv;fP`T1oMGb!)sWfGrnuItsY<E9y`*bkg^
z{sV%TtNngvGU*7nzOoFDLA)@)_$_OPIZxS<cb--C5gh})>+#*K^ZpBd5WNlNfQF{|
z703BAb>~q}9x0ED*hZF8ZHtoJ+?D!D{njPlwJL<FM}HZWha2vTeM|q1yqiF@5jYmz
zVEHv)T5=g<4q`#Hab;V7c~89FtE>WAv}#7&W-D&q6}9%brT69anB3Wg#7LEUuC=#5
zinL+7Izgi#_<6El!Wf@pLBuLi>US0;u7j(rN0j~#N$XBKBZ9dWNR}~jAFK+eT(n`u
za`P*Lrsw-%tRfneR19@8_sNKxtFb-jovf*?pCd;Wn17qb(-tGn;A<^>V6XpmgkLke
z@4sKG`R=X5F6^`60mHR=1XxB=H^Ik~%{zSvGxH3&v&UmT+GrOPDT`Wen$XGl`ZDt{
z+(SS0_84b+_-R)T*DyJLe746v)m_P9r-P#fp^*v>zqbEPlTB7#G{DvT0A2c=Ut$d<
z<!!w84cKn2EjMb#a>$-%-ju86ml1s<ZrC;ni*A2+h3yr?G^mw)Pavszv|9r>+lJ@A
zZ%$%L&f)n3%D_UD;0cgyEwCqo&pr+6)rmq@xa|aO{py}tfsz9P5pO#!S3mI7Lb>(f
znMO7B;SDh#V(!XqU79}tb6xNzv?{jTG99zt@wHZf%o1<*`sND#wu|^!{kDJafu}FY
zPZ;@G7LM)w4IK95k;C;C!lc`I+A-hYQ4GNrN?25TYuJI&=bGs}uZCN)Db!7uD_!?k
zjdVj$?As&s@ZuiPj0Jh8e&5ZicMkvhrb1outO|K@mvOfOep7)zFkIEkBGbz<(9O#E
zWLH-gc6=@JkSqL?{h40z_%MjrIwmQ2{tD4{9*VKi<{Q{l2_^G+ftXG&fS{I5Wk_*Q
zV!W;vvv|QxYn?J}#IZNrHo?Aw4UhRo*Wg^8?#6;!OL+Ua$IC6E+{uanqundU4Ww5Z
zh1QxB=VA5SiI%*|L_>Xy9Gy*wHfF&GOUOKohalj{rvOwcd6Y0tDX|cIJQ1aC7+Tee
zm^ep{XwA^ap+LQc;1`aAKSn0@-T=h_*utVx)<2Lr)MbB&FNlb|q&d2EMB*qg6*exl
zD|qAC=pzU-zJqWhIAXNI`7z+y21EK|S$?$83eJheYTe^)DBC>vc-P{yNd0<CY6o3y
zU3SP3<f<RFs|5y5qu`x6;ds2_z;>eX6}zRHgjy4PniCu0ISUc-hEa|ecW?8G5H{WT
zf(S|<^A^@ioZuoiZtXCowT6uHj8%?)Mcpald#{*@3XV0)d<q_)ns7n%=?til^kyLz
z#UQC=H5o0y<6=qOW-K>mS_`=oAge-0T5XBVXA*Pc4pDqP&RC~lymxF3Au{T`eQa2$
zY5#nBV}Gx4xDe0yyS;27zCCoIy4`E7%D2YQ|Fp&Tla|6(gME!58*PmtRPM*IjE~8b
z{en^J?Q+9kz0>4{Y6joa<^MGlxbU;h>$Kr`|GQ!O3lxG6ty>p?alC-C8M6&SDKL!5
z9_|yOWQ~oV2VXYe6HyUP?_euaPu}58?|u#jf>kc^f`Q%MKiePt;oFENvbWB**Mor~
zzA}b3r~U}MaWS1i;{#CxH32?}Q}-o}9%oy$Ibss$B0F`Jr|BNg0bX{8^|oV2p0{r~
zzrp0??j<x_@<*$;82{eSpH!ZM*@O_*YErFIh6C2;&SwVipaoGT-}~|mk?$C-`&gdp
z!wQ#gtKS?6n8Z+}#nQ3O_o03xq>WrOruwcac%ayO4W!{jL2M`FlJGP1BE{l>bR4|q
zg}NOTL6;m$RW~kBqpe;bH@~`nsXs%vj>8tBjG+F}*Q+<3q<qNN4p<WF-_PdoDyHs5
zRaf#=*$%yZUt@XGrRs~D@va(iraDa*B}BtdtmvrkOWqt(aiOsoVg^RIquU<XxoY4X
za-DrPrlT(l+?^90x6KciKJ?_RsrSvTQmZSdY6CQnEuQ{|vhb$b>xpo?aZa6OBoUmJ
zU)0gW?Bz3k6(1#VSW!>w!>tj-VD8rbgHwv*Wk!=k)U9uQUN;#;`Y5pX0=(31zJ&ZT
z-68#`>{9a7L;!pk>sZfcFH@KWP&1c~s(%e+PGg{jQ|6og#j`0eCiZ-3-tV8Wmb&V|
zC^`Gy`Uf`OM;KnmWjg$XN1{zKGLUbnDfC@TQpDs53E*VT*{PAC)oYIea*%`naM8l%
zwmKNR`Sr-N9ayM%w$bXw>c8U^&~rU2BBt~{a*I6E<|1u886{zB+T?+9|NKaYK7@lD
z%4_0Q#LAQ>Z=3Ojb#ghNfWVN^A~kxl$qOR7znb_%61mM3{{gl=kdQ9X0JOvGpV*<Y
z^B-7ZNM<W*(qs_wxyY_<qSIHyGmw2yOf#qkbB<3n?TiZw+Le$9M%AU{(p_v{GSh`q
z;BT){wa`CncGY7mw_sn!UJ2AMnu^88Xjk}<pY~N&ROE+{0`+)`O*7s?c=y%wF3jCf
zT=Xv%5e`}OHT5hbd@xxOEV;g8@dQqB9EGgtTP1P=OJ1MPdvp_I1i3l+&0D}=P4*sH
z!fOKf#lSiRYzN%tB5onp#%pZX4?SA9gpsj6!4IR<fB{$oegtQ~T2L5?rA$yND{E@}
z$$4S-;Q>@<0paj2pS?#sE~}B_FP#W>)2hrfyL!zfHdQtNahIdD+*y%&p+~#PY1)3E
zK-u3&@$9yB5zOdl<!Ra~Rv5)a-{+4BS(ny36EcTK8eb(R=|b(Z#ht^8mo@^s)t>s>
z5KVoZFk#x>mR4^-sG>gNs_0&d(ci%>E&U16#&s~7lk`@`8Si*k=OGz2qBMhE?c${6
zN?o5)BErP{Yrr|<<<C>hxO07pbl=k9;vT_MV?T#JC%%c2Nmf5h$shA-(fi{FjiH03
z%KLU=!pf4x<*JN1x6W`YKxZk2r-^$v#{YcXsb%cw0xixbgU|G0k9j>TK{8tm;v_fB
zb?nNh8i<?a_LJ8HZ9uQLK?{t7CRIP?6KnNuRPMllJDa$AlbIKsOhS-Z>>%|s=1cw#
zW~J88tx~C>X$NlZ{Vc%g{O3BlnrK8qE9*RqK2u_P;b5W>RMgw<ACAdFh)9)n_-p+7
z1Z?ub9o?M+kfk3#-G1UzJb3*#mWcm<utYP?<!?T6{W|c}7uygf_G8y^zz>4qdO~)v
zg}`<pVjdWoPot0-NV_!8J=NOd>+FoU;&1IbiG70iJW(cu`d#F4zLkVznOU%Kg07MC
zrS)U{=uk^py@eg`%34{nf0w7)mKhG0rlB_eh)O^v60&%;UKfBCzlDqoe3G$oE2C&C
zTfPpn`4o}Xft;?*r1D`g$Q6~(0st0C2+!*&dFW!br8<DB0p~IFXBPETg@TIb<HF-&
z?*3JkHvwV&|CXpMoBvd*j)20(MX{{@^~c^H3K5y+)ASnaYX3$O1d;zBiQWG}68oK!
z%F4|{O&zi;!HTFU4w1was|5;D0+VQhw4whONobw{_4vNACg&1LKmCBF^62m@wPj8x
z>HP$)3EZGKW)~K6Z`>Y0*S-Cb!f-MN2zweu9>3kK!6>s3PT=%Uz0vQ$rmP>E10C|A
zgPdF2<K~muMP9y?GkyxR44tS4&%46lF7w?E21hoUlTz9oUrCy=#EmN=YM@t7DK39f
zZHO2R9Wfx|E&kY!4ldu;YQ?;VplG<(d%)4|0O3S=?;UuPGtq^bh;(9w11Gs{hO5;W
znSJ71sVO5oW{IT>rqv3|Ghxx)cQYnHB~5!&$)L2|T>nxXKi4&J5i4PJf6K)ta5bh^
zsDn&8BUxsl5!^u5o+wTpr{gm7fTfq;XIqbUfnOFVrHbHSUI3QKc=fyR-INiVeSDG3
zqI47u>HXp0M!A6*PJn&(wrg2-(11&_21T6mIh<(mh<qTv%vFjnT$bv<3E@7X<7A6r
zm7;+`nWen;0;#6+cc*fd4%S@Hwnp9fH)cs;UvfUP?MVz>p63(*X!6f9q)+dRW@nJI
zALAzU6f9L87+VC2S5*;K&)KWxgcw;?+0v5J$v%?$PTrMWWsMPiSt3YRHYHZz@Sg;B
zRHn`74c57)-r^fq8uO2P#^ma)I6Hx!SVTV+nzWx+|3MF~L=`~{4g5<=ck2!ia&*4D
zR*~YPK1S;?N(TR#Z1$ht`{7LUi>kJaqLcCLq*20@PXzitj7V4-+USMD>@5=Ie?BmU
zj*9l{B^CD6en}>YsA_n3>TxSxv)d)GZGJ&&lY+f7P8U^W*n08(&h7{Dl`eV(`W(3I
zR%;hsV8LHqpyEax!r+|~8P$$hEI>M0N`JWUfbP6@-Ayan)Q6ldyyh<uI2)Dl_+3`?
zs8=TN{yQec&BaYF)x%$53na=5J17(AL(mz!WB6<rd1Uz97MJgRQK7WnKiPUO!a*QL
zaU(JON8?{z-9P<oBN+c5qQ`}Y+TOn|6X-#bnDBV6M)7Y032#!b)F^x})hO)a|6}ow
zp@6?$*c?pA1Zs+DAe>52p#8KaTgj;?VzD)rIMlV}@c$kDc~7!HFw!_^rH;(}USUtt
zo|EFqk|e*SSQ#RwD-T`=bw<qIzCwO=Pd{}=IU7-6ygaG=X$Jr76`GoNWrETpEFLv|
zQ0)${j>1%#Hg(I}e2DDIx@LTbynP*bYVNGG387Xsn7^*5{8s$y@5ntKBNu$_Z|>>d
zey-;Wq>waro|)zI*J;#c3;IgzI~tr#f&Dr0E;Ji3O3Zz-U!~87{%G&p<HPg@VvaU5
z$?o|Jnp0)Ge(|uu`vN)G-THO;)Y-dbUjr5S;CJ?D9GPurBF<;l0$ZZ{VE<mX5H7Ek
zJWaEc*<X5hluB><I$2ss<u~f40}PL!;p@ZB^VqSQQTkQOs$q@3ZnGurhF&K2COHk{
zd!?<YRMHVX)m=Rc@YG3X_)RS?Tau~d$8>GaP`Y7upc)#Cm~q>rpo(Sc46v=WGWcd-
v_)L={E~u>&^J9~jk1Fz~1)aop+`|+V(Fe_>SNcD{{y<w``^RCHVPXCY7qBJR

diff --git a/assets/rancher-gatekeeper/rancher-gatekeeper-100.1.1+up3.7.1.tgz b/assets/rancher-gatekeeper/rancher-gatekeeper-100.1.1+up3.7.1.tgz
deleted file mode 100644
index 3f0ca68261f5f9e6ac19e6435bb0a035d3995e46..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 10893
zcmV;8Dst5yiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMYcbKADkIDGzn`6=+or_-d5NlCsX)q8SgT-)vO+c@!S=k&}o
znM?$cD+!NDf(1a?Zk*p|{|zoA!HXoymYt*(rqfu&Z5O*(EEbCe!?8aF=1#DHD}V%8
z_h^cl@NRJw{%t*}*X#8T_V(1jy<V^S?@n)b?{EFRoxR-`{e%63-M{tvdoOlh{0;Ti
z)c?Yia)H_3dJpcairhDna2!*C1)(t?I0*Sz;E+x{9}5wJM`#zPg1RK;0*B!M)!D`M
zS@0^t!k;!)_kjsACJ^Lx8;b>mCn3IdV;sQ%y*)ofzvMkMR=7$>;Ld<?LgNAY{-3W<
z-|HWEJ-7FLV|m#yPp}UIq(9my@LMh*YOF{30EHw@ZyIwGU=b1A%}Z@xlQ^K)yty=^
zGZFxICo?ucK8?p@;uT<ceCp|s-B}-p$rSe+o5^TU!hXk7$fJMgKl{D8Bf%g9%)tzG
zouG}C#BCx+E=;)q<_b!~#$qXPeHtY+hFA=c)h15JZyC6=9S0{#@pIRE;q{#WxX(x;
z)VDJlNT%WFZ2~bmry=og(cuJQ@jXXr!UY2yS?wcV$}A+NSfFf_9fT59(H&t9fgEqa
zXo$v?AwQ&PfMP7j3=qUK!e|^pEVwhJa#W^5Bz(~APKcPMBhRN%mnIOqra>$r>00O!
zUqYSLQowM}46T|(oP*%qkWMJ?+7zEnoGZA!rYztC$3?Oe12s~eI4<Jgr;LbOXD-1w
zO_>j>ffWJwCPX+nAN6}ZukZE$J54l6zO-!Gq{mMU>;DXgDeyHa087^Yy@OtL{omi|
z?QGWnr$`KvkocGn(5{2ifQZvr0Gr`(fOdO5{pn1u?!S^acpHbe12o1V2gj!|7YvhF
z{6=V~HHg<FB4U7cOue5OjgGKCg{)3MI39&?mTHZo^7%I$k^l=5PyPd=DWz9g{;Znu
zjzmCHaS1++0|k1m$j_LBDFeN94AAK$rmUf*qbc}TI<rzk{&XOgfE_~!0^TOTjG|=V
z(zz!$0$7a0V=Qo%6DbUr08=ScM@kLi(KL;(F3BG-K>NL(6Vl0Rm_ax|r*D3KD}NqC
zOrU@%BH}QJ2$v%LWG2_NQkHD8{F#AXKmPxeN(2N;!AU3=r$*;<5DM`K!Z*1F<sgKR
zMm{hV<QEd*iOEEWK|(nZl-=e_meSdL5t<SLPX=h#_jY>Tj`@_NVVDon_ze~347gkc
zi|kAA8A#yYe{fWXN^LEqm+rr*_lPh?83e9e5cPVfmcz2@lfk7|K)Yq11rKUmD$2Z}
zhXqJi5l(1uSk~7+DYXWZSSl0XOXbVU6b4V}ke(cM7J~pTHIWF%cmiyISQ-lwK{tRg
zPD6n{%hq2@Lh}Loq<$UIG!|w~_j^5uD^P3*WI>}>g}}~C+YUl-15qM!meJtXKA$rf
zlbbwuO1XFg;+nF2>LV1yJR6-Ot$zMY7+0f1nHZp#dwaVMLJ<f?e15LKy?psnwg)&A
zQ~l}3-j6+5hY>2r<|xFRzflU6R{q^gxAhqj#K)3L@pw#PB5pO=)!++qSo$bigfTD%
z!Ewq+Jh}9z5TqfACwi8f&nGwFr%L9TY6!WiMbp|lU{R4JlbUmv5P~l#D`z33_FE@6
z2?I6Hc{N|Qeg(I-3hwc#R0XvNs})B`=TSC5r%l;fDX90O`?}U5tduKgLPI*a{Z+zI
zW<p75sm)sDuYpXahR<Z(un@M2H)0w<J{pqk<UGt3Uo~KoQF93WBvp;|BJ&}FNX^*&
z{>~XO^Z54^c)d!s#?Jo18PURcusWAMDr4$_Xf;~bj0ku~FAmR+3AZ4B+EMh?M#t_|
z$(mrKj1Ntc1fht;hciq<x!w#=-<gDTghOMk5TRLe^k^MxX?6h<!iDU%({T_o3(tJ<
zZLdtFb%_I;5g!zkMokHRN=Yb)oOB6Kl&~u;g=sQjIDn&zV_wf>BkU{48DIhC;}_Nc
z>iWNcC<(Cu-u*a*FagFrkvwE8utfjg-QBP1|1Wm;dK>-!DU$Q)Q}+kw<R-y!fW#D#
zl*@>Y)!)jH;W<BaKYw;UeR5F%V-f@ESgVRG-a&3rKq(WRwjoP7hP>bOeo~fvI|If@
z0O(F~e(a-zUG*o4F4OUt+@OwIGzM{?{?;HKsTqTC-p4o%!&~%wibG{zL^w$l@SgJ@
z(5<WTLiQmM;b;UtPB|b>BS63AE0RWeOdt$6!VI(wga8SO#FTLKY;>!J<M_>`EKA}E
z;tBZAJ?C_cj5$p=Vw5p%>{03)5$KwPAsPWnxrCD=tbjMrE*f1~tUSVGoDXQ0nGb4K
zW^RF2qaO02rN1i-2Cv!^)`Bx14Bd)%p+`zr&S5QmT^YcHkywmT=R59x$2*nQbib>x
z+PuF@ENIbIP8wrAlXO+|HO!(*DJ^a>ja9+UT#W1i*MA$!DY}zOS%`f=o&WBj&d1I@
zX4PRJc|Hh;)E;msRZ<Nz*W52zI*MqFXbgNI8u{*_kyrCvWby?49~^}Z`FAKLaR9ME
zFOdau9r^+az4U)HJo=HD#lH~{tvqBV>qe!affU`&y&5R7YG*OKX?pxeA0K3vb}cz@
z5abh3&M2X5*y_ANX?lFykwr!j(rfeCQVAs?rLr1Q9B|~*G?YaV*Bg~g%ux<@i*-_~
zOjl;QR^u8cv)Sm_$0kzmQk#Z>sVhIgcnrQ6pw1g=HcB8r7kiJ+i4^Fa`Lwpc;6}mK
zFqC%~#j%am(wAOqzs9ss|HENOuOUzx^8@U`%g%pyU+k3izn$J*ufNg%o+8-?b2;J5
zhmze{e*^;eohuRt19X%de&3n$P6Pr6SYWxc(Wg{bFS*S;j?|a*zQ-8RvJWz;v)RJ5
zpu73?B|p?HT&NauGlVkW+J=-ZBxOm2l~j~V)-b^gM<9Ulq1Njh%gPZSo}d1<tE<@d
zjD$%sBuLfDp%ADVKJ<AgW(?m}a)^Ma!A_zpaKT7Ckz01mCXj8KUGsB*aAvvnu3lEC
zklR%!bb#*i_7m)1;R)0RJTEZItn=?bbs|3L3{b=;pFf~a7KphGQL1_*PEz49m=U=4
z=;(jJ7oMb+mzU!2KYp-kb1Vo~D)`_PdOx8w(5eYVSz`q~JO$nRj~~$gi&V*1NX|dO
zuZfsGD{Ps{w7acZd2aU=Q-N@N`z-JCxs@65i3EY`b^BSTK<gjh&Hjm|QuB@xi4_xR
zbG3$3W^W@iewyHFBk<j<vyI*tP)SDJMl~p#k^E4A_W3c$L1H3~HYB+>Nxrn?{W{XZ
z_1`+Ykdi5O6B=Zv3;K|wl~%B1{qOJX^(yQC-oe4aX8nJPRNbfX#4{F4x#hC815NOX
zGH_0VOT!S_{$0`qD$ZpHwK}3Qlm491F$qB(77ft%KYX7ZM4Gm6k_^!IpFZVkOM_j?
zL!Uo?uS%<3_6p_88j#-R4N&J6)W!y(DKH}N1ay<R-QiN(i}PlTb*NHG?dEk6tu9q3
zTCOjtu{dXBMnagt3HNbWIyy&a%zt4tO^j_D#}ml4iU{8f(82!x?tW&AC-DIFb;&e@
z0Xj>$xJcte?r1|kVGtZMnjGN-k4Q)|ZOBE3uV2eDvh2Tke#}~K<PD84C>4&R^J}^J
zvP-EFhp|+bc$y?3L=X!cD&YCUp`Xz(jWS@h7u^|7)USk5xoSe7e(6I@^=Ck@<7>=<
z!}C-18=^$q9usC89lrGZeC)KE{5QuT*!O7~xAqZUBL92)y?#~x_j?=p|0Jp8n3+j+
zBgGCinM)%5FC&4?wp6<e*XpY8s(~*}zz3$*^FIxUa05s}dMhROD(0ZY^S|HQ@9kIS
z|L)F<z0Lf8ie%4!oFu%P3xVUD)?Y{f7<T|S32_Vqq&cwg5oiz+xqpi({e|U-0im57
z$uz#gA+xU(Dcb=^x&6Gh2(T&%RwqI`GPEMZa#FM=MhkLe*qM>DI9Lr^b!Q?|^SPAe
z?`BTbs%KQXb~Z88jw<%UG?;rp<`uP8r{H~P*p`Yd>DY#nE6}n9HOmHLT=BtcB%K1-
z%ZfJB45xxdQpYK4Jn!fg#Fl5PWs=L;#YLD+xb4p8nnjWr59(JE7aN$&wc4h>tQOLV
z8^R1qH8MxvYT?4~+Rbf=+*K|McJ;aL+12(m%wt9)*T?=8YEb81+|4!pX&PU-ocvL*
znY%7G*HqHXm5Yr_<M6gtz2tUYZ2}@9Ogo_5neFNoPv>ggoU31znYx_E1r{l{I1G`o
zGInOYRJ_?ge=gUL%y(BeWbG*{v=@|%02nKM*DiuC4g&USP#qbsa3HL<moOTEm_o|k
zgfdYZRL}B9tc|HM{J3Bo+FdCyOT$|8ceh*cX%yi&uxCW(ZJd9CcxLD8CG-64@y9oZ
zXD65Ehes!t?O2^2OYSS5rl<p*3m8|=SSmZ2a;B<uj>UA4F9lw{F3*MN{=m%ZFE6H@
z<ts9Lt|Nn#<rX2d<GX!6R5&%F&z}biiwZm`$zE0B+;T$yzFxiXQ7=^u$qZuP{G8Dd
z*h4TCBKZYGc~lZL99_-3f0VP7D{M<P*EFiKmTaOVj&qTH-rV?{iIBIiv&#pBg8DQZ
zpm#^-D|FP1Mb=M!IGX!mfCIAfV9Q#!4;br;cd$-#7u&qFwc7T3c6*uO_lU*<Zb~pO
zH+5#ouUIFG6fl~Uzqqnp>x&!^xt?55Dt;y*WU7m`)~jM^d}s`-=*J&_tmYU?XLB`W
zA5~t{#i^gNPM%5KqQs+0_t0XZE25-ZUXL;s5mDmm7EG4qZC;~eo>vTe$z#1v_#(Hc
zk_(0G`pF_q%Muc%c(b-u@k;+xsL739JzkS9m~~d6!M7XLg_?P@RPGMV@i8lKtaViL
z&@ak2IPcfTc|rXe0KBA*zL{sCl1TuINUUbcFAV!|4veTn8GVcFAY;PPC4o6(Uvlhf
zH~hAv*@Drxi!B*^%aT8r7Ujzf=<{ckYvq{{-xdQA1SE|H=uF*3$Q#!Fd5x9zory-;
zG|b8`ZNzy%YHR;1wu-J<dD|NUm)QUM`~9l_*ZzxxjsO3Xq;JRmSLeXR7C`$>+846{
zHUfQLgP^sfWFNIy`uePdbBNWFTpLT_*JCN1OUc%>{3fi0wY!H;YdNgiYU<!54F;Qe
zMxuJ{dl`)C%`7k;%`;?$bm9goL_x*6spA$j+x0Rx*m<_Sa)5&e*;DnEbT^mDujWbQ
zIcCBtuRq+7c7IEwfu%uZEwR4xv#B<oUu&&kYO-CLV0Wa8C{)T2uhL<it*X%i+K}iG
z`_IA>ECIt!RJk_LY;2<~`rFt>+u26jO7{obNtZ7|StmyDDE~04ulv|cTQ556G}N{o
z(yzy8+ZN)s2Hbjk8)NPRjJZBA!E0<Izczqh>bcprTPM#7cHRbF`BrVdbySwyf0xu*
z%@*7s6C3QhsGVWBU1Q&}k+_cGQiJj0Dytcf-KL4BJ-}_rVw8$A8o&VU?ewfHUAQ*5
z<ps}`?SE-Y-u==8?7s;O0>W9UVz!RbU;=Xt!OQOd?C)0Z|GYSOvA?nZK1Isrt9|3c
zJ3K!%+Xe3Z3v<-T@BVbpX>gnq{U=5A&fJ?qPI1Pv=qiycW$yatw~DHr{MDS$*I+m<
z$IY^qog^4Fso7TXjam7jX5}wEuiK{9^4~<CQ&&LUY;W*;N(Eke6=0eC?;jjg&;R!J
zHu3+TBvtgaQZU%6*v^jzFYHo(Imv9#gq4Nz6lW1IWc9LGwj-_@3GCAZF6&~r7W&g|
zir=YfYt{AK-dAM0aw(*zd+&{j+tSzNFLbN&+evNZf2Q;^8bTJ5RQ}!O9@rB3zqkM5
zMfLvYi`~ur&nHP$`9H$Gr-PGLrN7F;shCnm{!rSL3Q|L8;WA=E-(JwL91}=2NND_y
zM8E}(k^zcSWy$*stQYpoaabDahdOXVimUIg32#s`)@C1Pz((f7#9Ukt3D<vIt9N&5
zt>x#Z=9I*ymetK0oZpzY;Wc6Da~p@gO`qnGqbpEm<xTNYX}$#h#Jn5iqBIGxfQ3jU
z1a1VxdRtmUCcFBdazUf)qly|w8X(auuA=~`=>89fujxIX2KZE|uMC=Qe%GaeShZf8
z`Z9No>M^U9vGgOLo*lcZgT*EAn8$+H;}ax1r2i_0NE=|5ih|69TphGZ6d(eX;Y)b~
zmuMdQ8nB-e=dN*j7{<=4eAU2p$0Wuf`J=|q4Ztm*)(?W@VG`v*3s~{UOWP%^sL^5(
zdpOO%rj5|O^#8Vsze!8&Kl@et|L$&o6aV2!(pvTZjp9F7@o#G<nzunv?^smCmUfPu
zE1i<&1*WMbeaiW#7Id4`nC>J0M<fp9>S~#R%%}UE|Mm`cYv;ecjs5>g(qq|we$ou_
zS34YNm?n<=+ql7IqIkh*I#~d0+nBa&b>XQB46GK8#t?1~4s*5<<$uof5c$7U@SC($
z|L<4hza8xKb~p0>Dbm{Y|Bc|!1%GRu|9%U^W@Xr<2dCBtKklM)p2fzXCGvl#SB?L>
zyVv{X{eKoMtm}b%Ey>9L1-A{W>%b!0Y_Sxal^?f0Dj8t^YHP#d6IJt7TYa*@y-*K+
zWL~(&Ox-vCXt!B}{E$E_^w{bV%-$=_ZeJ|&TPOMLzIKA%Txrl3TxR{QLQ939FF$W?
zc>^ta2VFZ5DR-u<=E)8Aixnw5F{>Rv<lwgRj8bot6))?Q*?{P`*fnm257jXR{)UQ^
z8*Sw>RylJFZO5$7POR)ZmbENeJRNUxjxJ6P-<_Br|2{v?epIe&WleArz=?W0jStWp
z8cTph<-Pd%!(M(_e&dR@Nkv-W+{|5kOg3K!ShD`_*8G2W_YU^I_4q&E{QCb}PHiJb
z?xzUUn)yqs0!z=Pzg1;G!YUT(0<$V3tfmbVFaQ0i^Z~R)A*k4AbmWj@bsYCLu`g2U
zn#U)vPpp~{2PSJhibaivb=Be<WLqV7R^#2HDfm~XidR-+V_#NuHJ7>ib?BOR%>w4?
zbRJRH%!iOa3TJGT&aW`Fwf{F<cy_hdz;Z{RCHi0QV5j>2(|&*R{@>H2IqyHIH`3-k
z<<}GsLi57H2zYy1IQ|8+yoSm0wZ12HpZQOG$o^f+`=19pd)50t`+FPzzb8qH-hcb6
zZO-b7<!X03E4n(*0dlhUzdwCK)of4Zpt~#v3F;WXkJIx`rq(yN>xC2tKj9F^zASBo
zYw24_Lt9j>5?!YBBM%ss1yh*{k#M&m<d+UowYRsce(5*Ob*Qac;c{q!O&sAb7CT^}
z{I^0KQZ8H)bAiKfm8btyS|a}sb`PrYzjt;HzV-9JZzNUUf2LfV8Zs-1pG&%V&q9yn
zUbis!{eN^+S~hAzRyzq>Q8csN_n&WpsfCX2Od*V9pHiT72FRXO^#blSkjYeZ2B_oi
zcN+4wSGKD!b9Dwti`dln0RjlNM=+)gTy11Dj`;anwK(W?SPJuUpUBfI#%N|Br=iGf
zCU0Y7RWaG^xm3laD}|+78sAPfey^7AvQ3Z`AaSR4z_xa?0<9s2o^IvgvE6h#^?=re
zYH*c~z!zZ&di2nUu1je$H^A%Cn$>u(4G~{gX|5Cs)@rmI?^_R8b%@j;^2&#$v8Z*i
z#m4McF_qjg*6NOSOtWjdE}a2WPpVis3xa#D65exBfX}87pQsk(vvruyMS(t-g!-%p
z`*dBmIrhzhx3TZH*5#72K~PqfqvqA<D_v>i2tMxZvdwtg<30b_z&bdng#)fw{jCdN
zI#*x!(tqdoyY$cO;#b3cT(nqvSu5kCa7mL7@`hPT%(7mW<2hqlI3KHX*Jk(QRY+5^
z$TYLp9r`_`qRM8Qv!^*};r^e&?<rvr=ozu{zCTOL{D1adRPX=wUTp6FJx#Ku>zsfO
zd7M^rFD;Mu@XnNPkh51Wd6{|gji;Z*zq7Z0vAu9)!sgeP{KB-M!;YH#!V{#Zv4t-E
zDMT2JDMMlkXqaGzBM`v&P`@~lm!%2Bhv%oi?dmGF{+TeE0IO@N5pXVrd_`5&MqMsg
zRjID-pY7t9F??IeAp)XW@vH(>LbR4S4^}gTaNG2G0n9on%^rdan7~b|2DF(s_aV?f
zZT}j%gj8J|kXl+Nbb#*iJ`(I-;R!UbPF`dJ;-ewOvx2_cDBD9mN3T%CC+L#}cuWN<
z%6g`{RX|o4yvp0ib3Q+;U(@V@uB{I8m)zff>O_3f8OZ9}s1ty|B;=g|`qWY58Bady
zL6JrDhtHoslsYycjRM*GCskMlO;1wcG3AisX@>Ih$5(WV@6|sa?7d}1hf-7e-@z->
zriGws=i>+O3U2Lo45YGB-eewoDX<DEo#2@%{v7=i*`e427=JXQ$`eLnF@Dy$r74P1
zF0#h5nTNicb+*xa)6$3Mb;8&*tzxpB_4T|pu_{DRu{Dc9T0HPqaQnfk3pWY)LXZ0V
zF>a_JhaJ6oCFj1CyM+R(W`Xibl8UxH#}VNwQ$<RHU>i{;KjB!vg<2OBd1s|o{_9n?
z!zgAQgO94qXN^_1^%y;0LSQBN(LcVMNs|5(1r#*A91Ft7w;3){n!rs)_A9tG&2Klu
zyB3D{(o6SR(n9?&O(qNn;QB1!Y6EdU6>!=4Pp=mLv%j;miU0p3sj~Mr6hFE+=JtWl
zlSBz^zK81CO!ySLb9-++Kna6vYrZZ2Hqg{cmUrO;)M>E`@6=n-d;J0G^gGQ49rV7_
z6bQ5Pp<>=a?>lotVVc6)(u3Z2CLlW7sG|ug|I+(!`IoZsbUr+)#b!y=kPTau+2X!N
zmBwLfVNm(}*|rw7icQkkRU11~h0Rtqz^|JL+9B4~^Ze^&sp?qY^GrWi6P$Kz)o|v&
z{D@hVH7EWpOSeDopUVkL`DtCmwaKy`%4c?#5%#a>c&uI*7^scaVjqAuR4!X_+B`^B
z7eKYc|2I&)Az4{y8eW}y+~@0RXZTIeIh&gua$Ib>qP0I|>a$>l*Gy&UH9lxseY6@U
zNqB4hcE{EaIT+pick4$eS-}6K?@k`<@9*wZ^IE(-Y1jK&{6IE`DSw`{aQ|;C?fKFr
zh4wv60894&J3F=bU;P)oZ~gxFH<Gr@3Of<#SqL$D7E*eZCaAM$<JQT&)a4GKgF5oR
z=g(13z2Uc|MEl>zG>w%FGa$aOGB}7Vvoj|ses|W#VKT-2?jh%75_h!pepn-CM!#9y
zSkt=+MN9gc>f#of;@oFPXx-xQ?3@Ods^sF<=AX%R>j!ab0W52*C4fsu|BMD?e0vGv
z0nn*vLX@=xY5oHc1ytwe;fH!l4963g{~)GSl8n(5^IzdM>-m|Wm&#s_yyvFe|5E|3
zR75WOR(sham`%SlRDb`tjs6ZdgbOZbmT9vD(KGlxFQQN@L6RT8bh4vWbaZjd5oVB`
z(s<}xZElbe`sz5<r;Gtls4~yUDtZfs^p+zlD)YpYaGmKX!LSrP>&KTChJV4-u>N~;
z&#7HU*VD(c`@j3u^}oO0-`m{(eUh|=&asf<k|RNpraHQwLX1W!3Ds;j2lL!>w$M8{
zyLp<ZOJRslAq>$Zq$7Q}NaD#hVj#C%Gf+_$tnWAuoGlc?L`Ri-mM|ET8wk)f5mWSE
z&pjl!REWl^rUVHkz)(nH@Eq^>^5dnT44f@=M5Bnt=(nRw6cEN8Z$d;@{oe%d@J4^I
zuKIuWVLIu`|7Ab<EbbN!jj%5@p0V7>IX`&(I&psRM)=D4!4py9{P2IAE%X~^gr*#w
z9-nZ>OBhuy86F7$cXc^N|My$m4K>XFqkkQ~`Q_yG+h4pWSW6$v=KqU>%K2Y^?_l%(
z-_xWmbTpN!MMx*kVHl#A3iSZAufB3LW;9Y7K$>vD07vNU`62ox=N6*}T$3<FBS1I^
zAdr$osR43IInLG=dVg-5dyE!^dc6<GMLWHnp4<D;?f0Cmtu1sYD?2VaF$a&b+d|ct
zK&+$jAQGdY5lU(|I&@TZrDzh>!oQWNGAOLj5~QJzg$Ti7bypj1hE|O+W$0fJMrarL
zG)k}_N(sC*?oDTO27$6}=@wbQhf)eDlS@|U0wPsRW@lUHp>oURQVJG+c6xM`B~)Qx
zDmqpZHDC*`SdBZv99`&1jHWmaLg1E5x57t{p8-Vs|K{{>nEw|ihsS3p>ze#a=l|~B
zi~ZXC-|g>g=KoWqEqg92#y^tWqGs(cAkYOQ6rILn>NvyU(5Eq{AvjV)L`-JkAh2xw
z`fm83+ocJ_=A6RC6NrUeo~P-^Bh-p2(N&zut>(-XgW+)KI3F(o(EB{^!?UdM>`Ww}
zK36}~|31n>-RGL)X%xws7EnKpAU1JCKPs%u4XzAN3#%<X0NK7r=_R%KXUP;CGQh#D
zc_=4v{;p1I^7?MvQ2YJG$?KED%af094$n?LSOu(MajK9=RLt>u-uv2mL#{q7vi$8G
zn*fCu)Q4wV#gFG`1R=eagK81VK(mxqrd$hh{ac@?WaRqc2mL`Rrb>GL1I>25J+Jq}
z4~{B=)Gri3!oXKT)~Kt6Xx~u-ibGBjQ*xH;J+3)2Lv*ZNi0calD$Xxe=aNN8tZS<+
zuU3%9Gz{rA&lZxOfD3faurG)&)oAB!qWb9%oI}J(l!Sn;@vU4@%=r-_YJExLjJjjO
zxKLmh2Z@?NHM*3ci6SENN-S-dq-e<Evd3p2gXhk`xk&XW4HfkxGGSPN$EQQYeMXXI
zLju&0D~+<!IWz%PVKv%14pHs~P8pey7>C*M?KZlek`R!DTy`Q6H{{OGoji0Z<d@h;
zBh4Mw0dK7a;!@$ksuqgj+N`)fjuD9z?@7w(XcMwb)I=m}R9cb7B0#egQ6#9%mw&!0
zCQJjP82-Dz?5c|H9m&YMa|D8*3GsP%w)1heYw#yDHd4XN)%<f^JV^O)asyE!BzkWO
z?t7Q9gC+z{1&y$JwLiQ?9E2vRwepQaJV8U(1=U)?$gk!(FASv?N?8C*;-{-=^5=!F
zr@)|)4RTH!f<myZMNklENQR4V@D7dBwbHBYE`n5<5^?DYnbI`9j0g?m!wYJ(T&J&L
z#EAe+wCWgfO|D4K-!Wy8Ex*t66~l4vieIQjx<kjH#e<~&8k1~TN84FLTh86UT_vqp
z{L3_a=iH$du|Vu0Jq!Zl&oh@#WsAt>Qr?DEL%~uQu7Ol&30Ade0_YB%%5Qq5HNg!e
zc4j)3a9j-%G?Y_M&pb8p>|kqpTe()O1fE!(Ypm>VYe{$LC}j*{kuA4qmbsJ-XS?1D
zuipZzR_IthDmgm#w>6<NJRQHG;+z48SUiXYTVqwYBNbR>-`0iI`wwfGP6jKUG{}Rw
zooB|Ka~fP4Kc00EZQWv`$q{}*=lL$>;+UgUU3Riu{<@aSUt78NC|Kb%AmTI@z-BmH
z-nmqx#teQ>A@*;z5WJoef2!M&3Jpu|u`u7E;cl<DMiwj{Apb49o5hu%V{`8ktq9+c
zD2>pTROU50`MoZ#><vsnfM|@c)%-HFcGiiNg6d~Rqa*B3m#r^%=pDY&+9so1Dp+)E
zZBPU?Napt3x95k*Z`JTn9V4#;u^g+TX&PT$l0TMru1X><i%KOkBwXpT=IL1rLz$~l
ze5Q{0(HO8u89bkd)w)PkV0DItKmC=&$~SN!R;qvs1#V$rc9mBo4!H8GRn}~|&yea;
z!Gt`!tcNnwgB}cT?X;Tv5=1jr$GW(JsfY)j1yH;{B#(nt{=U_c&NHl{R^{76vSzH7
z1z@jqE@hwz=bjr&8fZph#G4vefYt6g=hc!&Bbu-(Me$#R+X|4N;i=h(KMq!NpA%Su
zRsA)A6%f5cL)qEdl#4lUQ_SmJD}qh%O6>Gi2kSM1){v}uUTLgOj7!-u7I<Oj2CK{k
z4F$47n-ysZBx}ZM;lph8&gXMr*3iAA{JQ7W;&;y)v8u|z8a}H^!1c>Oh=@4M?1LvW
zh!^by@6d_Vdw+e&5$K}CHsxCO3Z*b*&DzRuGq<jNUP-K^*0c<xdtg;n=jYGAbz>FM
z$uYzPS~1HVdQB%t$M{g%+?dJ@2Vj4S0*LRwBYp&|Uc(HQ?ifwyXCzj8tB_7m*t%Ye
zhKHwbetx^Q^{Q@3TG+Xi79=;xpkz&!rga;c>PF0koogdg%i=3QvdF%<B91mz+N!v;
z^MY1c6@e$}M0I)Xg$=LCzF9Z-E$sDDZ3b@<j&<}XxmB!Qcf1!m>$L<HTiI5fzq5`|
zm18<^(G5vN1TPfa?7F2PXRC&F8w1owN9X_EM*IDpGqRoaz*T_PNagJ8ADoe8SlPGk
zT4E)u<WC%AY$s7lXn?psg&<W&+$*FzG`vbjz+w=fZsAZqK<dWc>I75<i?Ip^(Qdw5
zSmpKBh1I9eYve%d-eQ~1l>%s0Sqo0<pI60;6=(Xv3U3NH6w`Cc>K4g6^e>f(a-Wx?
zx^Y2hb@<xQ@bJgpkL$6THDi@D;gfa#pVAW|Ys2mi4PWl<tw&#P#wr5Ah|imdb%)M$
z=DLX`v3mLP<zv!{5vuNBhnRB}2Epq5++-qO<|^%cO|&vTu*Tx)`iv;Aj{C{LI#$}X
zp>UKabuOg^++bhW{<Vek$LLo33FTX=mOJ9dmlhSQ&h^C$USL&hpOP%^p?E!k45VDV
z0dY-P4V26b!|T-~Vk1BSBq6=k2RsWJYQSo(8>>22LCojvM()rhXdk1ZP<d8mI3~2c
zwL)WMuJis(7=PFnBu7nc!WW5&G6eHPhTh9tf@4KU)+{nKRxLTEU_*_?gIKSE)%wrm
z7O`Hr^JX^GIIhTg<%S=P4HxK3WeBRelSb;{kgQpE(pW9fEXtkNw2bwjwQengK@t)l
zx8onPa;4EopLJW#oOwHfn%S1`CtIvt>o(seG_apVZG)BVYb^8~3*%B}VY%8&yF<f#
zFYR&geHtZR7D&fa_EE3A!897$0I@U{B!aGqS2WD9(m}b~buO_goCDW^P=?i7_m2q;
zj%XT-xy~cy&TU7MMov^H3A&=2%pDr`*X180v8un#yRh@t9LQI)JguEp!N_aaZISqJ
zhDoSS;i^~_G-}w1Xj)CN&;g~n$gVWz&Ec^Cra~jnh;Lj0B(2sdElRI~F0GISLqx5L
zuK-ED6rY|y6gwNM%G;y!I+wIMJ(pa^fGfwC*H*=>wfkVTE>h|B$_jhhqH}XJT)k>^
z@zdeaYNpd_!|U`Bbhft8k(?Z4l&W)3eLa{vj=FPWU8*2l-K#Lyav>;O%WM%Lg@`Zb
z7#RasH+R4(Zu0sx02GoLaFoUYFf{a|psOMesEZ<Gd^_~eJBlKF1t?M%eEmW!i7DYu
zcAIt^CE6wrQnwjispz*^=puDhcDwir?wB%H-9<6CXyd>cO2q;D5J4=sH=#oVloAU0
zC0~7ocM7qR>O&2g!H*9;^glFZPIi4--BIFGdX3T~bJrSXr9X0^-eVh98qY3MCyYi^
zK;RhB%P19SsP9bLb@Z*H8=(%f5iYAjCYB3Fek#0rgo1|qzc@);1~`adO?QBoz5lYi
z->=61*xldU|9z6Qm0un&-|IK?J)i0$%;lDKJkHz{^LPO7%N2{eMdl`vPow%ZBl~iZ
zU;y0+%hkqQ2)1&cn=5~g^K-);BfW>d&J6bwE_2AgjTnrzxre3<y$`5wU3)TIuV7Pm
zn#_mpY{$FlLfoYZHd8`E_}tT1%1RgM_027P)l<2o(kP*^6deP{ajRhxj*3^OGb>H4
zjFhO^xiZ8P5}Tt46{<?#pHX?5785!H7Rwb;mHIVT-ZOttuB5H4>g14P+0%Q=^{TM$
zS;fs}sTj8M20;&;9A$`o=wjao&Rv{}X{`SLM>lWPEn4N>t)kz&fa&VFB&g-ms>C6Q
z1u!2H!IdLy0cv)lrv<cLh_}t9O;q@h;o_9B;xOyD=)LkmS($0K)DHSNa?v45fDsxH
z-|VW*{HS{<;|Z1oP`My^*oQ!qlmPe8VSI~J+%8Fv9Abr<c4YyJJ+dW&flpZgfuv~R
z@S+eaBD$e0q}%Ff7GB409<@SaorkkkTzhnJjGhhaLF9(d&FZN<mi3h3`lTjG+6$Oa
z6w(Rtl^cGBoi>!=Bnb)R8;@*2N4M6T`JOLiU2{{oGH)>&!*%}PeiPJ4$IiFz1eZtj
zAp>c~&$?8gMzGRj)3DJ5%3l5EGDhYs?%R##^x;#QhJg;(iv-PtLX@b<VMd%3PUWLp
zb>$%%kvP{;8^(wa(KF(Khpw}W&v{eN6>Y6L<+25eG=r+BE$H**vR(&iOqq4>Tanlj
j`gw+lX7Vk@X4<4p+N4c-%=CW)00960rJ~=303-nb*K~2J

diff --git a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/Chart.yaml b/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/Chart.yaml
deleted file mode 100644
index eb883b514..000000000
--- a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/Chart.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-annotations:
-  catalog.cattle.io/certified: rancher
-  catalog.cattle.io/hidden: "true"
-  catalog.cattle.io/namespace: cattle-gatekeeper-system
-  catalog.cattle.io/release-name: rancher-gatekeeper-crd
-apiVersion: v1
-description: Installs the CRDs for rancher-gatekeeper.
-name: rancher-gatekeeper-crd
-type: application
-version: 100.1.1+up3.7.1
diff --git a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/README.md b/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/README.md
deleted file mode 100644
index 26079c833..000000000
--- a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/README.md
+++ /dev/null
@@ -1,2 +0,0 @@
-# rancher-gatekeeper-crd
-A Rancher chart that installs the CRDs used by rancher-gatekeeper.
diff --git a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/assign-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/assign-customresourcedefinition.yaml
deleted file mode 100644
index bbbd2f3e4..000000000
--- a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/assign-customresourcedefinition.yaml
+++ /dev/null
@@ -1,444 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.5.0
-  labels:
-    gatekeeper.sh/system: "yes"
-  name: assign.mutations.gatekeeper.sh
-spec:
-  group: mutations.gatekeeper.sh
-  names:
-    kind: Assign
-    listKind: AssignList
-    plural: assign
-    singular: assign
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: Assign is the Schema for the assign API.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            properties:
-              name:
-                maxLength: 63
-                type: string
-            type: object
-          spec:
-            description: AssignSpec defines the desired state of Assign.
-            properties:
-              applyTo:
-                description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs.
-                items:
-                  description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.
-                  properties:
-                    groups:
-                      items:
-                        type: string
-                      type: array
-                    kinds:
-                      items:
-                        type: string
-                      type: array
-                    versions:
-                      items:
-                        type: string
-                      type: array
-                  type: object
-                type: array
-              location:
-                description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.'
-                type: string
-              match:
-                description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.
-                properties:
-                  excludedNamespaces:
-                    items:
-                      description: 'A string that supports globbing at its end.  Ex: "kube-*" will match "kube-system" or "kube-public".  The asterisk is required for wildcard matching.'
-                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                      type: string
-                    type: array
-                  kinds:
-                    items:
-                      description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
-                      properties:
-                        apiGroups:
-                          description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
-                          items:
-                            type: string
-                          type: array
-                        kinds:
-                          items:
-                            type: string
-                          type: array
-                      type: object
-                    type: array
-                  labelSelector:
-                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
-                    properties:
-                      matchExpressions:
-                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                        items:
-                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                          properties:
-                            key:
-                              description: key is the label key that the selector applies to.
-                              type: string
-                            operator:
-                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                              type: string
-                            values:
-                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - key
-                          - operator
-                          type: object
-                        type: array
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                        type: object
-                    type: object
-                  name:
-                    description: 'Name is the name of an object.  If defined, it will match against objects with the specified name.  Name also supports a prefix-based glob.  For example, `name: pod-*` would match both `pod-a` and `pod-b`.'
-                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                    type: string
-                  namespaceSelector:
-                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
-                    properties:
-                      matchExpressions:
-                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                        items:
-                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                          properties:
-                            key:
-                              description: key is the label key that the selector applies to.
-                              type: string
-                            operator:
-                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                              type: string
-                            values:
-                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - key
-                          - operator
-                          type: object
-                        type: array
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                        type: object
-                    type: object
-                  namespaces:
-                    items:
-                      description: 'A string that supports globbing at its end.  Ex: "kube-*" will match "kube-system" or "kube-public".  The asterisk is required for wildcard matching.'
-                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                      type: string
-                    type: array
-                  scope:
-                    description: ResourceScope is an enum defining the different scopes available to a custom resource
-                    type: string
-                type: object
-              parameters:
-                description: Parameters define the behavior of the mutator.
-                properties:
-                  assign:
-                    description: Assign.value holds the value to be assigned
-                    properties:
-                      fromMetadata:
-                        description: FromMetadata assigns a value from the specified metadata field.
-                        properties:
-                          field:
-                            description: Field specifies which metadata field provides the assigned value. Valid fields are `namespace` and `name`.
-                            type: string
-                        type: object
-                      value:
-                        description: Value is a constant value that will be assigned to `location`
-                        x-kubernetes-preserve-unknown-fields: true
-                    type: object
-                  pathTests:
-                    items:
-                      description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist    - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate."
-                      properties:
-                        condition:
-                          description: Condition describes whether the path either MustExist or MustNotExist in the original object
-                          enum:
-                          - MustExist
-                          - MustNotExist
-                          type: string
-                        subPath:
-                          type: string
-                      type: object
-                    type: array
-                type: object
-            type: object
-          status:
-            description: AssignStatus defines the observed state of Assign.
-            properties:
-              byPod:
-                items:
-                  description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
-                  properties:
-                    enforced:
-                      type: boolean
-                    errors:
-                      items:
-                        description: MutatorError represents a single error caught while adding a mutator to a system.
-                        properties:
-                          message:
-                            type: string
-                          type:
-                            description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.
-                            type: string
-                        required:
-                        - message
-                        type: object
-                      type: array
-                    id:
-                      type: string
-                    mutatorUID:
-                      description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
-                      type: string
-                    observedGeneration:
-                      format: int64
-                      type: integer
-                    operations:
-                      items:
-                        type: string
-                      type: array
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: Assign is the Schema for the assign API.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: AssignSpec defines the desired state of Assign.
-            properties:
-              applyTo:
-                description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs.
-                items:
-                  description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.
-                  properties:
-                    groups:
-                      items:
-                        type: string
-                      type: array
-                    kinds:
-                      items:
-                        type: string
-                      type: array
-                    versions:
-                      items:
-                        type: string
-                      type: array
-                  type: object
-                type: array
-              location:
-                description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.'
-                type: string
-              match:
-                description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.
-                properties:
-                  excludedNamespaces:
-                    items:
-                      description: 'A string that supports globbing at its end.  Ex: "kube-*" will match "kube-system" or "kube-public".  The asterisk is required for wildcard matching.'
-                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                      type: string
-                    type: array
-                  kinds:
-                    items:
-                      description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
-                      properties:
-                        apiGroups:
-                          description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
-                          items:
-                            type: string
-                          type: array
-                        kinds:
-                          items:
-                            type: string
-                          type: array
-                      type: object
-                    type: array
-                  labelSelector:
-                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
-                    properties:
-                      matchExpressions:
-                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                        items:
-                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                          properties:
-                            key:
-                              description: key is the label key that the selector applies to.
-                              type: string
-                            operator:
-                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                              type: string
-                            values:
-                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - key
-                          - operator
-                          type: object
-                        type: array
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                        type: object
-                    type: object
-                  name:
-                    description: 'Name is the name of an object.  If defined, it will match against objects with the specified name.  Name also supports a prefix-based glob.  For example, `name: pod-*` would match both `pod-a` and `pod-b`.'
-                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                    type: string
-                  namespaceSelector:
-                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
-                    properties:
-                      matchExpressions:
-                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                        items:
-                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                          properties:
-                            key:
-                              description: key is the label key that the selector applies to.
-                              type: string
-                            operator:
-                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                              type: string
-                            values:
-                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - key
-                          - operator
-                          type: object
-                        type: array
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                        type: object
-                    type: object
-                  namespaces:
-                    items:
-                      description: 'A string that supports globbing at its end.  Ex: "kube-*" will match "kube-system" or "kube-public".  The asterisk is required for wildcard matching.'
-                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                      type: string
-                    type: array
-                  scope:
-                    description: ResourceScope is an enum defining the different scopes available to a custom resource
-                    type: string
-                type: object
-              parameters:
-                description: Parameters define the behavior of the mutator.
-                properties:
-                  assign:
-                    description: Assign.value holds the value to be assigned
-                    properties:
-                      fromMetadata:
-                        description: FromMetadata assigns a value from the specified metadata field.
-                        properties:
-                          field:
-                            description: Field specifies which metadata field provides the assigned value. Valid fields are `namespace` and `name`.
-                            type: string
-                        type: object
-                      value:
-                        description: Value is a constant value that will be assigned to `location`
-                        x-kubernetes-preserve-unknown-fields: true
-                    type: object
-                  pathTests:
-                    items:
-                      description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist    - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate."
-                      properties:
-                        condition:
-                          description: Condition describes whether the path either MustExist or MustNotExist in the original object
-                          enum:
-                          - MustExist
-                          - MustNotExist
-                          type: string
-                        subPath:
-                          type: string
-                      type: object
-                    type: array
-                type: object
-            type: object
-          status:
-            description: AssignStatus defines the observed state of Assign.
-            properties:
-              byPod:
-                items:
-                  description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
-                  properties:
-                    enforced:
-                      type: boolean
-                    errors:
-                      items:
-                        description: MutatorError represents a single error caught while adding a mutator to a system.
-                        properties:
-                          message:
-                            type: string
-                          type:
-                            description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.
-                            type: string
-                        required:
-                        - message
-                        type: object
-                      type: array
-                    id:
-                      type: string
-                    mutatorUID:
-                      description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
-                      type: string
-                    observedGeneration:
-                      format: int64
-                      type: integer
-                    operations:
-                      items:
-                        type: string
-                      type: array
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
diff --git a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/assignmetadata-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/assignmetadata-customresourcedefinition.yaml
deleted file mode 100644
index f0708748a..000000000
--- a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/assignmetadata-customresourcedefinition.yaml
+++ /dev/null
@@ -1,376 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.5.0
-  labels:
-    gatekeeper.sh/system: "yes"
-  name: assignmetadata.mutations.gatekeeper.sh
-spec:
-  group: mutations.gatekeeper.sh
-  names:
-    kind: AssignMetadata
-    listKind: AssignMetadataList
-    plural: assignmetadata
-    singular: assignmetadata
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: AssignMetadata is the Schema for the assignmetadata API.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            properties:
-              name:
-                maxLength: 63
-                type: string
-            type: object
-          spec:
-            description: AssignMetadataSpec defines the desired state of AssignMetadata.
-            properties:
-              location:
-                type: string
-              match:
-                description: Match selects objects to apply mutations to.
-                properties:
-                  excludedNamespaces:
-                    items:
-                      description: 'A string that supports globbing at its end.  Ex: "kube-*" will match "kube-system" or "kube-public".  The asterisk is required for wildcard matching.'
-                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                      type: string
-                    type: array
-                  kinds:
-                    items:
-                      description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
-                      properties:
-                        apiGroups:
-                          description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
-                          items:
-                            type: string
-                          type: array
-                        kinds:
-                          items:
-                            type: string
-                          type: array
-                      type: object
-                    type: array
-                  labelSelector:
-                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
-                    properties:
-                      matchExpressions:
-                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                        items:
-                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                          properties:
-                            key:
-                              description: key is the label key that the selector applies to.
-                              type: string
-                            operator:
-                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                              type: string
-                            values:
-                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - key
-                          - operator
-                          type: object
-                        type: array
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                        type: object
-                    type: object
-                  name:
-                    description: 'Name is the name of an object.  If defined, it will match against objects with the specified name.  Name also supports a prefix-based glob.  For example, `name: pod-*` would match both `pod-a` and `pod-b`.'
-                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                    type: string
-                  namespaceSelector:
-                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
-                    properties:
-                      matchExpressions:
-                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                        items:
-                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                          properties:
-                            key:
-                              description: key is the label key that the selector applies to.
-                              type: string
-                            operator:
-                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                              type: string
-                            values:
-                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - key
-                          - operator
-                          type: object
-                        type: array
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                        type: object
-                    type: object
-                  namespaces:
-                    items:
-                      description: 'A string that supports globbing at its end.  Ex: "kube-*" will match "kube-system" or "kube-public".  The asterisk is required for wildcard matching.'
-                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                      type: string
-                    type: array
-                  scope:
-                    description: ResourceScope is an enum defining the different scopes available to a custom resource
-                    type: string
-                type: object
-              parameters:
-                properties:
-                  assign:
-                    description: Assign.value holds the value to be assigned
-                    properties:
-                      fromMetadata:
-                        description: FromMetadata assigns a value from the specified metadata field.
-                        properties:
-                          field:
-                            description: Field specifies which metadata field provides the assigned value. Valid fields are `namespace` and `name`.
-                            type: string
-                        type: object
-                      value:
-                        description: Value is a constant value that will be assigned to `location`
-                        x-kubernetes-preserve-unknown-fields: true
-                    type: object
-                type: object
-            type: object
-          status:
-            description: AssignMetadataStatus defines the observed state of AssignMetadata.
-            properties:
-              byPod:
-                description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file'
-                items:
-                  description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
-                  properties:
-                    enforced:
-                      type: boolean
-                    errors:
-                      items:
-                        description: MutatorError represents a single error caught while adding a mutator to a system.
-                        properties:
-                          message:
-                            type: string
-                          type:
-                            description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.
-                            type: string
-                        required:
-                        - message
-                        type: object
-                      type: array
-                    id:
-                      type: string
-                    mutatorUID:
-                      description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
-                      type: string
-                    observedGeneration:
-                      format: int64
-                      type: integer
-                    operations:
-                      items:
-                        type: string
-                      type: array
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: AssignMetadata is the Schema for the assignmetadata API.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: AssignMetadataSpec defines the desired state of AssignMetadata.
-            properties:
-              location:
-                type: string
-              match:
-                description: Match selects objects to apply mutations to.
-                properties:
-                  excludedNamespaces:
-                    items:
-                      description: 'A string that supports globbing at its end.  Ex: "kube-*" will match "kube-system" or "kube-public".  The asterisk is required for wildcard matching.'
-                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                      type: string
-                    type: array
-                  kinds:
-                    items:
-                      description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
-                      properties:
-                        apiGroups:
-                          description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
-                          items:
-                            type: string
-                          type: array
-                        kinds:
-                          items:
-                            type: string
-                          type: array
-                      type: object
-                    type: array
-                  labelSelector:
-                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
-                    properties:
-                      matchExpressions:
-                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                        items:
-                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                          properties:
-                            key:
-                              description: key is the label key that the selector applies to.
-                              type: string
-                            operator:
-                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                              type: string
-                            values:
-                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - key
-                          - operator
-                          type: object
-                        type: array
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                        type: object
-                    type: object
-                  name:
-                    description: 'Name is the name of an object.  If defined, it will match against objects with the specified name.  Name also supports a prefix-based glob.  For example, `name: pod-*` would match both `pod-a` and `pod-b`.'
-                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                    type: string
-                  namespaceSelector:
-                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
-                    properties:
-                      matchExpressions:
-                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                        items:
-                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                          properties:
-                            key:
-                              description: key is the label key that the selector applies to.
-                              type: string
-                            operator:
-                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                              type: string
-                            values:
-                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - key
-                          - operator
-                          type: object
-                        type: array
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                        type: object
-                    type: object
-                  namespaces:
-                    items:
-                      description: 'A string that supports globbing at its end.  Ex: "kube-*" will match "kube-system" or "kube-public".  The asterisk is required for wildcard matching.'
-                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                      type: string
-                    type: array
-                  scope:
-                    description: ResourceScope is an enum defining the different scopes available to a custom resource
-                    type: string
-                type: object
-              parameters:
-                properties:
-                  assign:
-                    description: Assign.value holds the value to be assigned
-                    properties:
-                      fromMetadata:
-                        description: FromMetadata assigns a value from the specified metadata field.
-                        properties:
-                          field:
-                            description: Field specifies which metadata field provides the assigned value. Valid fields are `namespace` and `name`.
-                            type: string
-                        type: object
-                      value:
-                        description: Value is a constant value that will be assigned to `location`
-                        x-kubernetes-preserve-unknown-fields: true
-                    type: object
-                type: object
-            type: object
-          status:
-            description: AssignMetadataStatus defines the observed state of AssignMetadata.
-            properties:
-              byPod:
-                description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file'
-                items:
-                  description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
-                  properties:
-                    enforced:
-                      type: boolean
-                    errors:
-                      items:
-                        description: MutatorError represents a single error caught while adding a mutator to a system.
-                        properties:
-                          message:
-                            type: string
-                          type:
-                            description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.
-                            type: string
-                        required:
-                        - message
-                        type: object
-                      type: array
-                    id:
-                      type: string
-                    mutatorUID:
-                      description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
-                      type: string
-                    observedGeneration:
-                      format: int64
-                      type: integer
-                    operations:
-                      items:
-                        type: string
-                      type: array
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
diff --git a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/config-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/config-customresourcedefinition.yaml
deleted file mode 100644
index 66b0092bf..000000000
--- a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/config-customresourcedefinition.yaml
+++ /dev/null
@@ -1,105 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.5.0
-  labels:
-    gatekeeper.sh/system: "yes"
-  name: configs.config.gatekeeper.sh
-spec:
-  group: config.gatekeeper.sh
-  names:
-    kind: Config
-    listKind: ConfigList
-    plural: configs
-    singular: config
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: Config is the Schema for the configs API.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ConfigSpec defines the desired state of Config.
-            properties:
-              match:
-                description: Configuration for namespace exclusion
-                items:
-                  properties:
-                    excludedNamespaces:
-                      items:
-                        description: 'A string that supports globbing at its end.  Ex: "kube-*" will match "kube-system" or "kube-public".  The asterisk is required for wildcard matching.'
-                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                        type: string
-                      type: array
-                    processes:
-                      items:
-                        type: string
-                      type: array
-                  type: object
-                type: array
-              readiness:
-                description: Configuration for readiness tracker
-                properties:
-                  statsEnabled:
-                    type: boolean
-                type: object
-              sync:
-                description: Configuration for syncing k8s objects
-                properties:
-                  syncOnly:
-                    description: If non-empty, only entries on this list will be replicated into OPA
-                    items:
-                      properties:
-                        group:
-                          type: string
-                        kind:
-                          type: string
-                        version:
-                          type: string
-                      type: object
-                    type: array
-                type: object
-              validation:
-                description: Configuration for validation
-                properties:
-                  traces:
-                    description: List of requests to trace. Both "user" and "kinds" must be specified
-                    items:
-                      properties:
-                        dump:
-                          description: Also dump the state of OPA with the trace. Set to `All` to dump everything.
-                          type: string
-                        kind:
-                          description: Only trace requests of the following GroupVersionKind
-                          properties:
-                            group:
-                              type: string
-                            kind:
-                              type: string
-                            version:
-                              type: string
-                          type: object
-                        user:
-                          description: Only trace requests from the specified user
-                          type: string
-                      type: object
-                    type: array
-                type: object
-            type: object
-          status:
-            description: ConfigStatus defines the observed state of Config.
-            type: object
-        type: object
-    served: true
-    storage: true
diff --git a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/constraintpodstatus-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/constraintpodstatus-customresourcedefinition.yaml
deleted file mode 100644
index d255b8104..000000000
--- a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/constraintpodstatus-customresourcedefinition.yaml
+++ /dev/null
@@ -1,67 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.5.0
-  labels:
-    gatekeeper.sh/system: "yes"
-  name: constraintpodstatuses.status.gatekeeper.sh
-spec:
-  group: status.gatekeeper.sh
-  names:
-    kind: ConstraintPodStatus
-    listKind: ConstraintPodStatusList
-    plural: constraintpodstatuses
-    singular: constraintpodstatus
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: ConstraintPodStatus is the Schema for the constraintpodstatuses API.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          status:
-            description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus.
-            properties:
-              constraintUID:
-                description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch
-                type: string
-              enforced:
-                type: boolean
-              errors:
-                items:
-                  description: Error represents a single error caught while adding a constraint to OPA.
-                  properties:
-                    code:
-                      type: string
-                    location:
-                      type: string
-                    message:
-                      type: string
-                  required:
-                  - code
-                  - message
-                  type: object
-                type: array
-              id:
-                type: string
-              observedGeneration:
-                format: int64
-                type: integer
-              operations:
-                items:
-                  type: string
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
diff --git a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/constrainttemplate-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/constrainttemplate-customresourcedefinition.yaml
deleted file mode 100644
index c24938c8a..000000000
--- a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/constrainttemplate-customresourcedefinition.yaml
+++ /dev/null
@@ -1,303 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.5.0
-  labels:
-    gatekeeper.sh/system: "yes"
-  name: constrainttemplates.templates.gatekeeper.sh
-spec:
-  group: templates.gatekeeper.sh
-  names:
-    kind: ConstraintTemplate
-    listKind: ConstraintTemplateList
-    plural: constrainttemplates
-    singular: constrainttemplate
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        description: ConstraintTemplate is the Schema for the constrainttemplates API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate.
-            properties:
-              crd:
-                properties:
-                  spec:
-                    properties:
-                      names:
-                        properties:
-                          kind:
-                            type: string
-                          shortNames:
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      validation:
-                        default:
-                          legacySchema: false
-                        properties:
-                          legacySchema:
-                            default: false
-                            type: boolean
-                          openAPIV3Schema:
-                            type: object
-                            x-kubernetes-preserve-unknown-fields: true
-                        type: object
-                    type: object
-                type: object
-              targets:
-                items:
-                  properties:
-                    libs:
-                      items:
-                        type: string
-                      type: array
-                    rego:
-                      type: string
-                    target:
-                      type: string
-                  type: object
-                type: array
-            type: object
-          status:
-            description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate.
-            properties:
-              byPod:
-                items:
-                  description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller
-                  properties:
-                    errors:
-                      items:
-                        description: CreateCRDError represents a single error caught during parsing, compiling, etc.
-                        properties:
-                          code:
-                            type: string
-                          location:
-                            type: string
-                          message:
-                            type: string
-                        required:
-                        - code
-                        - message
-                        type: object
-                      type: array
-                    id:
-                      description: a unique identifier for the pod that wrote the status
-                      type: string
-                    observedGeneration:
-                      format: int64
-                      type: integer
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                type: array
-              created:
-                type: boolean
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: ConstraintTemplate is the Schema for the constrainttemplates API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate.
-            properties:
-              crd:
-                properties:
-                  spec:
-                    properties:
-                      names:
-                        properties:
-                          kind:
-                            type: string
-                          shortNames:
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      validation:
-                        default:
-                          legacySchema: true
-                        properties:
-                          legacySchema:
-                            default: true
-                            type: boolean
-                          openAPIV3Schema:
-                            type: object
-                            x-kubernetes-preserve-unknown-fields: true
-                        type: object
-                    type: object
-                type: object
-              targets:
-                items:
-                  properties:
-                    libs:
-                      items:
-                        type: string
-                      type: array
-                    rego:
-                      type: string
-                    target:
-                      type: string
-                  type: object
-                type: array
-            type: object
-          status:
-            description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate.
-            properties:
-              byPod:
-                items:
-                  description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller
-                  properties:
-                    errors:
-                      items:
-                        description: CreateCRDError represents a single error caught during parsing, compiling, etc.
-                        properties:
-                          code:
-                            type: string
-                          location:
-                            type: string
-                          message:
-                            type: string
-                        required:
-                        - code
-                        - message
-                        type: object
-                      type: array
-                    id:
-                      description: a unique identifier for the pod that wrote the status
-                      type: string
-                    observedGeneration:
-                      format: int64
-                      type: integer
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                type: array
-              created:
-                type: boolean
-            type: object
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: ConstraintTemplate is the Schema for the constrainttemplates API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate.
-            properties:
-              crd:
-                properties:
-                  spec:
-                    properties:
-                      names:
-                        properties:
-                          kind:
-                            type: string
-                          shortNames:
-                            items:
-                              type: string
-                            type: array
-                        type: object
-                      validation:
-                        default:
-                          legacySchema: true
-                        properties:
-                          legacySchema:
-                            default: true
-                            type: boolean
-                          openAPIV3Schema:
-                            type: object
-                            x-kubernetes-preserve-unknown-fields: true
-                        type: object
-                    type: object
-                type: object
-              targets:
-                items:
-                  properties:
-                    libs:
-                      items:
-                        type: string
-                      type: array
-                    rego:
-                      type: string
-                    target:
-                      type: string
-                  type: object
-                type: array
-            type: object
-          status:
-            description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate.
-            properties:
-              byPod:
-                items:
-                  description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller
-                  properties:
-                    errors:
-                      items:
-                        description: CreateCRDError represents a single error caught during parsing, compiling, etc.
-                        properties:
-                          code:
-                            type: string
-                          location:
-                            type: string
-                          message:
-                            type: string
-                        required:
-                        - code
-                        - message
-                        type: object
-                      type: array
-                    id:
-                      description: a unique identifier for the pod that wrote the status
-                      type: string
-                    observedGeneration:
-                      format: int64
-                      type: integer
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                type: array
-              created:
-                type: boolean
-            type: object
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
diff --git a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml
deleted file mode 100644
index a5f3ede73..000000000
--- a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml
+++ /dev/null
@@ -1,66 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.5.0
-  labels:
-    gatekeeper.sh/system: "yes"
-  name: constrainttemplatepodstatuses.status.gatekeeper.sh
-spec:
-  group: status.gatekeeper.sh
-  names:
-    kind: ConstraintTemplatePodStatus
-    listKind: ConstraintTemplatePodStatusList
-    plural: constrainttemplatepodstatuses
-    singular: constrainttemplatepodstatus
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          status:
-            description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus.
-            properties:
-              errors:
-                items:
-                  description: CreateCRDError represents a single error caught during parsing, compiling, etc.
-                  properties:
-                    code:
-                      type: string
-                    location:
-                      type: string
-                    message:
-                      type: string
-                  required:
-                  - code
-                  - message
-                  type: object
-                type: array
-              id:
-                description: 'Important: Run "make" to regenerate code after modifying this file'
-                type: string
-              observedGeneration:
-                format: int64
-                type: integer
-              operations:
-                items:
-                  type: string
-                type: array
-              templateUID:
-                description: UID is a type that holds unique ID values, including UUIDs.  Because we don't ONLY use UUIDs, this is an alias to string.  Being a type captures intent and helps make sure that UIDs and names do not get conflated.
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
diff --git a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/modifyset-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/modifyset-customresourcedefinition.yaml
deleted file mode 100644
index 9e3353d53..000000000
--- a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/modifyset-customresourcedefinition.yaml
+++ /dev/null
@@ -1,446 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.5.0
-  labels:
-    gatekeeper.sh/system: "yes"
-  name: modifyset.mutations.gatekeeper.sh
-spec:
-  group: mutations.gatekeeper.sh
-  names:
-    kind: ModifySet
-    listKind: ModifySetList
-    plural: modifyset
-    singular: modifyset
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            properties:
-              name:
-                maxLength: 63
-                type: string
-            type: object
-          spec:
-            description: ModifySetSpec defines the desired state of ModifySet.
-            properties:
-              applyTo:
-                description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs.
-                items:
-                  description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.
-                  properties:
-                    groups:
-                      items:
-                        type: string
-                      type: array
-                    kinds:
-                      items:
-                        type: string
-                      type: array
-                    versions:
-                      items:
-                        type: string
-                      type: array
-                  type: object
-                type: array
-              location:
-                description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.'
-                type: string
-              match:
-                description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.
-                properties:
-                  excludedNamespaces:
-                    items:
-                      description: 'A string that supports globbing at its end.  Ex: "kube-*" will match "kube-system" or "kube-public".  The asterisk is required for wildcard matching.'
-                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                      type: string
-                    type: array
-                  kinds:
-                    items:
-                      description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
-                      properties:
-                        apiGroups:
-                          description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
-                          items:
-                            type: string
-                          type: array
-                        kinds:
-                          items:
-                            type: string
-                          type: array
-                      type: object
-                    type: array
-                  labelSelector:
-                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
-                    properties:
-                      matchExpressions:
-                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                        items:
-                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                          properties:
-                            key:
-                              description: key is the label key that the selector applies to.
-                              type: string
-                            operator:
-                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                              type: string
-                            values:
-                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - key
-                          - operator
-                          type: object
-                        type: array
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                        type: object
-                    type: object
-                  name:
-                    description: 'Name is the name of an object.  If defined, it will match against objects with the specified name.  Name also supports a prefix-based glob.  For example, `name: pod-*` would match both `pod-a` and `pod-b`.'
-                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                    type: string
-                  namespaceSelector:
-                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
-                    properties:
-                      matchExpressions:
-                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                        items:
-                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                          properties:
-                            key:
-                              description: key is the label key that the selector applies to.
-                              type: string
-                            operator:
-                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                              type: string
-                            values:
-                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - key
-                          - operator
-                          type: object
-                        type: array
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                        type: object
-                    type: object
-                  namespaces:
-                    items:
-                      description: 'A string that supports globbing at its end.  Ex: "kube-*" will match "kube-system" or "kube-public".  The asterisk is required for wildcard matching.'
-                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                      type: string
-                    type: array
-                  scope:
-                    description: ResourceScope is an enum defining the different scopes available to a custom resource
-                    type: string
-                type: object
-              parameters:
-                description: Parameters define the behavior of the mutator.
-                properties:
-                  operation:
-                    default: merge
-                    description: Operation describes whether values should be merged in ("merge"), or pruned ("prune"). Default value is "merge"
-                    enum:
-                    - merge
-                    - prune
-                    type: string
-                  pathTests:
-                    description: PathTests are a series of existence tests that can be checked before a mutation is applied
-                    items:
-                      description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist    - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate."
-                      properties:
-                        condition:
-                          description: Condition describes whether the path either MustExist or MustNotExist in the original object
-                          enum:
-                          - MustExist
-                          - MustNotExist
-                          type: string
-                        subPath:
-                          type: string
-                      type: object
-                    type: array
-                  values:
-                    description: Values describes the values provided to the operation as `values.fromList`.
-                    type: object
-                    x-kubernetes-preserve-unknown-fields: true
-                type: object
-            type: object
-          status:
-            description: ModifySetStatus defines the observed state of ModifySet.
-            properties:
-              byPod:
-                items:
-                  description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
-                  properties:
-                    enforced:
-                      type: boolean
-                    errors:
-                      items:
-                        description: MutatorError represents a single error caught while adding a mutator to a system.
-                        properties:
-                          message:
-                            type: string
-                          type:
-                            description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.
-                            type: string
-                        required:
-                        - message
-                        type: object
-                      type: array
-                    id:
-                      type: string
-                    mutatorUID:
-                      description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
-                      type: string
-                    observedGeneration:
-                      format: int64
-                      type: integer
-                    operations:
-                      items:
-                        type: string
-                      type: array
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: false
-    subresources:
-      status: {}
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: ModifySetSpec defines the desired state of ModifySet.
-            properties:
-              applyTo:
-                description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs.
-                items:
-                  description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.
-                  properties:
-                    groups:
-                      items:
-                        type: string
-                      type: array
-                    kinds:
-                      items:
-                        type: string
-                      type: array
-                    versions:
-                      items:
-                        type: string
-                      type: array
-                  type: object
-                type: array
-              location:
-                description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.'
-                type: string
-              match:
-                description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.
-                properties:
-                  excludedNamespaces:
-                    items:
-                      description: 'A string that supports globbing at its end.  Ex: "kube-*" will match "kube-system" or "kube-public".  The asterisk is required for wildcard matching.'
-                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                      type: string
-                    type: array
-                  kinds:
-                    items:
-                      description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
-                      properties:
-                        apiGroups:
-                          description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
-                          items:
-                            type: string
-                          type: array
-                        kinds:
-                          items:
-                            type: string
-                          type: array
-                      type: object
-                    type: array
-                  labelSelector:
-                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
-                    properties:
-                      matchExpressions:
-                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                        items:
-                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                          properties:
-                            key:
-                              description: key is the label key that the selector applies to.
-                              type: string
-                            operator:
-                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                              type: string
-                            values:
-                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - key
-                          - operator
-                          type: object
-                        type: array
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                        type: object
-                    type: object
-                  name:
-                    description: 'Name is the name of an object.  If defined, it will match against objects with the specified name.  Name also supports a prefix-based glob.  For example, `name: pod-*` would match both `pod-a` and `pod-b`.'
-                    pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                    type: string
-                  namespaceSelector:
-                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
-                    properties:
-                      matchExpressions:
-                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
-                        items:
-                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
-                          properties:
-                            key:
-                              description: key is the label key that the selector applies to.
-                              type: string
-                            operator:
-                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
-                              type: string
-                            values:
-                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - key
-                          - operator
-                          type: object
-                        type: array
-                      matchLabels:
-                        additionalProperties:
-                          type: string
-                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
-                        type: object
-                    type: object
-                  namespaces:
-                    items:
-                      description: 'A string that supports globbing at its end.  Ex: "kube-*" will match "kube-system" or "kube-public".  The asterisk is required for wildcard matching.'
-                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
-                      type: string
-                    type: array
-                  scope:
-                    description: ResourceScope is an enum defining the different scopes available to a custom resource
-                    type: string
-                type: object
-              parameters:
-                description: Parameters define the behavior of the mutator.
-                properties:
-                  operation:
-                    default: merge
-                    description: Operation describes whether values should be merged in ("merge"), or pruned ("prune"). Default value is "merge"
-                    enum:
-                    - merge
-                    - prune
-                    type: string
-                  pathTests:
-                    description: PathTests are a series of existence tests that can be checked before a mutation is applied
-                    items:
-                      description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist    - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate."
-                      properties:
-                        condition:
-                          description: Condition describes whether the path either MustExist or MustNotExist in the original object
-                          enum:
-                          - MustExist
-                          - MustNotExist
-                          type: string
-                        subPath:
-                          type: string
-                      type: object
-                    type: array
-                  values:
-                    description: Values describes the values provided to the operation as `values.fromList`.
-                    type: object
-                    x-kubernetes-preserve-unknown-fields: true
-                type: object
-            type: object
-          status:
-            description: ModifySetStatus defines the observed state of ModifySet.
-            properties:
-              byPod:
-                items:
-                  description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
-                  properties:
-                    enforced:
-                      type: boolean
-                    errors:
-                      items:
-                        description: MutatorError represents a single error caught while adding a mutator to a system.
-                        properties:
-                          message:
-                            type: string
-                          type:
-                            description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.
-                            type: string
-                        required:
-                        - message
-                        type: object
-                      type: array
-                    id:
-                      type: string
-                    mutatorUID:
-                      description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
-                      type: string
-                    observedGeneration:
-                      format: int64
-                      type: integer
-                    operations:
-                      items:
-                        type: string
-                      type: array
-                  type: object
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
diff --git a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml
deleted file mode 100644
index 96204b9f9..000000000
--- a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml
+++ /dev/null
@@ -1,65 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.5.0
-  labels:
-    gatekeeper.sh/system: "yes"
-  name: mutatorpodstatuses.status.gatekeeper.sh
-spec:
-  group: status.gatekeeper.sh
-  names:
-    kind: MutatorPodStatus
-    listKind: MutatorPodStatusList
-    plural: mutatorpodstatuses
-    singular: mutatorpodstatus
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: MutatorPodStatus is the Schema for the mutationpodstatuses API.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          status:
-            description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
-            properties:
-              enforced:
-                type: boolean
-              errors:
-                items:
-                  description: MutatorError represents a single error caught while adding a mutator to a system.
-                  properties:
-                    message:
-                      type: string
-                    type:
-                      description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.
-                      type: string
-                  required:
-                  - message
-                  type: object
-                type: array
-              id:
-                type: string
-              mutatorUID:
-                description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
-                type: string
-              observedGeneration:
-                format: int64
-                type: integer
-              operations:
-                items:
-                  type: string
-                type: array
-            type: object
-        type: object
-    served: true
-    storage: true
diff --git a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/provider-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/provider-customresourcedefinition.yaml
deleted file mode 100644
index 42eb7190d..000000000
--- a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/crd-manifest/provider-customresourcedefinition.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.5.0
-  labels:
-    gatekeeper.sh/system: "yes"
-  name: providers.externaldata.gatekeeper.sh
-spec:
-  group: externaldata.gatekeeper.sh
-  names:
-    kind: Provider
-    listKind: ProviderList
-    plural: providers
-    singular: provider
-  preserveUnknownFields: false
-  scope: Cluster
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        description: Provider is the Schema for the Provider API
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: Spec defines the Provider specifications.
-            properties:
-              timeout:
-                description: Timeout is the timeout when querying the provider.
-                type: integer
-              url:
-                description: URL is the url for the provider. URL is prefixed with http:// or https://.
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
diff --git a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/templates/_helpers.tpl b/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/templates/_helpers.tpl
deleted file mode 100644
index 39b26c195..000000000
--- a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/templates/_helpers.tpl
+++ /dev/null
@@ -1,7 +0,0 @@
-# Rancher
-
-{{- define "system_default_registry" -}}
-{{- if .Values.global.cattle.systemDefaultRegistry -}}
-{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
-{{- end -}}
-{{- end -}}
diff --git a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/templates/jobs.yaml b/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/templates/jobs.yaml
deleted file mode 100644
index 671d11f8c..000000000
--- a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/templates/jobs.yaml
+++ /dev/null
@@ -1,108 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ .Chart.Name }}-create
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: {{ .Chart.Name }}
-  annotations:
-    "helm.sh/hook": post-install, post-upgrade, post-rollback
-    "helm.sh/hook-delete-policy": hook-succeeded
-spec:
-  template:
-    metadata:
-      name: {{ .Chart.Name }}-create
-      labels:
-        app: {{ .Chart.Name }}
-    spec:
-      serviceAccountName: {{ .Chart.Name }}-manager
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-{{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
-{{- end }}
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- if .Values.tolerations }}
-{{ toYaml .Values.tolerations | indent 8 }}
-{{- end }}
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 1000
-      containers:
-        - name: create-crds
-          image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
-          imagePullPolicy: IfNotPresent
-          command:
-          - /bin/kubectl
-          - apply
-          - -f
-          - /etc/config/crd-manifest.yaml
-          volumeMounts:
-            - name: crd-manifest
-              readOnly: true
-              mountPath: /etc/config
-      restartPolicy: OnFailure
-      volumes:
-      - name: crd-manifest
-        configMap:
-          name: {{ .Chart.Name }}-manifest
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ .Chart.Name }}-delete
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: {{ .Chart.Name }}
-  annotations:
-    "helm.sh/hook": pre-delete
-    "helm.sh/hook-delete-policy": hook-succeeded
-spec:
-  template:
-    metadata:
-      name: {{ .Chart.Name }}-delete
-      labels:
-        app: {{ .Chart.Name }}
-    spec:
-      serviceAccountName: {{ .Chart.Name }}-manager
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-{{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
-{{- end }}
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- if .Values.tolerations }}
-{{ toYaml .Values.tolerations | indent 8 }}
-{{- end }}
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 1000
-      initContainers:
-        - name: remove-finalizers
-          image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
-          imagePullPolicy: IfNotPresent
-          command:
-          - /bin/kubectl
-          - apply
-          - -f
-          - /etc/config/crd-manifest.yaml
-          volumeMounts:
-            - name: crd-manifest
-              readOnly: true
-              mountPath: /etc/config
-      containers:
-        - name: delete-crds
-          image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
-          imagePullPolicy: IfNotPresent
-          command:
-          - /bin/kubectl
-          - delete
-          - -f
-          - /etc/config/crd-manifest.yaml
-          volumeMounts:
-            - name: crd-manifest
-              readOnly: true
-              mountPath: /etc/config
-      restartPolicy: OnFailure
-      volumes:
-      - name: crd-manifest
-        configMap:
-          name: {{ .Chart.Name }}-manifest
diff --git a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/templates/manifest.yaml b/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/templates/manifest.yaml
deleted file mode 100644
index 31016b6ef..000000000
--- a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/templates/manifest.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Chart.Name }}-manifest
-  namespace: {{ .Release.Namespace }}
-data:
-  crd-manifest.yaml: |
-    {{- $currentScope := . -}}
-    {{- $crds := (.Files.Glob  "crd-manifest/**.yaml") -}}
-    {{- range $path, $_ :=  $crds -}}
-    {{- with $currentScope -}}
-    {{ .Files.Get $path | nindent 4 }}
-    ---
-    {{- end -}}{{- end -}}
diff --git a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/templates/rbac.yaml b/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/templates/rbac.yaml
deleted file mode 100644
index bdda1ddad..000000000
--- a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/templates/rbac.yaml
+++ /dev/null
@@ -1,72 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ .Chart.Name }}-manager
-  labels:
-    app: {{ .Chart.Name }}-manager
-rules:
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs: ['create', 'get', 'patch', 'delete']
-- apiGroups: ['policy']
-  resources: ['podsecuritypolicies']
-  verbs:     ['use']
-  resourceNames:
-  - {{ .Chart.Name }}-manager
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Chart.Name }}-manager
-  labels:
-    app: {{ .Chart.Name }}-manager
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .Chart.Name }}-manager
-subjects:
-- kind: ServiceAccount
-  name: {{ .Chart.Name }}-manager
-  namespace: {{ .Release.Namespace }}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Chart.Name }}-manager
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: {{ .Chart.Name }}-manager
----
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: {{ .Chart.Name }}-manager
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: {{ .Chart.Name }}-manager
-spec:
-  privileged: false
-  allowPrivilegeEscalation: false
-  hostNetwork: false
-  hostIPC: false
-  hostPID: false
-  runAsUser:
-    rule: 'MustRunAsNonRoot'
-  seLinux:
-    rule: 'RunAsAny'
-  supplementalGroups:
-    rule: 'MustRunAs'
-    ranges:
-      - min: 1
-        max: 65535
-  fsGroup:
-    rule: 'MustRunAs'
-    ranges:
-      - min: 1
-        max: 65535
-  readOnlyRootFilesystem: false
-  volumes:
-    - 'configMap'
-    - 'secret'
diff --git a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/values.yaml b/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/values.yaml
deleted file mode 100644
index 657ccacf8..000000000
--- a/charts/rancher-gatekeeper-crd/100.1.1+up3.7.1/values.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-# Default values for rancher-gatekeeper-crd.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-global:
-  cattle:
-    systemDefaultRegistry: ""
-
-image:
-  repository: rancher/kubectl
-  tag: v1.20.2
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/.helmignore b/charts/rancher-gatekeeper/100.1.1+up3.7.1/.helmignore
deleted file mode 100644
index f0c131944..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/.helmignore
+++ /dev/null
@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/CHANGELOG.md b/charts/rancher-gatekeeper/100.1.1+up3.7.1/CHANGELOG.md
deleted file mode 100644
index c68d23c24..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/CHANGELOG.md
+++ /dev/null
@@ -1,15 +0,0 @@
-# Changelog
-All notable changes from the upstream OPA Gatekeeper chart will be added to this file
-
-## [Package Version 00] - 2020-09-10
-### Added
-- Enabled the CRD chart generator in `package.yaml`
-
-### Modified
-- Updated namespace to `cattle-gatekeeper-system`
-- Updated for Helm 3 compatibility
-    - Moved crds to `crds` directory
-    - Removed `crd-install` hooks and templates from crds
-
-### Removed
-- Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/Chart.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/Chart.yaml
deleted file mode 100644
index 5ddc8ab45..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/Chart.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-annotations:
-  catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
-  catalog.cattle.io/certified: rancher
-  catalog.cattle.io/display-name: OPA Gatekeeper
-  catalog.cattle.io/kube-version: '>= 1.16.0-0'
-  catalog.cattle.io/namespace: cattle-gatekeeper-system
-  catalog.cattle.io/os: linux
-  catalog.cattle.io/permits-os: linux,windows
-  catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1
-  catalog.cattle.io/rancher-version: '>= 2.6.0-0 <= 2.6.100-0'
-  catalog.cattle.io/release-name: rancher-gatekeeper
-  catalog.cattle.io/type: cluster-tool
-  catalog.cattle.io/ui-component: gatekeeper
-apiVersion: v2
-appVersion: v3.7.1
-description: Modifies Open Policy Agent's upstream gatekeeper chart that provides
-  policy-based control for cloud native environments
-home: https://github.com/open-policy-agent/gatekeeper
-icon: https://charts.rancher.io/assets/logos/gatekeeper.svg
-keywords:
-- open policy agent
-- security
-name: rancher-gatekeeper
-sources:
-- https://github.com/open-policy-agent/gatekeeper.git
-version: 100.1.1+up3.7.1
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/README.md b/charts/rancher-gatekeeper/100.1.1+up3.7.1/README.md
deleted file mode 100644
index fb4361a25..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/README.md
+++ /dev/null
@@ -1,130 +0,0 @@
-# Gatekeeper Helm Chart
-
-## Get Repo Info
-
-```console
-helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
-helm repo update
-```
-
-_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
-
-## Install Chart
-
-```console
-# Helm install with gatekeeper-system namespace already created
-$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper
-
-# Helm install and create namespace
-$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper --create-namespace
-
-```
-
-_See [parameters](#parameters) below._
-
-_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
-
-## Upgrade Chart
-
-**Upgrading from < v3.4.0**
-Chart 3.4.0 deprecates support for Helm 2 and also removes the creation of the `gatekeeper-system` Namespace from within the chart. This follows Helm 3 Best Practices.
-
-Option 1:
-A simple way to upgrade is to uninstall first and re-install with 3.4.0 or greater.
-
-```console
-$ helm uninstall gatekeeper
-$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper --create-namespace
-
-```
-
-Option 2:
-Run the `helm_migrate.sh` script before installing the 3.4.0 or greater chart. This will remove the Helm secret for the original release, while keeping all of the resources. It then updates the annotations of the resources so that the new chart can import and manage them.
-
-```console
-$ helm_migrate.sh
-$ helm install -n gatekeeper-system gatekeeper gatekeeper/gatekeeper
-```
-
-**Upgrading from >= v3.4.0**
-```console
-$ helm upgrade -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper
-```
-
-_See [helm 2 to 3](https://helm.sh/docs/topics/v2_v3_migration/) for Helm 2 migration documentation._
-
-
-## Exempting Namespace
-
-The Helm chart automatically sets the Gatekeeper flag `--exempt-namespace={{ .Release.Namespace }}` in order to exempt the namespace where the chart is installed, and adds the `admission.gatekeeper.sh/ignore` label to the namespace during a post-install hook.
-
-_See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/website/docs/exempt-namespaces) for more information._
-
-## Parameters
-
-| Parameter                                    | Description                                                                            | Default                                                                   |
-|:---------------------------------------------|:---------------------------------------------------------------------------------------|:--------------------------------------------------------------------------|
-| postInstall.labelNamespace.enabled           | Add labels to the namespace during post install hooks                                  | `true`                                                                    |
-| postInstall.labelNamespace.image.repository  | Image with kubectl to label the namespace                                              | `openpolicyagent/gatekeeper-crds`                                         |
-| postInstall.labelNamespace.image.tag         | Image tag                                                                              | Current release version: `v3.7.1`                                  |
-| postInstall.labelNamespace.image.pullPolicy  | Image pullPolicy                                                                       | `IfNotPresent`                                                            |
-| postInstall.labelNamespace.image.pullSecrets | Image pullSecrets                                                                      | `[]`                                                                      |
-| psp.enabled                                  | Enabled PodSecurityPolicy                                                              | `true`                                                                    |
-| upgradeCRDs.enabled                          | Upgrade CRDs using pre-install/pre-upgrade hooks                                       | `true`                                                                    |
-| auditInterval                                | The frequency with which audit is run                                                  | `300`                                                                      |
-| constraintViolationsLimit                    | The maximum # of audit violations reported on a constraint                             | `20`                                                                      |
-| auditFromCache                               | Take the roster of resources to audit from the OPA cache                               | `false`                                                                   |
-| auditChunkSize                               | Chunk size for listing cluster resources for audit (alpha feature)                     | `0`                                                                       |
-| auditMatchKindOnly                           | Only check resources of the kinds specified in all constraints defined in the cluster. | `false`                                                                   |
-| disableValidatingWebhook                     | Disable the validating webhook                                                         | `false`                                                                   |
-| disableMutation                              | Disable mutation                                                                       | `false`                                                                   |
-| validatingWebhookTimeoutSeconds              | The timeout for the validating webhook in seconds                                      | `3`                                                                       |
-| validatingWebhookFailurePolicy               | The failurePolicy for the validating webhook                                           | `Ignore`                                                                  |
-| validatingWebhookCheckIgnoreFailurePolicy    | The failurePolicy for the check-ignore-label validating webhook                        | `Fail`                                                                    |
-| enableDeleteOperations                       | Enable validating webhook for delete operations                                        | `false`                                                                   |
-| enableExternalData                           | Enable external data (alpha feature)                                                   | `false`                                                                   |
-| mutatingWebhookFailurePolicy                 | The failurePolicy for the mutating webhook                                             | `Ignore`                                                                  |
-| mutatingWebhookTimeoutSeconds                | The timeout for the mutating webhook in seconds                                        | `3`                                                                       |
-| emitAdmissionEvents                          | Emit K8s events in gatekeeper namespace for admission violations (alpha feature)       | `false`                                                                   |
-| emitAuditEvents                              | Emit K8s events in gatekeeper namespace for audit violations (alpha feature)           | `false`                                                                   |
-| logDenies                                    | Log detailed info on each deny                                                         | `false`                                                                   |
-| logLevel                                     | Minimum log level                                                                      | `INFO`                                                                    |
-| image.pullPolicy                             | The image pull policy                                                                  | `IfNotPresent`                                                            |
-| image.repository                             | Image repository                                                                       | `openpolicyagent/gatekeeper`                                              |
-| image.release                                | The image release tag to use                                                           | Current release version: `v3.7.1`                                  |
-| image.pullSecrets                            | Specify an array of imagePullSecrets                                                   | `[]`                                                                      |
-| resources                                    | The resource request/limits for the container image                                    | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi                            |
-| nodeSelector                                 | The node selector to use for pod scheduling                                            | `kubernetes.io/os: linux`                                                 |
-| affinity                                     | The node affinity to use for pod scheduling                                            | `{}`                                                                      |
-| tolerations                                  | The tolerations to use for pod scheduling                                              | `[]`                                                                      |
-| controllerManager.healthPort                 | Health port for controller manager                                                     | `9090`                                                                    |
-| controllerManager.port                       | Webhook-server port for controller manager                                             | `8443`                                                                    |
-| controllerManager.metricsPort                | Metrics port for controller manager                                                    | `8888`                                                                    |
-| controllerManager.priorityClassName          | Priority class name for controller manager                                             | `system-cluster-critical`                                                 |
-| controllerManager.exemptNamespaces           | The exact namespaces to exempt by the admission webhook                                | `[]`                                                                      |
-| controllerManager.exemptNamespacePrefixes    | The namespace prefixes to exempt by the admission webhook                              | `[]`                                                                      |
-| controllerManager.hostNetwork                | Enables controllerManager to be deployed on hostNetwork                                | `false`                                                                   |
-| controllerManager.dnsPolicy                  | Set the dnsPolicy for controllerManager pods                                           | `ClusterFirst`                                                                 |
-| audit.priorityClassName                      | Priority class name for audit controller                                               | `system-cluster-critical`                                                 |
-| audit.hostNetwork                            | Enables audit to be deployed on hostNetwork                                            | `false`                                                                   |
-| audit.dnsPolicy                              | Set the dnsPolicy for audit pods                                                       | `ClusterFirst`                                                                 |
-| audit.healthPort                             | Health port for audit                                                                  | `9090`                                                                    |
-| audit.metricsPort                            | Metrics port for audit                                                                 | `8888`                                                                    |
-| replicas                                     | The number of Gatekeeper replicas to deploy for the webhook                            | `3`                                                                       |
-| podAnnotations                               | The annotations to add to the Gatekeeper pods                                          | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` |
-| podLabels                                    | The labels to add to the Gatekeeper pods                                               | `{}`                                                                      |
-| podCountLimit                                | The maximum number of Gatekeeper pods to run                                           | `100`                                                                     |
-| secretAnnotations                            | The annotations to add to the Gatekeeper secrets                                       | `{}`                                                                      |
-| pdb.controllerManager.minAvailable           | The number of controller manager pods that must still be available after an eviction   | `1`                                                                       |
-| service.type                                 | Service type                                                                           | `ClusterIP`                                                               |
-| service.loadBalancerIP                       | The IP address of LoadBalancer service                                                 | ``                                                                        |
-| rbac.create                                  | Enable the creation of RBAC resources                                                  | `true`                                                                    |
-
-## Contributing Changes
-
-This Helm chart is autogenerated from the Gatekeeper static manifest. The
-generator code lives under `cmd/build/helmify`. To make modifications to this
-template, please edit `kustomization.yaml`, `kustomize-for-helm.yaml` and
-`replacements.go` under that directory and then run `make manifests`. Your
-changes will show up in the `manifest_staging` directory and will be promoted
-to the root `charts` directory the next time a Gatekeeper release is cut.
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/app-readme.md b/charts/rancher-gatekeeper/100.1.1+up3.7.1/app-readme.md
deleted file mode 100644
index d44cf7b2b..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/app-readme.md
+++ /dev/null
@@ -1,14 +0,0 @@
-# Rancher OPA Gatekeeper
-
-This chart is based off of the upstream [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper/tree/master/charts/gatekeeper) chart.
-
-For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/opa-gatekeper/).
-
-The chart installs the following components:
-
-- OPA Gatekeeper Controller-Manager - OPA Gatekeeper is a policy engine for providing policy based governance for Kubernetes clusters. The controller installs as a [validating admission controller webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook) on the cluster and intercepts all admission requests that create, update or delete a resource in the cluster.
-- [Audit](https://github.com/open-policy-agent/gatekeeper#audit) - A periodic audit of the cluster resources against the enforced policies. Any existing resource that violates a policy will be recorded as violations.
-- [Constraint Template](https://github.com/open-policy-agent/gatekeeper#constraint-templates) - A template is a CRD (`ConstraintTemplate`) that defines the schema and Rego logic of a policy to be applied to the cluster by Gatekeeper's admission controller webhook. This chart installs a few default `ConstraintTemplate` custom resources.
-- [Constraint](https://github.com/open-policy-agent/gatekeeper#constraints) - A constraint is a custom resource that defines the scope of resources which a specific constraint template should apply to. The complete policy is defined by a combination of `ConstraintTemplates` (i.e. what the policy is) and `Constraints` (i.e. what resource to apply the policy to).
-
-For more information on how to configure the Helm chart, refer to the Helm README.
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/_helpers.tpl b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/_helpers.tpl
deleted file mode 100644
index 3d2366b3d..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/_helpers.tpl
+++ /dev/null
@@ -1,64 +0,0 @@
-
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "gatekeeper.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "gatekeeper.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "gatekeeper.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Adds additional pod labels to the common ones
-*/}}
-{{- define "gatekeeper.podLabels" -}}
-{{- if .Values.podLabels }}
-{{- toYaml .Values.podLabels | nindent 8 }}
-{{- end }}
-{{- end -}}
-
-{{- define "system_default_registry" -}}
-{{- if .Values.global.cattle.systemDefaultRegistry -}}
-{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
-{{- else -}}
-{{- "" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Windows cluster will add default taint for linux nodes,
-add below linux tolerations to workloads could be scheduled to those linux nodes
-*/}}
-{{- define "linux-node-tolerations" -}}
-- key: "cattle.io/os"
-  value: "linux"
-  effect: "NoSchedule"
-  operator: "Equal"
-{{- end -}}
-
-{{- define "linux-node-selector" -}}
-kubernetes.io/os: linux
-{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/allowedrepos.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/allowedrepos.yaml
deleted file mode 100644
index 9abb84ecb..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/allowedrepos.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-apiVersion: templates.gatekeeper.sh/v1beta1
-kind: ConstraintTemplate
-metadata:
-  name: k8sallowedrepos
-spec:
-  crd:
-    spec:
-      names:
-        kind: K8sAllowedRepos
-      validation:
-        # Schema for the `parameters` field
-        openAPIV3Schema:
-          properties:
-            repos:
-              type: array
-              items:
-                type: string
-  targets:
-    - target: admission.k8s.gatekeeper.sh
-      rego: |
-        package k8sallowedrepos
-
-        violation[{"msg": msg}] {
-          container := input.review.object.spec.containers[_]
-          satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)]
-          not any(satisfied)
-          msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos])
-        }
-
-        violation[{"msg": msg}] {
-          container := input.review.object.spec.initContainers[_]
-          satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)]
-          not any(satisfied)
-          msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos])
-        }
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-admin-podsecuritypolicy.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-admin-podsecuritypolicy.yaml
deleted file mode 100644
index eee2ac964..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-admin-podsecuritypolicy.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-{{- if .Values.psp.enabled }}
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
-  labels:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
-  name: gatekeeper-admin
-spec:
-  allowPrivilegeEscalation: false
-  fsGroup:
-    ranges:
-    - max: 65535
-      min: 1
-    rule: MustRunAs
-  requiredDropCapabilities:
-  - ALL
-  runAsUser:
-    rule: MustRunAsNonRoot
-  seLinux:
-    rule: RunAsAny
-  supplementalGroups:
-    ranges:
-    - max: 65535
-      min: 1
-    rule: MustRunAs
-  volumes:
-  - configMap
-  - projected
-  - secret
-  - downwardAPI
-  - emptyDir
-{{- end }}
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-admin-serviceaccount.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-admin-serviceaccount.yaml
deleted file mode 100644
index 4b68998cb..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-admin-serviceaccount.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
-  name: gatekeeper-admin
-  namespace: '{{ .Release.Namespace }}'
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-audit-deployment.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-audit-deployment.yaml
deleted file mode 100644
index c3206d235..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-audit-deployment.yaml
+++ /dev/null
@@ -1,126 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    control-plane: audit-controller
-    gatekeeper.sh/operation: audit
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
-  name: gatekeeper-audit
-  namespace: '{{ .Release.Namespace }}'
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: '{{ template "gatekeeper.name" . }}'
-      chart: '{{ template "gatekeeper.name" . }}'
-      control-plane: audit-controller
-      gatekeeper.sh/operation: audit
-      gatekeeper.sh/system: "yes"
-      heritage: '{{ .Release.Service }}'
-      release: '{{ .Release.Name }}'
-  template:
-    metadata:
-      annotations:
-        {{- toYaml .Values.podAnnotations | trim | nindent 8 }}
-      labels:
-{{- include "gatekeeper.podLabels" . }}
-        app: '{{ template "gatekeeper.name" . }}'
-        chart: '{{ template "gatekeeper.name" . }}'
-        control-plane: audit-controller
-        gatekeeper.sh/operation: audit
-        gatekeeper.sh/system: "yes"
-        heritage: '{{ .Release.Service }}'
-        release: '{{ .Release.Name }}'
-    spec:
-      affinity:
-        {{- toYaml .Values.audit.affinity | nindent 8 }}
-      automountServiceAccountToken: true
-      containers:
-      - args:
-        - --audit-interval={{ .Values.auditInterval }}
-        - --log-level={{ .Values.logLevel }}
-        - --constraint-violations-limit={{ .Values.constraintViolationsLimit }}
-        - --audit-from-cache={{ .Values.auditFromCache }}
-        - --audit-chunk-size={{ .Values.auditChunkSize }}
-        - --audit-match-kind-only={{ .Values.auditMatchKindOnly }}
-        - --emit-audit-events={{ .Values.emitAuditEvents }}
-        - --operation=audit
-        - --operation=status
-        {{ if not .Values.disableMutation}}- --operation=mutation-status{{- end }}
-        - --logtostderr
-        - --health-addr=:{{ .Values.audit.healthPort }}
-        - --prometheus-port={{ .Values.audit.metricsPort }}
-        - --enable-external-data={{ .Values.enableExternalData }}
-        command:
-        - /manager
-        env:
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        image: '{{ template "system_default_registry" . }}{{ .Values.images.gatekeeper.repository }}:{{ .Values.images.gatekeeper.tag }}'
-        imagePullPolicy: '{{ .Values.images.pullPolicy }}'
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: {{ .Values.audit.healthPort }}
-        name: manager
-        ports:
-        - containerPort: {{ .Values.audit.metricsPort }}
-          name: metrics
-          protocol: TCP
-        - containerPort: {{ .Values.audit.healthPort }}
-          name: healthz
-          protocol: TCP
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: {{ .Values.audit.healthPort }}
-        resources:
-          {{- toYaml .Values.audit.resources | nindent 10 }}
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - all
-          readOnlyRootFilesystem: true
-          runAsGroup: 999
-          runAsNonRoot: true
-          runAsUser: 1000
-        volumeMounts:
-        - mountPath: /tmp/audit
-          name: tmp-volume
-      dnsPolicy: {{ .Values.audit.dnsPolicy }}
-      hostNetwork: {{ .Values.audit.hostNetwork }}
-      imagePullSecrets:
-        {{- toYaml .Values.images.pullSecrets | nindent 8 }}
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-{{- if .Values.audit.nodeSelector }}
-{{ toYaml .Values.audit.nodeSelector | indent 8 }}
-{{- end }}
-      {{- if .Values.audit.priorityClassName }}
-      priorityClassName:  {{ .Values.audit.priorityClassName }}
-      {{- end }}
-      serviceAccountName: gatekeeper-admin
-      terminationGracePeriodSeconds: 60
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- if .Values.audit.tolerations }}
-{{ toYaml .Values.audit.tolerations | indent 8 }}
-{{- end }}
-      volumes:
-      {{- if .Values.audit.writeToRAMDisk }} 
-      - emptyDir:
-          medium: Memory
-      {{ else }} 
-      - emptyDir: {}
-      {{- end }}
-        name: tmp-volume
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-controller-manager-deployment.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-controller-manager-deployment.yaml
deleted file mode 100644
index 43b84819c..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-controller-manager-deployment.yaml
+++ /dev/null
@@ -1,136 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    control-plane: controller-manager
-    gatekeeper.sh/operation: webhook
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
-  name: gatekeeper-controller-manager
-  namespace: '{{ .Release.Namespace }}'
-spec:
-  replicas: {{ .Values.replicas }}
-  selector:
-    matchLabels:
-      app: '{{ template "gatekeeper.name" . }}'
-      chart: '{{ template "gatekeeper.name" . }}'
-      control-plane: controller-manager
-      gatekeeper.sh/operation: webhook
-      gatekeeper.sh/system: "yes"
-      heritage: '{{ .Release.Service }}'
-      release: '{{ .Release.Name }}'
-  template:
-    metadata:
-      annotations:
-        {{- toYaml .Values.podAnnotations | trim | nindent 8 }}
-      labels:
-{{- include "gatekeeper.podLabels" . }}
-        app: '{{ template "gatekeeper.name" . }}'
-        chart: '{{ template "gatekeeper.name" . }}'
-        control-plane: controller-manager
-        gatekeeper.sh/operation: webhook
-        gatekeeper.sh/system: "yes"
-        heritage: '{{ .Release.Service }}'
-        release: '{{ .Release.Name }}'
-    spec:
-      affinity:
-        {{- toYaml .Values.controllerManager.affinity | nindent 8 }}
-      automountServiceAccountToken: true
-      containers:
-      - args:
-        - --port={{ .Values.controllerManager.port }}
-        - --health-addr=:{{ .Values.controllerManager.healthPort }}
-        - --prometheus-port={{ .Values.controllerManager.metricsPort }}
-        - --logtostderr
-        - --log-denies={{ .Values.logDenies }}
-        - --emit-admission-events={{ .Values.emitAdmissionEvents }}
-        - --log-level={{ .Values.logLevel }}
-        - --exempt-namespace={{ .Release.Namespace }}
-        - --operation=webhook
-        - --enable-external-data={{ .Values.enableExternalData }}
-        {{ if not .Values.disableMutation}}- --operation=mutation-webhook{{- end }}
-        
-        {{- range .Values.disabledBuiltins}}
-        - --disable-opa-builtin={{ . }}
-        {{- end }}
-        
-        {{- range .Values.controllerManager.exemptNamespaces}}
-        - --exempt-namespace={{ . }}
-        {{- end }}
-        
-        {{- range .Values.controllerManager.exemptNamespacePrefixes}}
-        - --exempt-namespace-prefix={{ . }}
-        {{- end }}
-        command:
-        - /manager
-        env:
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        image: '{{ template "system_default_registry" . }}{{ .Values.images.gatekeeper.repository }}:{{ .Values.images.gatekeeper.tag }}'
-        imagePullPolicy: '{{ .Values.images.pullPolicy }}'
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: {{ .Values.controllerManager.healthPort }}
-        name: manager
-        ports:
-        - containerPort: {{ .Values.controllerManager.port }}
-          name: webhook-server
-          protocol: TCP
-        - containerPort: {{ .Values.controllerManager.metricsPort }}
-          name: metrics
-          protocol: TCP
-        - containerPort: {{ .Values.controllerManager.healthPort }}
-          name: healthz
-          protocol: TCP
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: {{ .Values.controllerManager.healthPort }}
-        resources:
-          {{- toYaml .Values.controllerManager.resources | nindent 10 }}
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - all
-          readOnlyRootFilesystem: true
-          runAsGroup: 999
-          runAsNonRoot: true
-          runAsUser: 1000
-        volumeMounts:
-        - mountPath: /certs
-          name: cert
-          readOnly: true
-      dnsPolicy: {{ .Values.controllerManager.dnsPolicy }}
-      hostNetwork: {{ .Values.controllerManager.hostNetwork }}
-      imagePullSecrets:
-        {{- toYaml .Values.images.pullSecrets | nindent 8 }}
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-{{- if .Values.controllerManager.nodeSelector }}
-{{ toYaml .Values.controllerManager.nodeSelector | indent 8 }}
-{{- end }}
-      {{- if .Values.controllerManager.priorityClassName }} 
-      priorityClassName:  {{ .Values.controllerManager.priorityClassName }}
-      {{- end }}
-      serviceAccountName: gatekeeper-admin
-      terminationGracePeriodSeconds: 60
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- if .Values.controllerManager.tolerations }}
-{{ toYaml .Values.controllerManager.tolerations | indent 8 }}
-{{- end }}
-      volumes:
-      - name: cert
-        secret:
-          defaultMode: 420
-          secretName: gatekeeper-webhook-server-cert
\ No newline at end of file
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml
deleted file mode 100644
index 53e564a74..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }}
-apiVersion: policy/v1
-{{ else }}
-apiVersion: policy/v1beta1
-{{ end -}}
-kind: PodDisruptionBudget
-metadata:
-  labels:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
-  name: gatekeeper-controller-manager
-  namespace: '{{ .Release.Namespace }}'
-spec:
-  minAvailable: {{ .Values.pdb.controllerManager.minAvailable }}
-  selector:
-    matchLabels:
-      app: '{{ template "gatekeeper.name" . }}'
-      chart: '{{ template "gatekeeper.name" . }}'
-      control-plane: controller-manager
-      gatekeeper.sh/operation: webhook
-      gatekeeper.sh/system: "yes"
-      heritage: '{{ .Release.Service }}'
-      release: '{{ .Release.Name }}'
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-critical-pods-resourcequota.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-critical-pods-resourcequota.yaml
deleted file mode 100644
index 154646366..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-critical-pods-resourcequota.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-{{- if .Values.resourceQuota }}
-apiVersion: v1
-kind: ResourceQuota
-metadata:
-  labels:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
-  name: gatekeeper-critical-pods
-  namespace: '{{ .Release.Namespace }}'
-spec:
-  hard:
-    pods: {{ .Values.podCountLimit }}
-  scopeSelector:
-    matchExpressions:
-    - operator: In
-      scopeName: PriorityClass
-      values:
-      - {{ .Values.controllerManager.priorityClassName }}
-      - {{ .Values.audit.priorityClassName }}
-{{- end }}
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-manager-role-clusterrole.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-manager-role-clusterrole.yaml
deleted file mode 100644
index 2ccd9f067..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-manager-role-clusterrole.yaml
+++ /dev/null
@@ -1,165 +0,0 @@
-{{- if .Values.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  creationTimestamp: null
-  labels:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
-  name: gatekeeper-manager-role
-rules:
-- apiGroups:
-  - '*'
-  resources:
-  - '*'
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - admissionregistration.k8s.io
-  resourceNames:
-  - gatekeeper-mutating-webhook-configuration
-  resources:
-  - mutatingwebhookconfigurations
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - config.gatekeeper.sh
-  resources:
-  - configs
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - config.gatekeeper.sh
-  resources:
-  - configs/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - constraints.gatekeeper.sh
-  resources:
-  - '*'
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - externaldata.gatekeeper.sh
-  resources:
-  - providers
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - mutations.gatekeeper.sh
-  resources:
-  - '*'
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - policy
-  resourceNames:
-  - gatekeeper-admin
-  resources:
-  - podsecuritypolicies
-  verbs:
-  - use
-- apiGroups:
-  - status.gatekeeper.sh
-  resources:
-  - '*'
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - templates.gatekeeper.sh
-  resources:
-  - constrainttemplates
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - templates.gatekeeper.sh
-  resources:
-  - constrainttemplates/finalizers
-  verbs:
-  - delete
-  - get
-  - patch
-  - update
-- apiGroups:
-  - templates.gatekeeper.sh
-  resources:
-  - constrainttemplates/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - admissionregistration.k8s.io
-  resourceNames:
-  - gatekeeper-validating-webhook-configuration
-  resources:
-  - validatingwebhookconfigurations
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-{{- end }}
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-manager-role-role.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-manager-role-role.yaml
deleted file mode 100644
index 25b2e702f..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-manager-role-role.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-{{- if .Values.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  creationTimestamp: null
-  labels:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
-  name: gatekeeper-manager-role
-  namespace: '{{ .Release.Namespace }}'
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-{{- end }}
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml
deleted file mode 100644
index 1fb9f6c87..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-{{- if .Values.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
-  name: gatekeeper-manager-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: gatekeeper-manager-role
-subjects:
-- kind: ServiceAccount
-  name: gatekeeper-admin
-  namespace: '{{ .Release.Namespace }}'
-{{- end }}
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-manager-rolebinding-rolebinding.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-manager-rolebinding-rolebinding.yaml
deleted file mode 100644
index fbe9580d5..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-manager-rolebinding-rolebinding.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-{{- if .Values.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
-  name: gatekeeper-manager-rolebinding
-  namespace: '{{ .Release.Namespace }}'
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: gatekeeper-manager-role
-subjects:
-- kind: ServiceAccount
-  name: gatekeeper-admin
-  namespace: '{{ .Release.Namespace }}'
-{{- end }}
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml
deleted file mode 100644
index 19e68b0cb..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-{{- if not .Values.disableMutation }}
-apiVersion: admissionregistration.k8s.io/v1
-kind: MutatingWebhookConfiguration
-metadata:
-  labels:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
-  name: gatekeeper-mutating-webhook-configuration
-webhooks:
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: gatekeeper-webhook-service
-      namespace: '{{ .Release.Namespace }}'
-      path: /v1/mutate
-  failurePolicy: {{ .Values.mutatingWebhookFailurePolicy }}
-  matchPolicy: Exact
-  name: mutation.gatekeeper.sh
-  namespaceSelector:
-    matchExpressions:
-    - key: admission.gatekeeper.sh/ignore
-      operator: DoesNotExist
-  rules:
-  - apiGroups:
-    - '*'
-    apiVersions:
-    - '*'
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - '*'
-  sideEffects: None
-  timeoutSeconds: {{ .Values.mutatingWebhookTimeoutSeconds }}
-{{- end }}
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
deleted file mode 100644
index 4ab0e97d6..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
+++ /dev/null
@@ -1,66 +0,0 @@
-{{- if not .Values.disableValidatingWebhook }}
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-  labels:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
-  name: gatekeeper-validating-webhook-configuration
-webhooks:
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: gatekeeper-webhook-service
-      namespace: '{{ .Release.Namespace }}'
-      path: /v1/admit
-  failurePolicy: {{ .Values.validatingWebhookFailurePolicy }}
-  matchPolicy: Exact
-  name: validation.gatekeeper.sh
-  namespaceSelector:
-    matchExpressions:
-    - key: admission.gatekeeper.sh/ignore
-      operator: DoesNotExist
-  rules:
-  - apiGroups:
-    - '*'
-    apiVersions:
-    - '*'
-    operations: 
-    - CREATE
-    - UPDATE
-    {{- if .Values.enableDeleteOperations }}
-    - DELETE
-    {{- end}}
-    resources:
-    - '*'
-  sideEffects: None
-  timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }}
-- admissionReviewVersions:
-  - v1
-  - v1beta1
-  clientConfig:
-    service:
-      name: gatekeeper-webhook-service
-      namespace: '{{ .Release.Namespace }}'
-      path: /v1/admitlabel
-  failurePolicy: {{ .Values.validatingWebhookCheckIgnoreFailurePolicy }}
-  matchPolicy: Exact
-  name: check-ignore-label.gatekeeper.sh
-  rules:
-  - apiGroups:
-    - ""
-    apiVersions:
-    - '*'
-    operations:
-    - CREATE
-    - UPDATE
-    resources:
-    - namespaces
-  sideEffects: None
-  timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }}
-{{- end }}
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-webhook-server-cert-secret.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-webhook-server-cert-secret.yaml
deleted file mode 100644
index d6e906a99..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-webhook-server-cert-secret.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  annotations: {{- toYaml .Values.secretAnnotations | trim | nindent 4 }}
-  labels:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
-  name: gatekeeper-webhook-server-cert
-  namespace: '{{ .Release.Namespace }}'
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-webhook-service-service.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-webhook-service-service.yaml
deleted file mode 100644
index f8f72b62e..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/gatekeeper-webhook-service-service.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
-  name: gatekeeper-webhook-service
-  namespace: '{{ .Release.Namespace }}'
-spec:
-  {{- if .Values.service }}
-  type: {{  .Values.service.type | default "ClusterIP" }}
-    {{- if .Values.service.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
-    {{- end }}
-  {{- end }}
-  ports:
-  - name: https-webhook-server
-    port: 443
-    targetPort: webhook-server
-  selector:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    control-plane: controller-manager
-    gatekeeper.sh/operation: webhook
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/namespace-post-install.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/namespace-post-install.yaml
deleted file mode 100644
index be106f4d9..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/namespace-post-install.yaml
+++ /dev/null
@@ -1,109 +0,0 @@
-{{- if .Values.postInstall.labelNamespace.enabled }}
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: gatekeeper-update-namespace-label
-  labels:
-    app: '{{ template "gatekeeper.name" . }}'
-    chart: '{{ template "gatekeeper.name" . }}'
-    gatekeeper.sh/system: "yes"
-    heritage: '{{ .Release.Service }}'
-    release: '{{ .Release.Name }}'
-  annotations:
-    "helm.sh/hook": post-install
-    "helm.sh/hook-weight": "-5"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-spec:
-  template:
-    metadata:
-      labels:
-        app: '{{ template "gatekeeper.name" . }}'
-        release: '{{ .Release.Name }}'
-    spec:
-      restartPolicy: OnFailure
-      {{- if .Values.postInstall.labelNamespace.image.pullSecrets }}
-      imagePullSecrets:
-      {{- .Values.postInstall.labelNamespace.image.pullSecrets | toYaml | nindent 12 }}
-      {{- end }}
-      serviceAccount: gatekeeper-update-namespace-label
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-      containers:
-        - name: kubectl-label
-          image: '{{ template "system_default_registry" . }}{{ .Values.postInstall.labelNamespace.image.repository }}:{{ .Values.postInstall.labelNamespace.image.tag }}'
-          imagePullPolicy: {{ .Values.postInstall.labelNamespace.image.pullPolicy }}
-          args:
-            - label
-            - ns
-            - {{ .Release.Namespace }}
-            - admission.gatekeeper.sh/ignore=no-self-managing
-            - --overwrite
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-              - all
-            readOnlyRootFilesystem: true
-            runAsGroup: 999
-            runAsNonRoot: true
-            runAsUser: 1000
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: gatekeeper-update-namespace-label
-  labels:
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    "helm.sh/hook": post-install
-    "helm.sh/hook-weight": "-5"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
----
-{{- if .Values.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: gatekeeper-update-namespace-label
-  labels:
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    "helm.sh/hook": post-install
-    "helm.sh/hook-weight": "-5"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - namespaces
-    verbs:
-      - get
-      - update
-      - patch
-    resourceNames:
-      - {{ .Release.Namespace }}
-{{- end }}
----
-{{- if .Values.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: gatekeeper-update-namespace-label
-  labels:
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    "helm.sh/hook": post-install
-    "helm.sh/hook-weight": "-5"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: gatekeeper-update-namespace-label
-subjects:
-  - kind: ServiceAccount
-    name: gatekeeper-update-namespace-label
-    namespace: {{ .Release.Namespace | quote }}
-{{- end }}
-{{- end }}
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/requiredlabels.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/requiredlabels.yaml
deleted file mode 100644
index e93e6a0a7..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/requiredlabels.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
-apiVersion: templates.gatekeeper.sh/v1beta1
-kind: ConstraintTemplate
-metadata:
-  name: k8srequiredlabels
-spec:
-  crd:
-    spec:
-      names:
-        kind: K8sRequiredLabels
-      validation:
-        # Schema for the `parameters` field
-        openAPIV3Schema:
-          properties:
-            message:
-              type: string
-            labels:
-              type: array
-              items:
-                type: object
-                properties:
-                  key:
-                    type: string
-                  allowedRegex:
-                    type: string
-  targets:
-    - target: admission.k8s.gatekeeper.sh
-      rego: |
-        package k8srequiredlabels
-
-        get_message(parameters, _default) = msg {
-          not parameters.message
-          msg := _default
-        }
-
-        get_message(parameters, _default) = msg {
-          msg := parameters.message
-        }
-
-        violation[{"msg": msg, "details": {"missing_labels": missing}}] {
-          provided := {label | input.review.object.metadata.labels[label]}
-          required := {label | label := input.parameters.labels[_].key}
-          missing := required - provided
-          count(missing) > 0
-          def_msg := sprintf("you must provide labels: %v", [missing])
-          msg := get_message(input.parameters, def_msg)
-        }
-
-        violation[{"msg": msg}] {
-          value := input.review.object.metadata.labels[key]
-          expected := input.parameters.labels[_]
-          expected.key == key
-          # do not match if allowedRegex is not defined, or is an empty string
-          expected.allowedRegex != ""
-          not re_match(expected.allowedRegex, value)
-          def_msg := sprintf("Label <%v: %v> does not satisfy allowed regex: %v", [key, value, expected.allowedRegex])
-          msg := get_message(input.parameters, def_msg)
-        }
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/upgrade-crds-hook.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/upgrade-crds-hook.yaml
deleted file mode 100644
index 4985d3257..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/upgrade-crds-hook.yaml
+++ /dev/null
@@ -1,103 +0,0 @@
-{{- if .Values.upgradeCRDs.enabled }}
-{{- if .Values.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: gatekeeper-admin-upgrade-crds
-  labels:
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    helm.sh/hook: pre-install,pre-upgrade
-    helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
-    helm.sh/hook-weight: "1"
-rules:
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["get", "create", "update", "patch"]
-{{- end }}
----
-{{- if .Values.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: gatekeeper-admin-upgrade-crds
-  labels:
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    helm.sh/hook: pre-install,pre-upgrade
-    helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
-    helm.sh/hook-weight: "1"
-subjects:
-  - kind: ServiceAccount
-    name: gatekeeper-admin-upgrade-crds
-    namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: ClusterRole
-  name: gatekeeper-admin-upgrade-crds
-  apiGroup: rbac.authorization.k8s.io
-{{- end }}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  name: gatekeeper-admin-upgrade-crds
-  namespace: '{{ .Release.Namespace }}'
-  annotations:
-    helm.sh/hook: pre-install,pre-upgrade
-    helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
-    helm.sh/hook-weight: "1"
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: gatekeeper-update-crds-hook
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: {{ template "gatekeeper.name" . }}
-    chart: {{ template "gatekeeper.name" . }}
-    gatekeeper.sh/system: "yes"
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
-  annotations:
-    helm.sh/hook: pre-install,pre-upgrade
-    helm.sh/hook-weight: "1"
-    helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
-spec:
-  backoffLimit: 0
-  template:
-    metadata:
-      name: gatekeeper-update-crds-hook
-    spec:
-      serviceAccountName: gatekeeper-admin-upgrade-crds
-      restartPolicy: Never
-      {{- if .Values.images.pullSecrets }}
-      imagePullSecrets:
-        {{- toYaml .Values.images.pullSecrets | nindent 8 }}
-      {{- end }}
-      containers:
-      - name: crds-upgrade
-        image: '{{ template "system_default_registry" . }}{{ .Values.images.gatekeepercrd.repository }}:{{ .Values.images.gatekeepercrd.tag }}'
-        imagePullPolicy: '{{ .Values.images.pullPolicy }}'
-        args:
-        - apply
-        - -f
-        - crds/
-        resources:
-          {{- toYaml .Values.crds.resources | nindent 10 }}
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - all
-          readOnlyRootFilesystem: true
-          runAsGroup: 65532
-          runAsNonRoot: true
-          runAsUser: 65532
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- end }}
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/validate-install-crd.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/validate-install-crd.yaml
deleted file mode 100644
index 033c3ddcf..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/templates/validate-install-crd.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
-# {{- $found := dict -}}
-# {{- set $found "mutations.gatekeeper.sh/v1alpha1/Assign" false -}}
-# {{- set $found "mutations.gatekeeper.sh/v1alpha1/AssignMetadata" false -}}
-# {{- set $found "config.gatekeeper.sh/v1alpha1/Config" false -}}
-# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintPodStatus" false -}}
-# {{- set $found "templates.gatekeeper.sh/v1/ConstraintTemplate" false -}}
-# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintTemplatePodStatus" false -}}
-# {{- set $found "mutations.gatekeeper.sh/v1alpha1/ModifySet" false -}}
-# {{- set $found "status.gatekeeper.sh/v1beta1/MutatorPodStatus" false -}}
-# {{- set $found "externaldata.gatekeeper.sh/v1alpha1/Provider" false -}}
-# {{- range .Capabilities.APIVersions -}}
-# {{- if hasKey $found (toString .) -}}
-# 	{{- set $found (toString .) true -}}
-# {{- end -}}
-# {{- end -}}
-# {{- range $_, $exists := $found -}}
-# {{- if (eq $exists false) -}}
-# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
-# {{- end -}}
-# {{- end -}}
-#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-gatekeeper/100.1.1+up3.7.1/values.yaml b/charts/rancher-gatekeeper/100.1.1+up3.7.1/values.yaml
deleted file mode 100644
index 1df7b3032..000000000
--- a/charts/rancher-gatekeeper/100.1.1+up3.7.1/values.yaml
+++ /dev/null
@@ -1,108 +0,0 @@
-replicas: 3
-auditInterval: 300
-auditMatchKindOnly: false
-constraintViolationsLimit: 20
-auditFromCache: false
-disableMutation: false
-disableValidatingWebhook: false
-validatingWebhookTimeoutSeconds: 3
-validatingWebhookFailurePolicy: Ignore
-validatingWebhookCheckIgnoreFailurePolicy: Fail
-enableDeleteOperations: false
-enableExternalData: false
-mutatingWebhookFailurePolicy: Ignore
-mutatingWebhookTimeoutSeconds: 3
-auditChunkSize: 500
-logLevel: INFO
-logDenies: false
-emitAdmissionEvents: false
-emitAuditEvents: false
-resourceQuota: true
-postInstall:
-  labelNamespace:
-    enabled: true
-    image:
-      repository: rancher/kubectl
-      tag: v1.20.2
-      pullPolicy: IfNotPresent
-      pullSecrets: []
-images:
-  gatekeeper:
-    repository: rancher/mirrored-openpolicyagent-gatekeeper
-    tag: v3.7.1
-  gatekeepercrd:
-    repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
-    tag: v3.7.1
-  pullPolicy: IfNotPresent
-  pullSecrets: []
-podAnnotations:
-  { container.seccomp.security.alpha.kubernetes.io/manager: runtime/default }
-podLabels: {}
-podCountLimit: 100
-secretAnnotations: {}
-controllerManager:
-  exemptNamespaces: []
-  exemptNamespacePrefixes: []
-  hostNetwork: false
-  dnsPolicy: ClusterFirst
-  port: 8443
-  metricsPort: 8888
-  healthPort: 9090
-  priorityClassName: system-cluster-critical
-  affinity:
-    podAntiAffinity:
-      preferredDuringSchedulingIgnoredDuringExecution:
-        - podAffinityTerm:
-            labelSelector:
-              matchExpressions:
-                - key: gatekeeper.sh/operation
-                  operator: In
-                  values:
-                    - webhook
-            topologyKey: kubernetes.io/hostname
-          weight: 100
-  tolerations: []
-  nodeSelector: {}
-  resources:
-    limits:
-      cpu: 1000m
-      memory: 512Mi
-    requests:
-      cpu: 100m
-      memory: 256Mi
-audit:
-  hostNetwork: false
-  dnsPolicy: ClusterFirst
-  metricsPort: 8888
-  healthPort: 9090
-  priorityClassName: system-cluster-critical
-  affinity: {}
-  tolerations: []
-  nodeSelector: {}
-  writeToRAMDisk: false
-  resources:
-    limits:
-      cpu: 1000m
-      memory: 512Mi
-    requests:
-      cpu: 100m
-      memory: 256Mi
-crds:
-  resources: {}
-pdb:
-  controllerManager:
-    minAvailable: 1
-global:
-  cattle:
-    systemDefaultRegistry: ""
-  kubectl:
-    repository: rancher/kubectl
-    tag: v1.20.2
-service: {}
-disabledBuiltins:
-psp:
-  enabled: true
-upgradeCRDs:
-  enabled: true
-rbac:
-  create: true
diff --git a/index.yaml b/index.yaml
index c10366042..d8a74e3d3 100755
--- a/index.yaml
+++ b/index.yaml
@@ -3214,36 +3214,6 @@ entries:
     - assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.400.tgz
     version: 0.1.400
   rancher-gatekeeper:
-  - annotations:
-      catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
-      catalog.cattle.io/certified: rancher
-      catalog.cattle.io/display-name: OPA Gatekeeper
-      catalog.cattle.io/kube-version: '>= 1.16.0-0'
-      catalog.cattle.io/namespace: cattle-gatekeeper-system
-      catalog.cattle.io/os: linux
-      catalog.cattle.io/permits-os: linux,windows
-      catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1
-      catalog.cattle.io/rancher-version: '>= 2.6.0-0 <= 2.6.100-0'
-      catalog.cattle.io/release-name: rancher-gatekeeper
-      catalog.cattle.io/type: cluster-tool
-      catalog.cattle.io/ui-component: gatekeeper
-    apiVersion: v2
-    appVersion: v3.7.1
-    created: "2022-05-26T11:32:02.81913-04:00"
-    description: Modifies Open Policy Agent's upstream gatekeeper chart that provides
-      policy-based control for cloud native environments
-    digest: 041e8c5e0c7e5082447d0c77a5be74ca925ec63d02b1f9fca79b2b8142b08ab3
-    home: https://github.com/open-policy-agent/gatekeeper
-    icon: https://charts.rancher.io/assets/logos/gatekeeper.svg
-    keywords:
-    - open policy agent
-    - security
-    name: rancher-gatekeeper
-    sources:
-    - https://github.com/open-policy-agent/gatekeeper.git
-    urls:
-    - assets/rancher-gatekeeper/rancher-gatekeeper-100.1.1+up3.7.1.tgz
-    version: 100.1.1+up3.7.1
   - annotations:
       catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
       catalog.cattle.io/certified: rancher
@@ -3464,20 +3434,6 @@ entries:
     - assets/rancher-gatekeeper/rancher-gatekeeper-3.1.100.tgz
     version: 3.1.100
   rancher-gatekeeper-crd:
-  - annotations:
-      catalog.cattle.io/certified: rancher
-      catalog.cattle.io/hidden: "true"
-      catalog.cattle.io/namespace: cattle-gatekeeper-system
-      catalog.cattle.io/release-name: rancher-gatekeeper-crd
-    apiVersion: v1
-    created: "2022-05-26T11:32:02.823966-04:00"
-    description: Installs the CRDs for rancher-gatekeeper.
-    digest: 6c4eb927da74e60256f616780f2be8d00f9038cc62af91fd499bc766d9c254e0
-    name: rancher-gatekeeper-crd
-    type: application
-    urls:
-    - assets/rancher-gatekeeper-crd/rancher-gatekeeper-crd-100.1.1+up3.7.1.tgz
-    version: 100.1.1+up3.7.1
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"

From fb78bc1e0759305125d3e2a6ca445b22ff646cb0 Mon Sep 17 00:00:00 2001
From: Vaishnav Gaikwad <vaishnavgaikwad721@gmail.com>
Date: Fri, 17 Jun 2022 15:19:46 +0530
Subject: [PATCH 03/10] make charts

---
 ...rancher-gatekeeper-crd-100.2.0+up3.8.1.tgz | Bin 0 -> 10334 bytes
 .../rancher-gatekeeper-100.2.0+up3.8.1.tgz    | Bin 0 -> 12114 bytes
 .../100.2.0+up3.8.1/Chart.yaml                |  10 +
 .../100.2.0+up3.8.1/README.md                 |   2 +
 .../assign-customresourcedefinition.yaml      | 498 ++++++++++++++++++
 ...signmetadata-customresourcedefinition.yaml | 430 +++++++++++++++
 .../config-customresourcedefinition.yaml      | 105 ++++
 ...intpodstatus-customresourcedefinition.yaml |  67 +++
 ...ainttemplate-customresourcedefinition.yaml | 303 +++++++++++
 ...atepodstatus-customresourcedefinition.yaml |  66 +++
 .../modifyset-customresourcedefinition.yaml   | 450 ++++++++++++++++
 ...torpodstatus-customresourcedefinition.yaml |  65 +++
 .../provider-customresourcedefinition.yaml    |  44 ++
 .../100.2.0+up3.8.1/templates/_helpers.tpl    |  22 +
 .../100.2.0+up3.8.1/templates/jobs.yaml       | 108 ++++
 .../100.2.0+up3.8.1/templates/manifest.yaml   |  14 +
 .../100.2.0+up3.8.1/templates/rbac.yaml       |  72 +++
 .../100.2.0+up3.8.1/values.yaml               |  11 +
 .../100.2.0+up3.8.1/.helmignore               |  21 +
 .../100.2.0+up3.8.1/CHANGELOG.md              |  15 +
 .../100.2.0+up3.8.1/Chart.yaml                |  26 +
 .../100.2.0+up3.8.1/README.md                 | 143 +++++
 .../100.2.0+up3.8.1/app-readme.md             |  14 +
 .../100.2.0+up3.8.1/templates/_helpers.tpl    |  64 +++
 .../templates/allowedrepos.yaml               |  35 ++
 .../gatekeeper-admin-podsecuritypolicy.yaml   |  38 ++
 .../gatekeeper-admin-serviceaccount.yaml      |  11 +
 .../gatekeeper-audit-deployment.yaml          | 119 +++++
 ...ekeeper-controller-manager-deployment.yaml | 132 +++++
 ...ontroller-manager-poddisruptionbudget.yaml |  26 +
 ...atekeeper-critical-pods-resourcequota.yaml |  23 +
 .../gatekeeper-manager-role-clusterrole.yaml  | 165 ++++++
 .../gatekeeper-manager-role-role.yaml         |  34 ++
 ...anager-rolebinding-clusterrolebinding.yaml |  20 +
 ...eeper-manager-rolebinding-rolebinding.yaml |  21 +
 ...guration-mutatingwebhookconfiguration.yaml |  51 ++
 ...ration-validatingwebhookconfiguration.yaml |  76 +++
 ...gatekeeper-webhook-server-cert-secret.yaml |  12 +
 .../gatekeeper-webhook-service-service.yaml   |  38 ++
 .../templates/namespace-post-install.yaml     | 102 ++++
 .../templates/requiredlabels.yaml             |  57 ++
 .../templates/upgrade-crds-hook.yaml          |  96 ++++
 .../templates/validate-install-crd.yaml       |  22 +
 .../templates/webhook-configs-pre-delete.yaml | 114 ++++
 .../100.2.0+up3.8.1/values.yaml               | 169 ++++++
 index.yaml                                    |  44 ++
 46 files changed, 3955 insertions(+)
 create mode 100644 assets/rancher-gatekeeper-crd/rancher-gatekeeper-crd-100.2.0+up3.8.1.tgz
 create mode 100644 assets/rancher-gatekeeper/rancher-gatekeeper-100.2.0+up3.8.1.tgz
 create mode 100644 charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/Chart.yaml
 create mode 100644 charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/README.md
 create mode 100644 charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/assign-customresourcedefinition.yaml
 create mode 100644 charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/assignmetadata-customresourcedefinition.yaml
 create mode 100644 charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/config-customresourcedefinition.yaml
 create mode 100644 charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/constraintpodstatus-customresourcedefinition.yaml
 create mode 100644 charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/constrainttemplate-customresourcedefinition.yaml
 create mode 100644 charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml
 create mode 100644 charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/modifyset-customresourcedefinition.yaml
 create mode 100644 charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml
 create mode 100644 charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/provider-customresourcedefinition.yaml
 create mode 100644 charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/templates/_helpers.tpl
 create mode 100644 charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/templates/jobs.yaml
 create mode 100644 charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/templates/manifest.yaml
 create mode 100644 charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/templates/rbac.yaml
 create mode 100644 charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/values.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/.helmignore
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/CHANGELOG.md
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/Chart.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/README.md
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/app-readme.md
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/_helpers.tpl
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/allowedrepos.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-admin-podsecuritypolicy.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-admin-serviceaccount.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-audit-deployment.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-controller-manager-deployment.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-critical-pods-resourcequota.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-manager-role-clusterrole.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-manager-role-role.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-manager-rolebinding-rolebinding.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-webhook-server-cert-secret.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-webhook-service-service.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/namespace-post-install.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/requiredlabels.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/upgrade-crds-hook.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/validate-install-crd.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/webhook-configs-pre-delete.yaml
 create mode 100644 charts/rancher-gatekeeper/100.2.0+up3.8.1/values.yaml

diff --git a/assets/rancher-gatekeeper-crd/rancher-gatekeeper-crd-100.2.0+up3.8.1.tgz b/assets/rancher-gatekeeper-crd/rancher-gatekeeper-crd-100.2.0+up3.8.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..a2d369adb18b696b56bdf3d354cb05a3fc6a293a
GIT binary patch
literal 10334
zcmZ{KRa6~8(=8e-gaE<e5S-xd9$bREySuwfaEIXT8r<a|!JUJ<JHhq*kng+yy7%GE
zL-n4Ts_I^=d%C*z3}FQP7l`)@{0)LyUtEE~P+W#h+MSctfLVpXNRicCLy?nBRz-zP
zM%Btf-^R#YN#2%M+}O$*;>6q25s&@%`D>-@RR0()Su3%~Vshq4nWm=3h{WN5i;~aI
zd~!k^jHv*c7_f)NFK(3d^{jXjVz1v_eij(*?<+h8ktzyp=EVL82ag6PMHPaScR*H%
zfB_T;5}Qa7E}2TJ$m=@I8rZ(PKTM#wcjW=7f}>>tyf4d_31Sp6gR)ssvRN<IUS1AN
zd=Ge$wwueD-;%<^x}scPRT}Jd#fj}lG2|l$9e%@o{wzY=i47}U8WxSsk60pSHEzZM
z$*p2hN2`uK?FI!+rodG)hL(Vlgn)1WGYZ_wNw6$EC~M5fK_!d-<opmBHte@bg76fK
zION9TU%uTDJ1kHmyb0c~RU!>1Eg=iuw;d-PZ7C@=s|P(IH2gS#5sw$95r{t3ZlMRn
z4CagFUxI%m4CbGU4SJ%imcJ+hpSy_VC3k5N{Hh+n_dD{=ul$}&w^v}k>GjRXaS7aS
z4BBf9tk*f%r!NF+w7+1;{kyw<=yu?bx2T~On!!6_%4cpyen3V2QWd6Wgei{@4vZ8M
zDkvbTQL|UOQu50yCnXLao?2TY-eN{mf5;~;^M%BY(;M>qjwMZ1o7JsX(=@1J<lh1#
z(`*!ejFo(pKjI_`jd2P|`FnC&@7j#V;~I8s=t&y+ivKt>-<RGzQI1HAs-=|jAQe2g
zonY_&%8wh9P4M*KOL%yGF;I2n>HEwW6g#dit*^JY*7cqF;g$B}1h4yIhGO*39>Zfl
z4VuYqD{Py~yh%S=j{$3F4>(>d5KmcP+iv@AjnEgL;N-;@GxS+Q=yRchJS2!F+%Je|
zLDY|!Mul>n7_*p=Xpbl<)RSu@QuKL=PlYG1*GyQ$McdIH#~w`*-VOJ#;%guo@=RFB
zV~2)=L<H*@0lxYpKJ(?STo*nj6?;2=FWH<Bt*UGD>=C-;_D|Y!!pVn>4;D~?py$e$
zPM=Y9Z9*(`?Dl(E$vnX%<_05i+$jNjeX~g@#XhAGgXh;imSUxu?=gzmXXMVqVDMg@
z_D%Pv2k`Y&UD@m1$<Tdm3ivKA++`-RM9<yHx!rYW%MJ=0GjXe;6c<aG=S*ve|8fZz
z8R@#gsxE(jZH^5u`K1A;!oS$DgV6<V4>)*nI0Fz6Herbu?I)2?P}~Lx^wYp%)0o%e
z4((3GUyby@pwZ36;sDPkpHs+@1cfZX=se*jq|GZdydTYlF$l<c40=2mAiXGOzUHtL
zY-UND<?tWv`4Q#(LCEB4$yKbatUQIa)9qhZ(yH~#`T!|wc+<KmMU9pKo3<^Ef^w)y
zJ<rG<5lD%gzVizI8kE{k6oui1k{;nv%XNkO1&pOGa>Mx=WTEY`StAp;m9`|VX>NW(
zT-_`VQcxY86wD|Pq)OG`->=OhR9@30j*{KA1axg`$q4*ROxEp4QOY^xZ=8SzSds;X
z3#Fi(iZgBtA*ufAfMy7ZH2H~VP1_2B=kuNhcC(?5L^~k8;WVpu6{EN&mZvQdToEje
zX9_z$-?6#iocMvVSo)1}jGsV>&8g4PCNy*lst-u<q*JZeMjZ4h1yme}Zak(D`2s;6
z7r!}^1_sssxcBEfiRd2M(?_h+F)`6=59d@0qP^ma9ZQ=2s-Je&`P`84<>#U!*$q<;
zzN}BQ?^hbh;Buf`66&mEc<CL6MEDN7L`2249mh%=th$x(viFFA;1$Yxc@3@C9MW>N
z^uq7d(tTPe)k%!5JRoO;M4wM_Z^Y_^>`5bSs*2sS2-ax)&LdjeS&!;yXk*4JZt2V`
zJ#t&RcfKR|ZZQOWH<e(z_SzMrw8+l7wCBi9<awA8{IDW+>@;Wnryk+?=aug9$90&}
z&nzmo&{=Y+&$`&TSWLdOLZyVh+>ibuO3^-%_aF7-Dy|MTAj%26RH>-M+jA~tgl7MK
z?tEyf>Qhl2bsn4jEhPMkyCPP~gn@BgOks05iP%v-#wE`$=4-M4jKz$$QVBl4ynkEH
zZ_Uqj@Y|eafEVUSm8Iww&P&E)=(+}Z{k51<$CB82^1O`$S<_o(#%SuqNh&$bZjxUp
z-O}_JpHqC4SmtLXrEt$6rLw~Pmb3(^Fmzi&n;&{6Sr(z2^9;x-F7(&k3~y2NeFc+V
z6U;m{!3^PxueOB~z))|)?lZ8;<5xbEOqoD+?4;BoAIV~rr_zGLc*@VnEn`+CtuT$p
zS-!tHj4ro6dHxi;M$SBLkCvxpIfJx{&anwM;(D^hrNl=rdR~riSu2<KRw<;aV@_7-
zY$D*c9YLDmARjH^Y30h27r`IG;_<Q!Es&oeOtaXxk$`D4K-HeKgK|WZ;Dr+Za(Rq&
zw-x+RTv&P`d8Bqnp`++1En?&^@G4?|7Y=LR^dWG?(vQ?4m&yM{wN%L#u`1++7eYe!
zH^+<GaH#u_ZPrfN1kyZeTxzu4zh-sA-d9T0*sws;{w)N2)8w&muZ-@QgoHr~PY6fz
zy)jzl{R+-i1||7PhH-TTrs0s9Y#g1Zv!4b2ITqkLd0DU4?b#e~hr7MU?NPrO#@YaT
z>q*!4plsQt@AhC!`>X5Q{wp(8RZPbK4@Em8Nc$725mh2x61Ue%8&BqG()y~Dn{^Z%
zPb5=d6ydf|pysL(dU^$392ydRULQ)JkbQZ6TY5_5$0y|h*8Z#D0T;0P{0rHxgJCtp
zMlBjo`1R-f%LAs&DfQvJSi}k*#isWhwjHjb9!uunzLWT?C(R%zW6E%B0l!k=X->XW
zuE?D((tSE{?5KUOuBfG0jgc=bRf!)1&}lU9o+(`VHIAhBgyy$foT%^@0C|8URn@`M
zJ<}fO5+zbJcQlC!=OW0&C9W2~&@ksJU6&w%QXMV-Zb(l;b#aYS*38Sp{&i%#sc;a2
z>|;<aek$rJIrV_hkuP$oorgW&up~tQg%YKxR61htros{prMIPSf}z9W#`i1bWd__O
zOo;424JL#DauaS?ZZUpxM!WiFQ8PbzB0)OFSEh|i3=BjV<a=V1F4G1H^e73)7Zs06
z1*JYxrrg9(fvwLfM#uq29z;<{tZL2B?OOp*5&K?HQiW)ooLm|VyG26Xs^u&u7T!Vm
zX=4ig!90kE7*Wxrnje3{CreKW6b1m|f{^1D79yLK@9#$KYjh2=Ad|((>N~Rd2kaMm
zjd@9BXga@HXv8rq@=rgzU2UDVjb7<t+qk8hCUK^-MyT-=_wHmMb@pnQ;ge_dBZ3i#
zMGaw@GAmQ3U+%IKB?~?EU?${0bVmxM1qn~t!R#~gP*CIYf=qU_nbjQ?Ke1jt*0$hU
zPO?4sSW7Es<r3V+4<I$Xt;In+TRgr~ozyeRcFF;YS*MO)qqgX{iF>NzWau7zlzAmt
zBIN5Ora(L92ZD7g&4*=jEJTqjbs3uUx^8%N_f!Oi42K0&0j4R-t>31z5Ty(u9*I4Y
z2DozHeyRZ@KaeJUIl#a;ZfDRu6hcF*jK|y!LjU%dP)LCmCV(&qT_l!oe`?ACz8{fw
zsGl+@I<N@jkE(z#%`*sIwX19}(k?EAdPqRECBy!Ulm24ZXBxuCYdDE61eCE@;u<Ru
z>7lOug{x_(u)R@XLL?OHZ2jqEC-lk7zTXQT5!b|Cbt()GUw<%i+1LDPagdpN)qZ~{
zr`#@V>f*Di(_>skeAo}YGO-8BnA&?ir=J-5m$oxgKEB@y`_mDV37k5o-A5_eV2Tu~
zi8YieQUi|3kdj-@@iCP+TW=6ie^X-?kuqfm2r!7il5lYU(9K4cSD-1;P+$z0!Jb|S
z>#Wg$02fY+e`+wgG;kDcn4ow>g)ZtH-CSgF8Sc0?$WK(yXvmq(qq-_f(<R}^);uHt
zKuvi>DM1lY@kGzR9dZ;BuB0OnFqb9GQ$d^oX%h+J4o*4_xh!Nqa~y9`n<0LU-&EsF
z%|8)u)uDEyJWO&1nIofY1kSI8!ga|o116d^dcP3j-FSsVE$~Q8tM>(zPPHFV^VIZv
zD7E-wRN?hZvMy44l+9#Jw#3;>G8+{UqQh!*{6ebo6fq+ZXZC=C2LAL{A036j|6&F>
zSP6u}`Vh*%@kggIdCBZR59Z=igA;G}E*V3<{ia4W#WQO}uOB=&`n6y6{ztR8+@vjp
zXHZiY;Q8UW=c3Km>nm`55D30nZXyi11^Ihkukv?3Ty<%zA8Ukk0le;FY&CXGBFwC@
zDrk=-!8Wf$W?uyb(3LY{MRla|KO1>^!xkDxC#T`ytBE7A*3ANb;RkDcX+o>2-@*Hw
zrgLH6Sv@UYOIkK>P(GPAPDQRko`b!?*gyh1M}oV=2htsK_RxY+v$7iEf`#&+M1_!B
zv$vKsCOg<#VH#gbF2>q#bSEPw3plyf+9p}xUl7~G7Ga}y802eU8_H$elPhIQCWghS
z6>wC|^X@U^3Sf63XK844tVo^x4(A6*gLnG&{Z8gbxy7_LY^&jK@qIw~#)ttVJ1JCW
zS}h0j*&HieG_1H0#Ue}*$8c?PJuzW+`+dnEbeXFn2|QUp?#YQXOqT&saO~K=l3BTv
z$XtB-khxGz1La`9Otrvc_Q?5_gz3BhKoisxDQYJH68)$q-j1B}>E>fyV=yzW7(}uB
zPAAYXhqGnCW#C3St!dhv`2$zlB64?l@@Tk%r8?{(RaBUP>MX)@65D*;qTb@l*R!^L
z&!nC)!{4(*a|Xt|gBO!iD#Ttv$7-eDaK5MQ+wMDk8_CCns%Yx#5bUv;Gc@PcEH_AT
zvQETYrNGp+WI_rbC);@?)5iKBk$!(j;^y31aD4kQsmKEH<m1SPs@ysbF2pn=ytql-
zqc3uU%dzRTOs?EGCg)N>HQwZ8nkmKacWBY%`@f!og=t317`FF#_<}%Mhy3(>dE7#G
zgE+;1Syk_M=5ek5ER?nUa5F25^b+~0WH<LqS@uqO0GE7|XTEp15oxukh*&XL^T_~!
za!4hAyu?Mr-ArkpU&y72@u)wFx1Ag%F7O>*krbC8N_YwuNl&C7N@h}Tv400JvZ~@e
zWs4CaEoSq?(tEDC&fVxz)k|w>#h-?Rq!$r@88TXtfz?qUNnd3n>H0k+E`>V&Anqv?
zGlIj7Pf#c|mV~4KG&(GKjj=8fvwVt`0il(@O1uEJHfxJf4qZ9lvbyS9s9h8swOL#U
zbw`!n+q?w=qo(*cV&FveY$MO5Tl1NCyIlj*X}|NbmJWQp@!3YcJvY2a#5iu1Hs&ta
zVbd!!lZp?vDWk$;gGH%y#*T!zz{@=I*BJD>BqHO%2S{(?5~S@N57>d|!{*kn&wtf{
zWm*FDdx5PEeeK;9%+IR@b1T&d%Z$EEaHE)9e~&G2%K4M#FhRf6LFZEJX$>^v9TM}{
z^}{5J@uFAXE9Eh>k5G2TiL2>6oTthobhNLJ42ay{VfL@q1>dVfI`&Llwv3Hrm$a?r
zCH?T1@%VN1G841-9P*<oPZOLIQ=;C$u~me??-k$6y*E*@9%kWJBfJpJ-StECIiNTi
zH05Uk4~e9$H`cG^?xtAMl{TGV)|W_-?Sy`y6s=p^=GBY;3WEPVja-g1Lk7??!dX=h
z(6Adnh}UAI%V5X7Yj0j~sax#>+#Vp{jT!~4B(I!|sy|q}c1vrswC8$%=T8gksf#kJ
z5zW*260X$CtY!WA$kioXNKKN_N@s$hNpYb)_L>>)T5N60%u+S;BrFXA;9*~;WhEh&
zE0i$to8H(576BwhRfBaPMkcN&jcCPzD1dcEc51NJOGu0aU8k*DVBczCdums1@@cbU
zmb9`APCrpmc5KGp18ICIP|~q6t)#Q}VKmLXv><KW9uEsvxwIReCr8Mve7ua?(NQuK
z_LGHwH7!NI{)LW$RCiA1Detmvmk|p5Av@(;?Qt|wO&G3QVmH<(OC61E(?kn&A#~^D
z=Vr>HH=tVzU8zZD=Jo7nb&Jq<-*i*5mt=Fi!W@uAAu*@BKT@{7urXBhq5M)?9;~7|
zHajeo>F8RzyvNGcU&Vw=y%=yA_JtBb9g~Kdg)?hJ=xY~}nXAp`HpQx>SS^XHJ;|$U
zpT`k=^Ofp+IV(KH57uAMOrdI;vy4vX9^;UTGuV8#wi)=3+z#|`fU_G+A#`ZDd!z+A
z*3w}bo%z2#5EG<cDnomMD@*B8r*mo+&Nbj#t6=c#?SCR#2r+yXLN{`jC2u(74RC~&
zjHRY3AYe43{EgiV&sf70E>Kh_Brh^`;do}2SZVTy2ou=+R^u=e)7S5$gc>iUBIwi$
zuJ3(U{59^RSS(;jb`9_PTDTIBf%WJNQ+$bQP1#2p5237pj})$@fYnFT;KdXeEZ$6x
zSr9fXu{AGfI+=Q;ru8^l&6uHsiW#Ra+~f2Ozq?!scMv;AcwERX&Mch1*)P`cyNppe
z?Jkc6UZK<YV|>0~Lhju6S)-TfW#reDBudI!kW^&jm_*S>@Wey6NQ?V?3J_M4p@Y)t
zzPS}NrT<zxt`!}w-J$6scXmLw{Ozo))(%}u7&U3wrW@XbT2S=<qwz)*BT3y2Y_<CI
z<0gd;PQ+zEXvlA!Yh|QW7&^giPAtK?a!`%?fV;3n$B-Y_mdxb`XK6Qo4G;5jAeU6s
zD<IaXw(sj>Se_~t!O8qyqvqFxnMGv@b@^|nyHsQ5=@)&kkK=95LjL_kNOqve9m>qF
z#Av{^kIeO(6_q)Qt$y^uexY9oGBm=I1H@&%A$9$dmveiRElGh(Y__5OdWkECB`|C&
zNPV=Xh|Lvpo~Q0?jad^Nw>FK)-Mf~ZeWRegMn#8zHi<lbw{Q9*PNFcv^W&GGfU!BE
zKP+lnLY1`jUgGpWgK!EN;c=VK(x|P2DG?^tGd6o|K3O9A7Y~=5n@5I(bFo~=#*yQE
z{Ht;IS7vczXEKJRkz$pt7O3@;Woq5`vEarrt@l}cbNDX)1b#hzC^fW)We#)6%}h;Q
zuD);!D#qD4)l4f`YTrY!bF_yrTk?;Y<29<AUOk+sr`~lYbUv@aB1!T;K|S<e;H@<T
z0;q1GjsR*;P)FKgxBnp`N<hFC5hXY4!go0yn8HAO6v4~SUt-j5!*<63w_(Qb`(SN?
z)_Zfw_SpNrBR&hwiM$&ach$|Zb@BXfPk8ZSG@gCG#b~e+{tN!y{SzRve;)r8A7a#8
z-iGCgv5HZf!EX*n!+*`YE>jAAIUf&Seg)j$KCNeGW$^fDw18h0FNa8c!B5@=T>~%Y
z>UK}stI+3K4EK2+gzcV-cJ$9>YK<QJUYon7PO@Hm_7>cjM2^Sz+o;c%@ULz`jhiUh
zGaZ*U4tKm!J-g?Y`s{&ywy;&!y{|^717>W}Ou0IE@CT5y0D)7W79W@a3nk|k!U82{
zEg1hFiV3?6!;T4CEbRfHZlf|1?6?U>iuJicG{DKZ-qyg$dA=ux%$<L!qG<~2JzH#H
zmC<>;8$4weHa_e^&bmV9+~$~~c--df7fA!IPXs3b*DJ9@fmyr<4@i)_>!@;!5v3<6
zYAb9Nzag8|*o4M)ySy*=2r{xVGrPFK4>yNWZck^|t4~cAz=wzwQwFEOO)E5GRxJ))
z^S0nV3n<%Z><`oq5^w`tTG*7RA}eYAY?W?*_ACu=84w&Xr(`^P0;zeMr~fN7`SyE~
zvL~Et0N|ZVSpax;d~dl6Fb|zjcFw~v1fB4FJGEcyz2h$dNPQD;%j6#-k?}4ljbT|W
z?ctlA6-#r8-TtS6BX`$RFh%jyi&w?!XkCz~dT-qDyf^1Ws_A@kkMiCP-V&rmy6(Sl
zfYjMVBNXYs-K75&!wLT^{>34Ci=_y7e^8+CW+DA%Tz&xZIo8a2TmfTVxQ$~juRrZ6
zJiXYy@vp@(RCisOJe)pz=e}(**M;j~lYt`qUtOn7opXDoEq_lr_keH@%C>u(0~ofq
zPomgHu5GYYAwI6HyV3J)t@C4Y>ky{())yS2F^1P111=4D(1T`0>g+yKJI9uKcm7|~
za24|-H%G^tG*PX-9=C&{hSiIWm(Y`&Gov1Etd;q?O?GJyRyg>esCJ{;Ui4>utPkSl
zWJhqPxr!83&=SA)7)SBW@|j+*q|h5MMWl_MxY+)X3f$%T)Myh!r_@7ey`1Na|BNq&
z?8#g>kzWTC^;Tyfn(NJ!40JJ=7XHc6RgohRw3Z}Czm4zH$x-QwT_5$E&xbT0$E78t
zb%i3G`UaV*rEI3WvC5PpQd?@18m+dbCwG!@`fr}*CkEark6`?cdQ?$Z-o7t@9{v`M
z-mghYALXF&a|{^%<iXW-q_yGb>bF`D=orU%lX50Aw2A*vzkk?bLCJ0!^RQ&oE-sd5
z5m8N|6R9pyqt>!L^AJusm>25)oP6iEx}JVTxdqY~|H=T;fYorcE^W7+wBO%3U0vam
zSu6VuNN|sM^bj#WV(e5*nLE)v;^G%`cbeg4EYH4M>?&29vhBCNp9Ew(936t|;(j5Z
zAjdR0d}w?E4^YHJ%MQPG4Q>x^Q>=mCm>v2JaCx*0mDrwG8+#3#YzO<K57F|-suQw`
z<Lm<h`{BwpuFBO)5t4mV;FJaK;>nK{t1?$QkNrGXy0fZIrF}hJ?IMk;>T|~I(FV=q
zsPrRPmO+=Nqu_wM`i8Z<em1y`dQQu<0Gme<yj7asqHeZr`WA_H`EK9<N9qslt_P=%
zEDR^%Yo|n8Bz+u%5er=wv4)jNpc)o%TF4{YFX~n<s_|=7<3;4a)B-fnUJMljrShY1
zusQdW?38jIYtE^G;L>TA*hH4{Ha{RHrsKtx|FGH++*12Z?4eo(y5^f^Ir9BDrUeV6
zb_gaC!;@Y9OYz_8Yi2NwUG>y$8*JSKYsJjbNLsNqpY31wgo$)7?!E*i6W!{Cc*$RD
zjaemA+T6E(><8znpK?fzZB-zzml_UR28mO&N<gQig6kxL9_Q#coSzB^S<38P=L-RD
z(_wVtHI2uDo43KOv(=uGtc?!DK)Xg?OphKNX$!5*H0sj@!@yNRy^c<2<^pU#VgtcB
zwgDYgc2TQaJx0Ez65R{DC-jfZHfqneda#-gH%yFOnVPnm66+9)$NM>t`&{dg3&{ds
z(MSs!N9Q#t4DJ6^sinr3=uxidC9VNRPdT}8v%5Ht4@2tqrO1R2nnFKcDEAUSODNY+
z|EU}!GF6yJDjMNzQZ{aa>o^YNwzOMq0ihsDQ6m#TnUB6EDCp&?5bj5Yk8(-6nZ*qT
zP^b0Z6{It|ip2Bb<*34;yQ-n3yW48NE;p~8Bh5Rvb$_(g^?X`d2Ca48-m-cr-#VB7
zbTi#^K346~1g*86sdh9~bvUoCRkT)J%r`VuQ4eW?bbmU(Ks0fB9xuI{+`g-=|IV|L
z+iL&cDqD?|ch?s(4bbjAIDM19ksB@t2@Kvb#{h%Pp8K-F?(~P%q2T5xM~DoeNpC>6
z=s2JxmTw>0YUc%i0%5_-%XU4TpS`<nvmNh@ZX9_bHG#c8xRFmxk6rqCRg(>X+jY66
zlXID*X>hg?ol*_qg@TjZ@Dv;UcJvVCJ06bIHl_Ps|6$`n-6fOb?bAj771>%BKYs#=
zpYOEa#*O_KA;3BH{lm?O?<NLC>h|PyU<W&wfyo1NRL}HY1>&=V02(a~856xqGa8+F
zqM5$0gkVvxLNWC~Q%RiQpG&$#*#4)9eN@D&*UYntZ<NJ+x7oi;;>+-KAg64=ym&F$
zO6R_A9$s6Q;Jf%vrzd*6bP`u|i_jKOV&%Y=XRvcuVVS|Y@dSHCOJrL3u8Nlrx8Ey)
zKAbxG%8<0irBq>y?z~(C1)J_PD{}226MrefDURn39cskv%J*nj&qb+`2vrV`^s!|t
z-P*BvE42-!wMi|Nooy*x`dJ4kS;F%YkdvsHkwFeO1Ifq|Xbb4+xISm)pFGjd))E=^
zEsGBy+n*MN88QqVr46XvRkZKsl4Ke${L%I=eh+tf@BqssTcjFrl&Z>2*hMF`(ut^@
zQ6s4!7@g*wo7=-xA|^w@&Jqu$aQqKB$I8xo%j`fvjfmB*YYD3cGB5j6T|U#N$!T&%
zF+cXoxW)WEJByui;n->0#t>xpy4g5hn?QJW)sJyUMA@9{zItLz8R6-g;=bGY5L8mw
zp$!PdMn;(uk>Zb6Mw>#AzM&*Erfz@MV`b>wS{D_j*{R=4OTaX_ZkgZ1SQ}Ev&lk4p
zPwbfD&_tf1s_#4QCtl8BS8am{_(p}@^UdM$(JE}~?NyBrN6i>;b1J~}*KdG$l`=j?
zcshMc?ZKS8RUWnS!xb|>o`%owdvx8(ORRhKALPW_9f5zu&GD(CO*K?%7E~mG?c=Dk
zURlEN`&d_>E62tc#WtXfxIkSd!qcB^PjDcgV`H+vr_NtM@TEq0`lOriWZ5?anQvkO
zJZGFX|7MlS_a0F@H9cOJIBc6_x1xU3W`3pa>OEMaXE^$lWsy`x8zJ>hZIuxHhuXR&
zC&<T$4ce^45*h1XD~t|=Ml#PenO`PJ$d`-QQt3^a_dYS#y7_;&ExNXe9-R)Lp@kUY
zkvL1ecU4z>`CT(w%>s6TOpk!KkUtY!J?v^CYi@+&2uGWtn}@wkx+<|kZ=|T!1S?;_
zOQ83cXnCVLV%L+IY1R?cBhXnm8cwaB$z9JyYV<}_CW1An<T|Y26eoU`BD_(Vq}A5J
zBgBtQ*`F?}i6zf}3z<Dx=}Yqea$9v*|KYY^=qyab^YJ63sQ+FLMZ|dU<V3Tx2FNK?
z^o)-SUr=Kzz%P3J2xgO0RibVAm4SvZm4}bTzE4cQl5Y$WXkQFZ+v_FM#$(jufthcL
zzSHD{1}?^s_{~r{tZy<-W@s6TZhMfAX&%<&D495HL#j<>sLNZ7m4DSPM3p}Y=km8*
zVYgvZV`C3{I(yJDwwqY!x2XM{W$1QbMvcnX>s&FL7)dmC)#TWkxGRqYId8wUmZR6i
z^?TGsA?(aIzy5%)CyFRVT@IRkdZnx2xc93$I=}b1cxwUjT^%cnvZ9`;8k-$*X8)A@
zB<Zqk_BxdGM)Pls7946R&E6EJ4tiw68#RsJeQp$F{Zl&`PF=BK!Ri<$D;a~K7irWl
z`~70q5(lpw+e)2#h}kO|fyg+TtRMuGx}Kt4YRQ5C(0GMMbJV#SkThdZLv7I|7j90;
zsLak%*F{9vnjo1#E3tV>A+r)OlW{NVa#EBuCwDndESp5$sRv3;zE*&nMa_k=1uNP(
zqVu2$@ebh;7W?QD^te{r;D~YN=j1e_r3Rt-rJljaWVii*OxeTUS+Nz5DY9KFPB><T
zzh14c=L!L>HweF{6zPDn)6nD_txCS79-5P{R$N$`CyMw-7AAvV6YTSe-<x$D%nN9$
zu3H0o$h1*Dv5P)!@Bpy=I~Y5e52J^#A=Z&?8b6+XC^B~-vaRve#ryN4;+QEZGcJDF
zuQZQV0<*QW%xWQ#{^txvGz1A!+bVQJG~~9pq#FlMYA>q?>li3%vr6}KdDr1Ovne>;
z0S*`x>bx7~?yqio-zHJsqKn>W_-gbimDXtoG{>akOI1!=#avglo?^pdsh;7PP{C-H
zBvwQkwHK<9Ps2Ay_$O23y(oFBmOEMx=K6*HzC(Uy=UVXIjJ6FIs})BN?I}xtQv>kJ
zQzltgozmDOsi4e(&fTa-`4t9`X8|7y{hYmzt9}U!U>_$NHQDi}I5ru}1UrPpPq7Vy
zl{Xd8J1dIv1I3w8#&Hz%PG!|m{eP*f$`gSe&U`6{{${&1vz4nYgXOVXn!lZ;%qQjq
zC4x?Opoywhp}xKwG~kDflBPG-*y2dI>9q;^nfLyaClRW-^!IxgKmHHvQ5&PN`uV5V
z#0GysXu{i0%Ij(RQp_QHb?mi5=y}QKB^BJUhJk`ubkzvaP!hq(_g<frsJ&S}QBtCV
zLT^9)WGxOLL#8V=S;{c1<)M*kwW}g9-s_fE!4fhESX?~+lKkBIyMMT!?8ivZ#%+vA
zNT$8Cq%d;^wOoLfJdrsOakBXsXP;d>CDgBRL=jfF>)A$8j)9fbDDsb@tdhzm#)b!n
z88za7WOGAuBOucsFEgr{Up7Zy%qn8<ew2@c#yF+5gC?Ecc^lPF@X5ll5ER6S9wKz5
z%dPQ7#z{EsIZ5JU+$$z|gy_X59E>()hW3ZdT?2L=B5J}WsIbf#8xT5$)2YxVktS1O
z;w+zVcnxW$fqhpC3ggiWl!cD-Dfn};B|dES^Yk52;QcD$sG2|G|I68^1nvgVs!8Xa
z)p@7w21)>*4KrKtG1`u<-$)xXyp!hT6%)1;t}`r>p%FoQm3GssS<w(vq{u8RMN5eZ
zSltdI1({=v`*D{OFEkOERd$icJ^vo>i(JjY59dxH6V&-%tl;!3F<T|ntgfslMNFD9
zPn|tYUlwjxPJWw}tEkgsm7TU_-8y>iA1zo_VkD_u+GNV{M12z&q#Vkx4Ga^{5BbVm
ze-kH(Smz9x9OR}@uYVISACAsc=rH%AMe5HOVg{`jsSflHg@X1~EN4qGB;JEX!BszF
z=3a}<5^~lx{PPd{E}(%ng*zuxFIl#ga|yB2Si=Oqk%b%j3nP7$oGS<}l$<B83Bc_i
zwiv5&3BclBob`W&Ny57C^YID4hf%s%qr1^E-HzKkdXO_FEIaw0<Z4laqI{b>Ot5qR
zPxJ0KzX*JDelK`k;*Z~(HBnu+cV0lZr1jumVAtfOy_ENG|6=|hF-H+&b@guqr?4?r
zmeT)5K<93x`R%RWDv*p2dkwAbt@KV&6h0g0n6(RZK5c9H(Z#wnLL&P8#d6jI1G29@
z1LVs^t}W&DA)R9N6Mq!Uu#NHhE$-y)6aOGZOpGkmoiCrK$H_UkJ>|N89juO%t`t2Q
zbE_#}c{QsIsUcr=sk})(Iea{ZB*^}Ud77sSr#?RS4mP*txb8A~k^pr)sj+3%PLUF+
z+;uHo2z~Q<YXz9X>$M0>alKSr>7>tDT(fQjFVld@(|xH;2Q!x*v@v}`t=DZq6)`yX
z!D@dAkZtPLmQQZ+dVP*7uGwa-BaB~-mv?BR&J07FG&igpUDM}QIYvBBYS!X%pC^Z}
zu~Huwd|hG$tSs+ZX7$0mK7SAF`(Hh|0Q`S%*S!nqS6>|s6{A@WHDttc^vf?n@pS_*
z?KQe3sXk|yAwwzhO10PV?O8sUS;)@jEa&2hG_E!0TF|&BttU5!{Vh$q?X>&WE$IM}
z274%FwuTH;Js1;RLz!BP-O?jDhxK1tHZIFTqW&+klKo3jFcc|l)&Xo|3>flokmu{|
zPK2@|i9<;zj&y-Px9s<24#%_c3H(*6PC3koD@1|U8U?a^4?BwM*Zh!gzY>C}vkoR9
IK0!hJ4^&}#cmMzZ

literal 0
HcmV?d00001

diff --git a/assets/rancher-gatekeeper/rancher-gatekeeper-100.2.0+up3.8.1.tgz b/assets/rancher-gatekeeper/rancher-gatekeeper-100.2.0+up3.8.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..1138854e64de558ca9bd4711234b4ce692c98a73
GIT binary patch
literal 12114
zcmV-YFRjoYiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMYabK5w!C_exG^eJ%Vnd-Q&sl{trzsXd&ZFi4f$BCbv?x|O)
zR0NSn60S*t4S;ggao%Ttg@q)zNTO`n@gh`L$0GJ~fP;gxf#J{{19L`Lz!g9QtbH`b
zOthvr@c*`&)ai6O`@6g9-%h7f{CB&vyZg89?)KhJXZN79cks7PclTgt_iw1PqW<Tm
zm<!DQ*12<E#mPO9gu{>uEC>yGuYr(@1@`Hv<zgXxXc5}Rv7inKxxl{PL*?b-xXgPK
zVBwA{tGmDi84~c)x|PK|!XqC~oe&4mL+{TI(XVL_l@+ey0XP$2oY1g`e)!iL)NO5d
zS{<i@{we?5lYjnDSylGIBkV#C>5uko_>>C>D(g|+Lp}-PFO|6wuz(2eq@}j5N$AmQ
zUR|2e3GskCqY3LFmxe<!YGuP{@o`IkY)`t_kH)xL*-V0t93Zw^`vwl%t%KQMVBiDh
zU_f3*Y-J@ejU?Fom<wQzpwzD{78A#%K}16cMGskR;)wi_jCHczz)_U_+-bdTbsHXV
zmyt-QZ)en#i-)845rpWR`ox{0!x4ny2ae*13kEo_+DERWT}X_vKnaK&2t}%*Gr$}?
z32ecrkA{>X*Qc?ELM+Gx5QG!LXc#~!cw<Z@RK`L?yw`4zh#1F%mP>;+jUaSPgIJEF
zZB383a@0vJH5lG9pjDfRa}d1k(-Gxu8{Lyp;|iwNlzF_@aFFc8j2fv<8V=&%#*Bz*
zV<y5ljhPFofh7mt8WGV*7g4v<X>GSU{~bpfCEuGyt<(Lbit~Sh{TTQP8Gr@n|H1C=
zLE-%0+wSbI&;N%=3?iSnnD@|51IHc_r=b8g!F~_zcl4JtdAR>ZLhpU(PkU&HeGUzm
zhFmaALh%QozGfial7NUF+BWrmVKg|x?ii9f9^rW4!&$5uj>6|ZuunWJNI3cr491jR
zCHa$L#s?Arjm0InH1yQSOGSRc#E%*16QhStM<HbuEuDOUAQJBqhJe4t1Mqndef?H0
zdo%|3N;gz!UH+^nA9F#2i`WO<AcS(3$KZp2_Yp9|beT!&+><W?Scv^&EO0*O!`sV$
z1NOz(mBUE#0tLzivn~|601{59tGZ80zJm#{V!=7UDU>WCq+2XdghgPMz@f!`nklKJ
zb2N^_t4s11^w3_X)9~r&Elj}gq0@K2yq7<ZAtaF2@#!d8R2e`6A`ZQPaCxSkOyr@S
z%aYyXKQqt==>LwXguY-gG$P8ysbPK_2>B8ODMaKKgfxCUQ$c<q0Unu5gcwAW6G7QD
zJ+l?_>I&bK5O~x>6UDx6n@>^f`zaQO@2EIuz$F`yWnY5JKo0)nrv^%ygCiOW_#$-Y
z*!Su6IU^I|!w62ei~ZcjlVw~S;Q{f9kl-}UdyGcO-;Qjhp(lbB1-PJ8{6c)toU%1-
z7KexYS4QKghkp9$r|jE18p=w=qQ7%sirMHiA_l*QB!jc3c1f~$6eAq7?3Q8yJ)6l)
zs7uC2^F2kjN8Vj{4hx#$d6`I1095^F5b8B%t>J($Mj3cc0lfJeL=mo8rpvrLHJ;%v
z-@_cN6)_f3?=XM;{VFd9n1qrg2UlKUS_x8H>KfLPTbG3(fJ=Tpz#$$<0J1m~B!IRD
zLmd0!n{3;nml5@jXdDW2LUucy23G^g5x}qC8s>8113NQKHxPmXAvVjc@cEp<kbFsV
z$CQhAAg(F9%9ffJ@&q<V`VRLCVO+t6GSNe?cXxLh2n8S*arwFa_WJc}*`7Lm^rxRX
zKXqgsMyOivKIZ(Lx|Qhl=p+|Jmk~i+EY~g`4oOJFR3lx1UXa7wN7*6_fiduoV@AT!
zr8@>M_DML>N16G2@&(*j?IBZ5?hx6cY3&2BAj^_T(d|p{!4;I{vk+3ki<2)A19evL
zV!mws3a0iww#CQtKBY-gsW?J9kFp**t;*IMcDWzj*R>{lxm-ab>eJEmH#v^{8kC5Z
zS3;}&HIUKRtTS2H&$tb>HbUw_3JtmJ<StBaj|yONp{65rqgd03z<dZGQ2TYSyM0E?
zF8(tHUanHCvAwsiYCLgTskoHh^4siQcb3LvEp%TqBH#nPI6ONh+#30M87#F7TqUou
z!KT6c*rv6=x3{xhb7Hz|<PDTOxavGYC?MhC1QTB}VUpb+`E-DNBS03uVZ-#0j`fjv
z0VBeN#C@~bK*+GbvsnO}N6vA`9N2`opdf9oj^58P@dZ%}zWH@5ggmxG?_2XzBjO5n
zc_uxMMhts!baBkfnQVYvH4_F{fcf~nuj%)eD&#)`g2=}Lc>D7h{0JCtiRdn(pat@u
zot?d+{^ww4t^awL)cE?f{bS?gON2uYi7_C_N+3E^e=7lYtMOy|+qcHouMYBHNJ2nO
zixHB=o5;xu$i0qQT8Ai4F4X!%%M)eE_Y+`@cz|x?whCRezoY&n!DT!gk}s&~WQ{@S
zslW9QkJNTVIPGH?`~DRD8Dn4Rmk^F3HTYKJKcHJz<%R4+PK2WYxH#s3I1K>(mNHR#
z%0mLa#}Q_rPd)IEph%1fN3RA`1&-r)m$EDgM~Fw@ZnheyLuAw_x)F1I;6@Ljz7c`0
ziSMHUpqR^Xa)j03&1mOAR~E}dm<&^ZCYdQvlQJ_4)PlOtvzGp@X3%?6AF<XrQ()*;
zS{E8px^g<!+}EWC7%>uxA!`1EJOAL#LTkF;WtQ5kzjI5_!mZpiMr|VTs_<(Ti!P-u
z9`kXm3N~lX$OgFn+i1+tjXXDf>;h{3cM~-~H*c}44n4W%J&#C61pD$9rN_+m>X%D8
z2xy3C2z>4|(hG0pT1|72$rJSd;J~lQzd<1hJqQJQjjSP;N1u&C^BJGb8vV=+r%^c&
z&8Z}+%1REU0u}A%ts2NJ)#m)=rt$F~tuszEteSFQ&r3I;+)+a5E|rp5@%DVHA&U&a
zr`P7QbqSD&l-CoVVvi%2#=b0yxV~E_WR7yMTP&kmWjZp`u^QKNGWX-Att*#Ip1SAu
zOkMc_hC^^g4>jLWbGHZiIlC@5Pb5Ka&c?Mh3~sJ8dJOqXai*)cTKe8+?PE-H`9F1I
z0Z*~#chCnevj5pR*v|8R+nt?*y*2;$5Xm;kND-g6L}^dD0}!~|xFVs~Lr1CR?}I7d
z2tZ&D3oNfq+B)ItHMbW}L-I@dQe~vR$p@K~K~5$O)7|{`njh*GE>sJt<V<PVY}wxi
zlC&hiiYm$@s~=&80}#M?U-NZoSsFojcz*iFj;>;h;36i;kbUviNll<AtJ8Kcm@zyp
z<PZTtg=kM#;DV8G)Q~q?HiAS<;+UU3gcF5T>*{p@3#npbM0@BaZ9l^96&^te;Aw$L
zqMrTuwHfeHvxfpc`t}KZwT75Vy(Ozh!YCFk1``6;Ejsuga79aEtCg1GA3uMxYI7_I
zS1fq%4f;5u)YGg9MM+~BK3ZyYA3uLW|36YC-ypgF1ivO?{3?^aD_z8vYGu>zE2IM9
zaQZ6kbJNNU_(%?c>vQ{6Gn>{w|1tR&8cWVQL?l#;Nb8IAIA!)0GVs#~R~LbQOqyHh
zV>T+eP`6NNl+}~`lnw3MeV~JcL>#SAa%+@)Z_4{P(%kdk(zZ#;6gm<0649pC%GKfu
z7M%ax-Q7;%{NLT*-(H{p50Q%ZG#<5#I8<J_Z0<lKyub{cQ}5C&2(9tR@d5?oVkH+}
ztW-6d{+!Vv@j>Y~d+3KBe@N^vOj|gLdgzC*UsJZFLN3)p-@g5z1?%$ayhQmt2b2ic
zn^RC18-&Kdh`=MzO{Q{(OD&vEn=#U%LMe5d*F`kDRNQDOzqD9qFf=lL-5m}`ka86P
z{-VYCdx`diggw+X0)HQR=q%>qA`TCEL#u8G1Mis8=%}EEaM0n~w+&lOP}PW0D=7WP
zTY34iOQ{lvp=6hM97R3^5DM(8!SlP1enR~?NCvA-r_XStenpJRQxiP(OY7a$pB}vq
zuQBru&rj8F2qG~(Cd?K(eDD2v-)TAeZ*(u%b!i;d_7Pb?|2un~Zjt_XJ8Sy?ASq{%
zpHOu}#SS%^b0q!6P+)T{)qWzSy6U@X;CmzRj;Z$kk3AwB4<esVCFNd595jFbcRSlf
z`|s_Y?Sq~5{(p#M?|&Rcyqyw(;}qB5i2xYe11Iuv2tA}%U}lg|K_pU>EK~YB(-AX-
zdUPb=_%eh1u41HYn>A&r_SQncvM5*{3H8uW3lWP^Q5zXG(2>l}K+amh3T(xjiA>dc
zDa%CDXw`~3DqTC-80tn9x_<1<RFJi@TFYbbHaM({#hQ4mgUKauSp%DSfiW(ajaH&g
z4Y-vQt;QLS1q~#RljnFo&?^Wn>nKYk$1_VTZE#*d!%SVIM2DQ58J#w^wne;|5fu9N
ztv9!*z@r@aFdK2(7S=JxH8H+CZ>-jGPCoWJl+}DXa(tLTu14a0Q7oLf06D2tlRL_I
z!md8kQ>fUU9`lgVz;UrVhSI20hob75?l=yw98Uf!*G&CMs%t8`>d0fyp`kx5RnK`q
z6`O#72-6NIe-gWT!PTT#H{D-v^4lw)#|0KKx7Io$LnU@idMP+oefyTLpLp9ix*_X!
zTfn`bTzJ4(?z=Wmb+G5LH@zZcTAA@`vAu}V0K^z#?nIP{5>Q)~Eo=#<N(AMAaffmw
z>CS<*<Sk{l;L;$#p=a-i#8N-~1mVQa*N6A{`{U2=4$n?5&kv7IEGf3qW6RZ-*Xt<N
z(gh5Q+MdFlDxaw;ontZXrH4{0<q&3$==Ot|)n8gnk(YDJYvPA8?a7=fa&*Th69|Fx
zb4CYXcRUs%`V~ZeERh;STd$bE@>$CGx#r^1kSQWmHjyKODak&sZhXe_OWW7kc?F@M
zF7<op!_oN?9aYaF>8A{i>V6ntk1P#rS!;R+SQqTUb((qDrlqaZw%f7Wt2B&W&}yMh
zu5GJnEde}}=XY)$sPkQKfVK#tcAnBEXb?f<=oU<tWy4>BRhpMgE$0VN25y#{RY^Bq
z;*&Iwo3S>cDPGOd6m0#!W~^wX<xH!}-pbMk=;7Oq>O$3+%9Xo8GwissIhHyq`8{Oi
zD_kPVaGq1YGytAs`QFWv0?8zR1te5w=&uaBa1M+p#fNrx-R~sjY}bn!u+JG!)dRn6
z%ryu4cCiJ(x1{AWaglcs$?9fua(nj%;E_1!p)=*+k+!Q%;Hv6sM~O<zRP4#`Ehc%k
zsjmDlyDB>7<gG6ZTp<7J?ss+y^1r=<y|w+<gQTY;|0}P+`4T|ejq<z604oQ5TY;c;
z+$A41(R_ST!Wqb_iLSMz@bO3rXJWE8E}w+7u;l3YG9-t0xcrxejzuv~8KzN%tY?;d
zsa*S3vZit~bL395WMDoWIi3nRQxJ^mI5gEF!Nit#mRK+!oaRoVSRD$&Ne`AcvyPP+
z62{_&y}Jx9nL;9aECMc#*Hf&N3M(zbYuBv^9b`A5g`@c~=3^&m>8P2V@VQxlDzD-y
za(ij30cu5?IYOkYo{Ej99?b>lm~4ke*cs>|3OM-@FVkUpe-y)w)LCoy*nbk&WWg|;
zNR_KInzekmMt=_=<gH8L?=0|Ld=Mp_m_4fu-K@TDBmAv>@T^keTo<H|NBUfM#C0Xn
z<@Q!Bl`i+NLJ74COz;w#<X7us68j^^XjTiX%Y$7)cwK>;rz*%UPi3)CdqJJ$1l$!g
z=+?sSrP_Lug75MS7Yf1WS6NOV?o{nNZ8>fe2Xj|DqaO6o?smt@(uGUF&7UuhYX7^+
z|L!3Fji~1l&SDj-dk}jgm>~#W<o~m`Q}q8i*gxp5<-ZS+l6_};e6$YFPYr|0TmQx!
zHB;Z8_Br*AQ>6c_klvi>Db%nOKyzG)WGUn8pL!J)J9%kF=qnH$=Yw=v$4BH1s<>0D
z_*$%dSF!T<-q&?gZTfHG4JsE<Ct<1ojH$p2T>%!+|L*>NQUABQySD#-kW}Eiaxt)r
zWII(2Uf88x9A&n5!qP-}jFSi$vU;8@+d+a21$Jo!mt`_sidO4Xg`8EjH4A!f-wzU=
zHy4H0x%CCZscDDvg1jo9PO3})6Q-Y0ACe%n^6xr+U<>H~?%qMs|7-VPXYK#_AgM_I
z2iR@t$frf>ud;9~#*~r26nCY9)DW7PjF@1@7u3(k1X2wW8h#)FaDjuUhr(FJv3&vO
zg}rkcOg(|oa1f42=KAiK@CG><XYz3ZY+yc&jN`gbxc=i>y}MRwEmb`lC9;hztDAQ?
z^_aKEYo6{%WfiXd{z7?_NqJK|SDG&ve`MZ`b5I<4Sisy#MFhSG2=%qJG?~QpU%fPv
zd{j~6NX1C>64y}x)LRpGA79lYZWZHGr5@R6+Np<01+q%LR`q2(e9AGa7A@&}n0lhI
zR;sK8<1vrKvHM3zstA7!AkqSug`^-61s8!<hyp~Q0KS-4tP;J(9>eTs#JQ{79%f;u
zRUY-=+CvgzpZrx?&lQ7PyshsvlDkoqI~`!zOI&r2u&hRnL+tK2e@qvlTk-#O8Gn-&
z%76BX^8cNkZfDK^KSWw7|G#GZXEOeE<wUbC2<p*{0@>1bg)^yBRDHlywWPI`&zjJ!
zQ)Rjh{U4Cflc%dC1~Q*+r~mEj7yW+@_B(6&|AVCalK=dy7sN|b4peNDhWy(YUM8e?
z4m2A{0Bl>Bw&-->u?h^V4vxwYZg&oIwkGAzGu?&$FC_dXE#&{Zdj<Nx-#s{3)BlG^
zE9d{$gg+(xwR!&A9T4l2VV&-rYAb%6d3v7t!k`88e|ztsAphCf?d<J8ar!^+U|r3~
zSCS0<pX1+FJO}2<X0xN<%&eBGH{4&`*)U(DYQAczPXgQv_25Thg=@srUGtANn?=a=
z34}t!Rzom(95r#Gm}h@ZQh%~~gx<I&Xg`%nx2>k7LeOL4#|$dGPlEg^_{A=$4TzLE
zQ&RKf3wE;;Dbbjf)DP)!>sdyrx5=`Xb@I!AsE5VP+%g-gV+#Bo6(?V`l*@Q9X5Nc`
zzk=x&`nxirLcKS$CVWzGrPSuL#&XJx?CV$6T4qm`jp7{@sWF#%OHG#6y_)hlR|W<o
zoKRPRZ8177N~KLJS_WBiVJTEUQmXa~Sy<Pr@b;NgC367T&Z=kOf(mlWOgCuzPnNP$
z%ilET=;Gw?!-@Iv`}uM5qu@`LG?4=*Cmx)rC+oOGMkv>bAOX-=q&_gS!TTXs@{wA=
zEulAa=BvqO^8gFZ|DFB4z2f=5zx&khe^37W|0Bh=S<km)1WL`kXjWjMZu+S*19Gfl
zE-x@CE`;T{f$ZhKr^FAGCjH<X!Hl!KG_X3S`P@q1`8+SoPsjH-R(i|#k?lFEYaXAx
zJ+W$9&Y<_e7?j{vW(}U;Zdc@bxh;P*2KVYzZL#HczlzS{=*{WqN3}~vNy$pDSZU4X
zJu;3d2>HFNjQeF8>&pKt9G4w!HL%zaXaWD%+21a{|FqX#zyJ3zX~z3c>W#EnPx)0H
z4SFrijexhSclit8@~XW2AL)Bix7q*1h2-B=y#Kk~-7fk6?Cm`D``;5u^WJ}ZX_vDy
zhqRn;XTu6gl|&F33lVXrBCM1SgtWW6qkicJz;!sMLg4~q%hPGj$T9Jg{>lO<*<(qE
zVn==|1!bDqRDPuS=utTix%8uY3dzIh6@AMLbd$tbK}};1b9&yiFFF<T_bK*%#y$>R
zS=t;rxo?&IRaKieseE*VbtvQ~8UEnKr@8096<m>W;gFCE?EA|+{ixD{^MAkFEuR0|
z+xzSIKM#_M?|)M+P7RvXiJzWyvz`SX$V+=B?)_hMkYgK4hpaXdx8imtVua_%V3b0K
zH^<-yvQJ5kn>}Rjs&WD68pvoYnmyEX_L>#>+A81C&V0=t(p*FAx&R({TLTzU296do
z8%K<kSD7F5+|PyixlQEpC1Z3mklRos!k_n{5f53cMZHz3!VBi23oZ;(C>y_3%Qwj-
z*oybKT|4kzy<LG;5DHPZa`za0x}9=B^Nhp1iU;5dKR5am^tTOoz7Quf<DW0ASqz6>
z5fFWu=5mqJtw!^q(lx+}AW}f&g%1nEc<W;Gl^JhBDp$u)^NQLq(XQ<{bOKC0_haSE
ziHSPn{euiRbK;?@{oy!Hbzq@650BsOAW6wk1r;jL`f5`DNXfW_;QhMpt>JCMd$w}H
zQZJN36c=;@mUo@b)xLE4@6>rt|4h8<Dx94ckOu46xtCQ^W#GMDEV;$9T6^vpu*@vG
zmEySCwtE@W<iuUo%j*XH8B<YQW{=RUX`O1Ox%Yntf5wD?r#J1=_x>a;vj5sWDEfbP
z4%Ysk50mTzU`D`?G)}MaOH8AEd@$uJj)JS#JimC-i>I5!KeVrZp?$U`^zgUW{KB-M
ztz<I07h?&O)!0Cn?id1$hLj;O2Gox*!vP3jyszK5NXya)!o%~^KX!B#o3o7=jerRP
z1$I3E&gD6j`<TeCxnM=6x_E!Ki(|&{w2(st1f}9h1*+(LDRb6X4G3Xc^?A;ib;7<+
zufe;35qzoDfYt}3#t{0aZC@o%xuUHGQm6lj_Rvk*M}*xgJc5d)lNK3)_-s(|D#Py<
zO74)G=nV?^2z|8%9#Vm_vMp2HDj+NL-lT1$Ip6NquW5Ep*H#DV`}rTgHUmCt_GI-f
z)bv1L;`3$?eQhduhNI6KD6)wD@a@~DT*oG)l_z`ustT*%_fafbOj#DS^nz-o&%Njt
zKdOH|*>}qX54ooFzr8o6O>2UtozI_IS1`5PF(Z|g(k9c`Tb@-=u`RDm@lEtEWQWxE
zVEEZUl}C((V)&{#r7;R(E|SKQornH0X>Os9rln7tWyIJxEzV>s>1(q#vI<B@4FT%_
z{tBj_th(?e0#|6L&xUbD1qpWa=8fF@R_+G!sM-a}yh`2$>^+VMSD7kO9(Y@bGWiLI
z`la47p-4N+wenwYl1osw>ll1iUB0TUvZZ0Pxd6e6@}qzLV<J)dFXU0s<K<WoKAa|V
zk<<jfBxqO0n5y}$>hZ2*L45C{dnIWu{})FihCOgx=5ck$xg86*fdAXu-z~;}>TY*;
z*Zki@q=I<BVEpLfnA-}U2Z<6}?T75xi|`=?2=?{Ahav`v^k7T=ZAMcnnHLoFP_u@h
zpjmE3iz9ld*=<(KoY2Q+RUp*nr-B3ueQeGQg=z|GVHEn<9D!(Vp{7Qt{7Z`n<X=h*
z)%<j?LZt;!W7f+ezbtMm_o)P14VllkZ?-_IR&1KeuIh-w3d?L+9l@#>LA{C9HKBjJ
zOR5O#Tk7;vHla~(Sykx#7ps_UjepJ3_4WNTSHi;ev?}D<Xju*B6FJKOyH|8LRIf|)
z)WvGP4L}_%=cPDx9+oQ;ppx?c9b`{$77m(<#{=*86~dAZzv?+}<Dw$rV&fIvRq<VV
zzT0Kq5|4e$()ak@H;y8IYW;SG)(;7ccKW;a+nvngtADOjHahQx&egp+sasjiV~7u=
zP?>xGGm_SnbjeM7i!0zF`~U4y{IBl*!TSF9AZf!;*pWc5d<fAipVF&1Ld|)Mdo#7h
zmK<OcHRXSso2aAS@Y_(k@b5z!hf0R!5m#6l97K}YoDmeiJ?UaU8sl#JkaIE$n`nrA
z4tHzh%$#rY8>@OZA!|wdTh4ExD$aePLTP8plXL1_s*>|to2`>+mlZK98CcR-%>gci
z{u%YiaC!;i4x>}igea>yq}dNZWTQGa4?mP!GSAb`dJxkpNrq^Q`EM{ydVVG7rIMGT
z)}|@<{}l$8D<W8I_nbU}S@p}fnSb6we}^xG3odt-X)`yXSMX<AL`^L>l2rWOOjK*=
z=;D|o%pj4{x6rv_ZjmASN}c9X#(+muUC(6|&4MG%awbJ(o){CZGh2!<ES#S8<9ids
z7ntUr|M?IV+>tjIeFs^J3s`XeA8hXw{eO2lo%Q+uAjwb-EJ+h(=vAFSFq@Udl6Y~O
zo0&~0gWto%YeX-csvt0YRlWu0eq30#FVwdn-K!5|_4YhG3+k@eyZRa2zMmC(9n9P>
zrOR+;niCIzg&-MHLfe%0kh;~*l#Y~r1FS`vlaVxSOZ(-(Gur`RxpuU)q*)x>EO&tA
zaah+mpai3Iq1Fx5m2Yo;<hJ&5k0<5Flv`_yhHA$Y&5v+iblLVYuM;j9-O_FiHj)=f
zkyhf@Q0owT7}M#8K0@wOwYUcQBG-ncDNLm=#Db^WD!n8YzrQxq4Psf+Rq((_Azc-(
zU?Blp82}c&p;~A9H7H|^$v-AV|4ZJK_wr`U41nI&qF@gDxb`G@BB?_D(~_%KyN<4=
zj|K9d&R$Xf)7|UtuH(NwNZLT>SO{PtM}i`ab#y(35DjADD`~GW%;&Af2Kq229Pv0(
zagGolgYTn}PY2q#n1rJ(NszH16HwtIt?xMW8XG8tkv>3QMGS`I3wY?7h%x%F%@%qe
z`cp(hRZ|WLMZo0s5?YPc@#W`BK^ZhQ&=Cy+8lpdrE|EtVZ?r~4wAKGj@YdGgFV<H7
zPd<!CZTY|CC!d7vtf2vRui^*|i4VN-V~bx$jUQVBeAW1|C4#8&<Ns}Jpg%ApH0J2^
z_=GoF5u?f_qeVQxZC#Gh|9Ofut788j{rm9UuP1Nc|Jn+?mGrS_{~zoZ;=gov_jlI&
z|3T6QIvV3}1U?-#4t-zpypqpFuKLQ+kkLSCfZ~V?1~@?P&kxbB>1r{0pljm$XaER%
z9(a<HC^eAWQjNyO2KsnzoO=wrh&r85$U)nk?T*v=$?0|)8yg$wP*!d@=)_2aWw)8C
zX#}B;f{aLr`i3YeJw(5usw+h!Q7!zgOqINh4Ut3YyI2SxtflT~`E1{+F{BLr8~gz6
zAeROa7DOolwV{iH&gcX@W!<7%WFGHJDx{=jNudh}R56*Im`?N++sBolJyo!1=qgJn
zH3L(zVKq@2Z05MD=Z-K(7kU$;F%CT+xaD=O=A+?f2BP`P6#o_b|KjBE`0Qj=n}6Z{
zKj`f2miGTnXC43PLDGi3m({{QlB-4S+FwDS3y3H>4TrSR==b|B4Y|BqNDdJ(nT0*i
zx)SJchrM>2Mi81CkAp`L3VA$_<AJ;nT1!o>Ol~!2q9FA9{YK;SB>?)E=6!mVG@jh9
zJnC}wL;dfwEY#lAE1m{{+-V+l;{ZbQj?8B@D-)z7nWr_Y4Gn-q@2&Wf(*Cn(3icUb
zZ)zS&_8Naz)|zR3C#<Ob@#5s|$>HV6=XZx^C!eeW7FZg^k;ti-TX)*~%6dbNzIIw6
z0U9;}GB2o4uQswDn`i(&y_P_=5M@TQ5Lc#L4RrmkEh-aq{rIE)AQ@9dJ^zU&JFVST
z=f@u#st8iQkOvV1R}opmu4bftTLBdNoFb;^EY~&;=JJi`P`eP94+@lBU{&XGiI7m&
zRwfUcK^{`yr`J3=NPY$`&^g1dAg*Mi8}B34Pq)`NM4SYX59k_C<%weKM-fryOPola
z(U34M)UY!{V!c51bSXn4g+$iMEorkzvWBcxcK-{=%yYZfxQI2B`U?9288IxN#m9Zb
zT}Gm6LlP)WE(c}Bb7%yr!V20t4t44VP8k`I5c`RkXbWABi4RDQTy`QSZqS{I<yz=e
z$S<LxMtXHvGNMuq#3jRnRV@_4wK;KJ93m2^wI?yBLv_kBK^2lLsMJD@g@9@*qEJxU
zFaLUzZJ3IMV%Fd7X;+bSZ_9<eGlL)q8WESbC)=MVJ7)fbhK4Gby_$Y5lLtv3^n)65
zdhfE;_aRvh8WA`aG{Azm*!QQ1gU~3oPQIa!N2u>Opjyio@|#)C3w_CjQsx1Z^V8Kd
z`qM(!V_=Zc2DzsVLc!b8B*^phNc!_5c=e6bwc@MoF1%QolHpvG8^vk15+qc>hiBNR
zc}`!$fD-{4X+;=ujjllN-yvmzO~2366Qj|%$$p_a=>{ExrVkSRFD1!Y>zKzYXsdC9
zdd?CFEm{6~q*cyZ!MsKs)f~nTJ<n)0W^QuXB(k?SU%~qLp6Lel1&g7-lD6i<yksUK
zdq0&QH4|lQQzYySrOjdB`J@}vmn2_Pd`0kW;|eX#sNGf_m<v3zd)F|}eSG%m1|7wW
zK`0U?6ipJPX@9cQdfn=-80MCxQ3mte$7i2zQ2%uJj*4>z971s?8dDqQiG^Mc=IO_0
zpKeh9<ENES^D@lKmRFbNi?TVCpKuiU1Uy8|eLOKml;iq}nkxLuIU^I|!w62ei?t}U
z+0$+kTd3(;E+5SvYI=-D%^v!QegD%IYBIpy`_P|WP%3^QKImIfv!~oRWPThTa;2(o
z_Rvp1{gixqM?+bqQ1EvStl2}|PN##u_4R~j8Wi#hu0gVivPkl}15fVI*2Rzr4*pQy
zJW>fjp7VHe=?3)`x>m8y7QwvCHOyifbVar9Qfxe*v~s3lA<S(CVa+tGglSj^bDKd}
zGYu<Y8fw8jv+G|o4R>s-2=kZ0HSnlPrZ5xUiFW;*dI>b1{T5%fsG%xM+PvOVCDz3;
zN3n{9X+?x-TM=QNg=9yiRl|Hn9FLhh+Q`wq^N!x%+uPZ$wWn3dWK-kVBjPj^z$VyV
z4CxPJKtl$9#t^zw&7EG4i96QqNdBM2w-BJ;p#Dy$vqI|Zrcnm|NP?(x6_98~_i|nV
z{z8H{KpTh-&3w`btXx?JFrf)Jw%T9Kn7>E5LH+Gj!d!vu7e<34?2Z@8GH=iae5G$P
zjB)`?LOoM-3TjZ0+J(J8KSXYwmLGFk^{rCD=x7{=SC{0k8ZcKy5tn6$lp&vRrLl9h
zIll#enX3`-N(Hh&L%<?tu(^VPKXAH1{Z%dV4CZH8xZ~eQs0j4@-c<?puDk_bquIYA
zp~saQv9c&cBvh6H8F}GJz+{w|e`r*-Ry3h|N~>PyGyTJ6^nR?%D~M(8T8YeL1%rBo
z>7HPodZI1rJ%M>pufnrPtA_ccxWGS<0B9^O!KIQ?6nmF^i_k?<Q>2RZPC~>hTX>2|
zGK;IE=Ovh%zzx-xRl@`4ip+uhGf6k7e`+j*?%q}v%#Y;xsJkeGe;&-$!Rl!9CH=zG
zb3wxm>Pt|p>|R@fxwhEKthMyxH)-#Oo~OciW8bn+NNh*OIP=9YMrkRhUWR`f>MNv5
zdw~VQ;gp6@;A)V%5&O!E!dNj{E(WRZhbh6YNTk>$%f2pqvj+{71)ds)>`8N6Je`7B
zK!jyowA9u8+Y0YQ<#n!NrC-E8RFL8uq_dH7l~*IwK|mEK)jj+0{M5cBF)|tfv-LqO
zbQX(P*&o6e305*OYNWmvAZcaZ`{dDf-fy9I??0UM(CH9OX>1&FlwZvjf{@1y6p*Jh
zW;w<bGeBHuoX7z}IHb%4Z&}uK)iAG~=Iq|JoU)2)NCX&-Tl&a7Z=vJlZIElqt_*DF
zA$nDZ)e6(9`4$cH6B7^d7z;eVcLVbzfFkl_jVFK8oS*Io<{#c({u{6_#`=air*{MM
zh|z()$R$NlYuE)Q$dI^L$bC(jzH`d2$E2Pa?c+<UhItbEq7J7xpKnQ8deSUPWm+|_
zSb+HjkZ?j>MT{!|uVK#0g`PFwZ%|)Fv%jZxK9^Ix6R%jr#*^U`SI@T;U_STeKkM#a
zTHMd-=D+&8e*xxmx${-==iisxz6G3C&7TKE942l^Cld(g+MnE@lYj{H+iQ+MmnF8#
zm_=@s$|7mkR^2^8zH;TfqJ(+u5wQ^7XnB|yRi#f5-sm1+?$gmRgru63RP_Fqj*xzb
zRdL=!ifD)cyJO@*_)Lvv?g8d+VFC*+8Is=5NT_uFJ{=*ye#Ix9B!B+ym-j1^D^~b|
z%<WzBEhM!-MA37%2}Ac_@mb+#Hn(?e@maV0^GI{8$(O`{4Rd`zS=@WJ&XYO<k5sgU
z8r7d@TD3KKh0oL6-Y=CU#T4OCKYuUpa>X#|E12e^N~^YP&aN-@djDWWs8H{|02gha
z1Vr#mOP3l)>K*aa(+$!S?4d3?I{$qO?RB@$$W}6at}Lemm9xFKe@5oE)ws#Uz^~K0
zgt@GPl1Jhax*`D{Q4eu<3|_3_n>?3vgZeWb1z3LZD?6^CdZ@VOS!lsLt@t8fzS6tD
z^&DZX-j$5Ys`LCIzIu8tX)mL`59~|{N?B{H6h`NiRah_IAgxY9X(+3#zLB&(Rb|ke
zbc6aob$(innP@f4qe^Hey&L(X!+}kJy$smjp#JOK-PMS5t6?61V8rE>3;hP2>D-qA
zY?CC+U%!5RpX;0vsvKv0%()7WZ})y~a*->ul_2rigZ>8fO+;0ryK-DcRE)6O@hxST
zLqR>4?_Hju@CCcV){tef#0FCxb}p5iKL@?&{hy%)n4jw)<J|QAAs5ysN;01{)E|Iv
zp<KKJq0Fwzy=(gxUalv>J^<uF<kPA4;F{OcQ%b9rpO<0og?y%1_Xb^p4n~-j%2V?M
z0}*{D3TO>;^Zdy#gz>w}a?3D(5$@zlZ8(=*$OC;A>!8(-76b8&(yCbp4fDFhFC(cM
z#?P0G+UZ_gH0P4heDBpHRb${ekx@IXnxtx&zaTO?Pok3tbWysa7uNGmtCsF)n9q|g
z<a;kk8eRa<S1oB^5c$N#HOZg3fyKc<2NtmGKGTL&I5l~erCO?|eg|8%b!0@nLn|8n
z!rng=!q*G^Y=;SuV&UK!ontqspPm}>#Bpg5r6*5IS;DpQYAYk)>LC_~f&|d^bQJD>
z0`r1(_59u?%(H;b&mP<=ty(J;QSXSxp_m;ZCf~aqEvAyjD1ZxkyI?qvGu@zmcU2*J
zB+T{u8Fk6a610UsA1jZQuXAtEs?d^<@Nj~Oubd@vz30!+3K_j#=VL5T5Oa~*rz4!U
zhlc_f!XbhQai2m|2)WKzd4_WRzHLiPqZ(!}H_3ars9yQ!k+SRG>G@q@Z^PWD*!vm#
zICN#pvwN58{PbMX69!zx=6P$?Oq#pnz#dt;LH(8aCEGC9H_^Z5+={X_uI@vE+O7pj
zT%WOZO<j68=DOFo<CN@2$m{fK9BhkEd|mu}c(kNZ-P1{{4Zhge*g!|}m?48$IaTR5
zLwTcNyaE{vwLa%#u9%?KlY)19bZ88IwBcHfJAyi6@B>FZu9Q4M<dNYtc|0t80IKyA
zU*>(7RPp{Njv|Kv_5xVZ8=wo`|J~Wy>lWYt-r3z>zyJ9VX(N3+Hvg_~qoLl|OJ6P<
zU=ALl!(kF4FMSXAW4>ax&CRBEX;9wr_C6O3pdDbzXP5^;t=!FI2RDAHcw<Z}JFXM^
zLpd(v-nNy|BpNgHQ4*1CXlB)`u_^LmKC~y>tuJi|+cd&vOUMy!w)B&7xrcQ1%We9p
zM-{A*1`!P*6uj4HIK^j@k5Vq(NtCapGK8y_+>~+w!Vw9LMJ1yXqF-Xyc^VfZIsq0+
zR!EilEfr=YzSz8_I4J9Wkd7S7o<3TkRWgGItGJQ7Wnjw-Of=vmlp%DXja?TwcW^Am
zq5A({?X*=VYn8V*vVPM7rmM|V;&0r^ap)lu3Scfof-4u?Y^aG<x4!CVj$q3?+K93k
zF*q}WF9d6BIOwBtzg&9JZYWXlCUVdrihvR75!Z;1&HgCI?!+T35ukDtH(`xZ0=$I|
z!zqF<Ch})GVl_4G#0l2&NIdBoxRiO|NsMN$o@!!8SuETS=E3RZr<u7rJL#*{de+HL
zy=spxj?t@r)@9OTe^bvuN6XY(hPz`3utMzxj41Nyh`1`aZ!$Zr(JTgXHUJ$=tv&Mt
zpSyI;OQD5*i_s9SkrD5qs!=1?IFzSvg61K57eE^LS)qy*1PeV@fsICxkH%|aJSTxl
zUAxf~KYUDM-&4?(kWGj}5UI^!AWpJ?rh};pq#O)LnDWXMFyejminO4Gu9JsP)222R
zZml}`ve^`AGODb$pqq<ny-UL(8O00=e4a)0(+u;P`I-Y<r*&GVb;_sz7XSeN|Iy=f
Ia{zP!0N<kF#{d8T

literal 0
HcmV?d00001

diff --git a/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/Chart.yaml b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/Chart.yaml
new file mode 100644
index 000000000..89b6d5580
--- /dev/null
+++ b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-gatekeeper-system
+  catalog.cattle.io/release-name: rancher-gatekeeper-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-gatekeeper.
+name: rancher-gatekeeper-crd
+type: application
+version: 100.2.0+up3.8.1
diff --git a/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/README.md b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/README.md
new file mode 100644
index 000000000..26079c833
--- /dev/null
+++ b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/README.md
@@ -0,0 +1,2 @@
+# rancher-gatekeeper-crd
+A Rancher chart that installs the CRDs used by rancher-gatekeeper.
diff --git a/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/assign-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/assign-customresourcedefinition.yaml
new file mode 100644
index 000000000..ce84b311d
--- /dev/null
+++ b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/assign-customresourcedefinition.yaml
@@ -0,0 +1,498 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  labels:
+    gatekeeper.sh/system: "yes"
+  name: assign.mutations.gatekeeper.sh
+spec:
+  group: mutations.gatekeeper.sh
+  names:
+    kind: Assign
+    listKind: AssignList
+    plural: assign
+    singular: assign
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Assign is the Schema for the assign API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            properties:
+              name:
+                maxLength: 63
+                type: string
+            type: object
+          spec:
+            description: AssignSpec defines the desired state of Assign.
+            properties:
+              applyTo:
+                description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs.
+                items:
+                  description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.
+                  properties:
+                    groups:
+                      items:
+                        type: string
+                      type: array
+                    kinds:
+                      items:
+                        type: string
+                      type: array
+                    versions:
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+              location:
+                description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.'
+                type: string
+              match:
+                description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.
+                properties:
+                  excludedNamespaces:
+                    description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob.  For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
+                    items:
+                      description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system".  The asterisk is required for wildcard matching.'
+                      pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                      type: string
+                    type: array
+                  kinds:
+                    items:
+                      description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
+                      properties:
+                        apiGroups:
+                          description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
+                          items:
+                            type: string
+                          type: array
+                        kinds:
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  labelSelector:
+                    description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`.  These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata.  All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.'
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  name:
+                    description: 'Name is the name of an object.  If defined, it will match against objects with the specified name.  Name also supports a prefix or suffix glob.  For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.'
+                    pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                    type: string
+                  namespaceSelector:
+                    description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  namespaces:
+                    description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace.  Namespaces also supports a prefix or suffix based glob.  For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
+                    items:
+                      description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system".  The asterisk is required for wildcard matching.'
+                      pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                      type: string
+                    type: array
+                  scope:
+                    description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched.  Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)
+                    type: string
+                type: object
+              parameters:
+                description: Parameters define the behavior of the mutator.
+                properties:
+                  assign:
+                    description: Assign.value holds the value to be assigned
+                    properties:
+                      externalData:
+                        description: ExternalData describes the external data provider to be used for mutation.
+                        properties:
+                          dataSource:
+                            default: ValueAtLocation
+                            description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters.
+                            enum:
+                            - ValueAtLocation
+                            - Username
+                            type: string
+                          default:
+                            description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault".
+                            type: string
+                          failurePolicy:
+                            default: Fail
+                            description: FailurePolicy specifies the policy to apply when the external data provider returns an error.
+                            enum:
+                            - UseDefault
+                            - Ignore
+                            - Fail
+                            type: string
+                          provider:
+                            description: Provider is the name of the external data provider.
+                            type: string
+                        type: object
+                      fromMetadata:
+                        description: FromMetadata assigns a value from the specified metadata field.
+                        properties:
+                          field:
+                            description: Field specifies which metadata field provides the assigned value. Valid fields are `namespace` and `name`.
+                            type: string
+                        type: object
+                      value:
+                        description: Value is a constant value that will be assigned to `location`
+                        x-kubernetes-preserve-unknown-fields: true
+                    type: object
+                  pathTests:
+                    items:
+                      description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist    - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate."
+                      properties:
+                        condition:
+                          description: Condition describes whether the path either MustExist or MustNotExist in the original object
+                          enum:
+                          - MustExist
+                          - MustNotExist
+                          type: string
+                        subPath:
+                          type: string
+                      type: object
+                    type: array
+                type: object
+            type: object
+          status:
+            description: AssignStatus defines the observed state of Assign.
+            properties:
+              byPod:
+                items:
+                  description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
+                  properties:
+                    enforced:
+                      type: boolean
+                    errors:
+                      items:
+                        description: MutatorError represents a single error caught while adding a mutator to a system.
+                        properties:
+                          message:
+                            type: string
+                          type:
+                            description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.
+                            type: string
+                        required:
+                        - message
+                        type: object
+                      type: array
+                    id:
+                      type: string
+                    mutatorUID:
+                      description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
+                      type: string
+                    observedGeneration:
+                      format: int64
+                      type: integer
+                    operations:
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: Assign is the Schema for the assign API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: AssignSpec defines the desired state of Assign.
+            properties:
+              applyTo:
+                description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs.
+                items:
+                  description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.
+                  properties:
+                    groups:
+                      items:
+                        type: string
+                      type: array
+                    kinds:
+                      items:
+                        type: string
+                      type: array
+                    versions:
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+              location:
+                description: 'Location describes the path to be mutated, for example: `spec.containers[name: main]`.'
+                type: string
+              match:
+                description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.
+                properties:
+                  excludedNamespaces:
+                    description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob.  For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
+                    items:
+                      description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system".  The asterisk is required for wildcard matching.'
+                      pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                      type: string
+                    type: array
+                  kinds:
+                    items:
+                      description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
+                      properties:
+                        apiGroups:
+                          description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
+                          items:
+                            type: string
+                          type: array
+                        kinds:
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  labelSelector:
+                    description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`.  These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata.  All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.'
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  name:
+                    description: 'Name is the name of an object.  If defined, it will match against objects with the specified name.  Name also supports a prefix or suffix glob.  For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.'
+                    pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                    type: string
+                  namespaceSelector:
+                    description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  namespaces:
+                    description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace.  Namespaces also supports a prefix or suffix based glob.  For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
+                    items:
+                      description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system".  The asterisk is required for wildcard matching.'
+                      pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                      type: string
+                    type: array
+                  scope:
+                    description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched.  Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)
+                    type: string
+                type: object
+              parameters:
+                description: Parameters define the behavior of the mutator.
+                properties:
+                  assign:
+                    description: Assign.value holds the value to be assigned
+                    properties:
+                      externalData:
+                        description: ExternalData describes the external data provider to be used for mutation.
+                        properties:
+                          dataSource:
+                            default: ValueAtLocation
+                            description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters.
+                            enum:
+                            - ValueAtLocation
+                            - Username
+                            type: string
+                          default:
+                            description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault".
+                            type: string
+                          failurePolicy:
+                            default: Fail
+                            description: FailurePolicy specifies the policy to apply when the external data provider returns an error.
+                            enum:
+                            - UseDefault
+                            - Ignore
+                            - Fail
+                            type: string
+                          provider:
+                            description: Provider is the name of the external data provider.
+                            type: string
+                        type: object
+                      fromMetadata:
+                        description: FromMetadata assigns a value from the specified metadata field.
+                        properties:
+                          field:
+                            description: Field specifies which metadata field provides the assigned value. Valid fields are `namespace` and `name`.
+                            type: string
+                        type: object
+                      value:
+                        description: Value is a constant value that will be assigned to `location`
+                        x-kubernetes-preserve-unknown-fields: true
+                    type: object
+                  pathTests:
+                    items:
+                      description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist    - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate."
+                      properties:
+                        condition:
+                          description: Condition describes whether the path either MustExist or MustNotExist in the original object
+                          enum:
+                          - MustExist
+                          - MustNotExist
+                          type: string
+                        subPath:
+                          type: string
+                      type: object
+                    type: array
+                type: object
+            type: object
+          status:
+            description: AssignStatus defines the observed state of Assign.
+            properties:
+              byPod:
+                items:
+                  description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
+                  properties:
+                    enforced:
+                      type: boolean
+                    errors:
+                      items:
+                        description: MutatorError represents a single error caught while adding a mutator to a system.
+                        properties:
+                          message:
+                            type: string
+                          type:
+                            description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.
+                            type: string
+                        required:
+                        - message
+                        type: object
+                      type: array
+                    id:
+                      type: string
+                    mutatorUID:
+                      description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
+                      type: string
+                    observedGeneration:
+                      format: int64
+                      type: integer
+                    operations:
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/assignmetadata-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/assignmetadata-customresourcedefinition.yaml
new file mode 100644
index 000000000..51bf7da8a
--- /dev/null
+++ b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/assignmetadata-customresourcedefinition.yaml
@@ -0,0 +1,430 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  labels:
+    gatekeeper.sh/system: "yes"
+  name: assignmetadata.mutations.gatekeeper.sh
+spec:
+  group: mutations.gatekeeper.sh
+  names:
+    kind: AssignMetadata
+    listKind: AssignMetadataList
+    plural: assignmetadata
+    singular: assignmetadata
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: AssignMetadata is the Schema for the assignmetadata API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            properties:
+              name:
+                maxLength: 63
+                type: string
+            type: object
+          spec:
+            description: AssignMetadataSpec defines the desired state of AssignMetadata.
+            properties:
+              location:
+                type: string
+              match:
+                description: Match selects objects to apply mutations to.
+                properties:
+                  excludedNamespaces:
+                    description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob.  For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
+                    items:
+                      description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system".  The asterisk is required for wildcard matching.'
+                      pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                      type: string
+                    type: array
+                  kinds:
+                    items:
+                      description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
+                      properties:
+                        apiGroups:
+                          description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
+                          items:
+                            type: string
+                          type: array
+                        kinds:
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  labelSelector:
+                    description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`.  These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata.  All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.'
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  name:
+                    description: 'Name is the name of an object.  If defined, it will match against objects with the specified name.  Name also supports a prefix or suffix glob.  For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.'
+                    pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                    type: string
+                  namespaceSelector:
+                    description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  namespaces:
+                    description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace.  Namespaces also supports a prefix or suffix based glob.  For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
+                    items:
+                      description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system".  The asterisk is required for wildcard matching.'
+                      pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                      type: string
+                    type: array
+                  scope:
+                    description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched.  Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)
+                    type: string
+                type: object
+              parameters:
+                properties:
+                  assign:
+                    description: Assign.value holds the value to be assigned
+                    properties:
+                      externalData:
+                        description: ExternalData describes the external data provider to be used for mutation.
+                        properties:
+                          dataSource:
+                            default: ValueAtLocation
+                            description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters.
+                            enum:
+                            - ValueAtLocation
+                            - Username
+                            type: string
+                          default:
+                            description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault".
+                            type: string
+                          failurePolicy:
+                            default: Fail
+                            description: FailurePolicy specifies the policy to apply when the external data provider returns an error.
+                            enum:
+                            - UseDefault
+                            - Ignore
+                            - Fail
+                            type: string
+                          provider:
+                            description: Provider is the name of the external data provider.
+                            type: string
+                        type: object
+                      fromMetadata:
+                        description: FromMetadata assigns a value from the specified metadata field.
+                        properties:
+                          field:
+                            description: Field specifies which metadata field provides the assigned value. Valid fields are `namespace` and `name`.
+                            type: string
+                        type: object
+                      value:
+                        description: Value is a constant value that will be assigned to `location`
+                        x-kubernetes-preserve-unknown-fields: true
+                    type: object
+                type: object
+            type: object
+          status:
+            description: AssignMetadataStatus defines the observed state of AssignMetadata.
+            properties:
+              byPod:
+                description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file'
+                items:
+                  description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
+                  properties:
+                    enforced:
+                      type: boolean
+                    errors:
+                      items:
+                        description: MutatorError represents a single error caught while adding a mutator to a system.
+                        properties:
+                          message:
+                            type: string
+                          type:
+                            description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.
+                            type: string
+                        required:
+                        - message
+                        type: object
+                      type: array
+                    id:
+                      type: string
+                    mutatorUID:
+                      description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
+                      type: string
+                    observedGeneration:
+                      format: int64
+                      type: integer
+                    operations:
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: AssignMetadata is the Schema for the assignmetadata API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: AssignMetadataSpec defines the desired state of AssignMetadata.
+            properties:
+              location:
+                type: string
+              match:
+                description: Match selects objects to apply mutations to.
+                properties:
+                  excludedNamespaces:
+                    description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob.  For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
+                    items:
+                      description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system".  The asterisk is required for wildcard matching.'
+                      pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                      type: string
+                    type: array
+                  kinds:
+                    items:
+                      description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
+                      properties:
+                        apiGroups:
+                          description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
+                          items:
+                            type: string
+                          type: array
+                        kinds:
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  labelSelector:
+                    description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`.  These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata.  All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.'
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  name:
+                    description: 'Name is the name of an object.  If defined, it will match against objects with the specified name.  Name also supports a prefix or suffix glob.  For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.'
+                    pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                    type: string
+                  namespaceSelector:
+                    description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  namespaces:
+                    description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace.  Namespaces also supports a prefix or suffix based glob.  For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
+                    items:
+                      description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system".  The asterisk is required for wildcard matching.'
+                      pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                      type: string
+                    type: array
+                  scope:
+                    description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched.  Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)
+                    type: string
+                type: object
+              parameters:
+                properties:
+                  assign:
+                    description: Assign.value holds the value to be assigned
+                    properties:
+                      externalData:
+                        description: ExternalData describes the external data provider to be used for mutation.
+                        properties:
+                          dataSource:
+                            default: ValueAtLocation
+                            description: DataSource specifies where to extract the data that will be sent to the external data provider as parameters.
+                            enum:
+                            - ValueAtLocation
+                            - Username
+                            type: string
+                          default:
+                            description: Default specifies the default value to use when the external data provider returns an error and the failure policy is set to "UseDefault".
+                            type: string
+                          failurePolicy:
+                            default: Fail
+                            description: FailurePolicy specifies the policy to apply when the external data provider returns an error.
+                            enum:
+                            - UseDefault
+                            - Ignore
+                            - Fail
+                            type: string
+                          provider:
+                            description: Provider is the name of the external data provider.
+                            type: string
+                        type: object
+                      fromMetadata:
+                        description: FromMetadata assigns a value from the specified metadata field.
+                        properties:
+                          field:
+                            description: Field specifies which metadata field provides the assigned value. Valid fields are `namespace` and `name`.
+                            type: string
+                        type: object
+                      value:
+                        description: Value is a constant value that will be assigned to `location`
+                        x-kubernetes-preserve-unknown-fields: true
+                    type: object
+                type: object
+            type: object
+          status:
+            description: AssignMetadataStatus defines the observed state of AssignMetadata.
+            properties:
+              byPod:
+                description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file'
+                items:
+                  description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
+                  properties:
+                    enforced:
+                      type: boolean
+                    errors:
+                      items:
+                        description: MutatorError represents a single error caught while adding a mutator to a system.
+                        properties:
+                          message:
+                            type: string
+                          type:
+                            description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.
+                            type: string
+                        required:
+                        - message
+                        type: object
+                      type: array
+                    id:
+                      type: string
+                    mutatorUID:
+                      description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
+                      type: string
+                    observedGeneration:
+                      format: int64
+                      type: integer
+                    operations:
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/config-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/config-customresourcedefinition.yaml
new file mode 100644
index 000000000..dd4fa359b
--- /dev/null
+++ b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/config-customresourcedefinition.yaml
@@ -0,0 +1,105 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  labels:
+    gatekeeper.sh/system: "yes"
+  name: configs.config.gatekeeper.sh
+spec:
+  group: config.gatekeeper.sh
+  names:
+    kind: Config
+    listKind: ConfigList
+    plural: configs
+    singular: config
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Config is the Schema for the configs API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ConfigSpec defines the desired state of Config.
+            properties:
+              match:
+                description: Configuration for namespace exclusion
+                items:
+                  properties:
+                    excludedNamespaces:
+                      items:
+                        description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system".  The asterisk is required for wildcard matching.'
+                        pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                        type: string
+                      type: array
+                    processes:
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+              readiness:
+                description: Configuration for readiness tracker
+                properties:
+                  statsEnabled:
+                    type: boolean
+                type: object
+              sync:
+                description: Configuration for syncing k8s objects
+                properties:
+                  syncOnly:
+                    description: If non-empty, only entries on this list will be replicated into OPA
+                    items:
+                      properties:
+                        group:
+                          type: string
+                        kind:
+                          type: string
+                        version:
+                          type: string
+                      type: object
+                    type: array
+                type: object
+              validation:
+                description: Configuration for validation
+                properties:
+                  traces:
+                    description: List of requests to trace. Both "user" and "kinds" must be specified
+                    items:
+                      properties:
+                        dump:
+                          description: Also dump the state of OPA with the trace. Set to `All` to dump everything.
+                          type: string
+                        kind:
+                          description: Only trace requests of the following GroupVersionKind
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            version:
+                              type: string
+                          type: object
+                        user:
+                          description: Only trace requests from the specified user
+                          type: string
+                      type: object
+                    type: array
+                type: object
+            type: object
+          status:
+            description: ConfigStatus defines the observed state of Config.
+            type: object
+        type: object
+    served: true
+    storage: true
diff --git a/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/constraintpodstatus-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/constraintpodstatus-customresourcedefinition.yaml
new file mode 100644
index 000000000..fcc0a9e00
--- /dev/null
+++ b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/constraintpodstatus-customresourcedefinition.yaml
@@ -0,0 +1,67 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  labels:
+    gatekeeper.sh/system: "yes"
+  name: constraintpodstatuses.status.gatekeeper.sh
+spec:
+  group: status.gatekeeper.sh
+  names:
+    kind: ConstraintPodStatus
+    listKind: ConstraintPodStatusList
+    plural: constraintpodstatuses
+    singular: constraintpodstatus
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: ConstraintPodStatus is the Schema for the constraintpodstatuses API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          status:
+            description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus.
+            properties:
+              constraintUID:
+                description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch
+                type: string
+              enforced:
+                type: boolean
+              errors:
+                items:
+                  description: Error represents a single error caught while adding a constraint to OPA.
+                  properties:
+                    code:
+                      type: string
+                    location:
+                      type: string
+                    message:
+                      type: string
+                  required:
+                  - code
+                  - message
+                  type: object
+                type: array
+              id:
+                type: string
+              observedGeneration:
+                format: int64
+                type: integer
+              operations:
+                items:
+                  type: string
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
diff --git a/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/constrainttemplate-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/constrainttemplate-customresourcedefinition.yaml
new file mode 100644
index 000000000..86a28ff45
--- /dev/null
+++ b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/constrainttemplate-customresourcedefinition.yaml
@@ -0,0 +1,303 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  labels:
+    gatekeeper.sh/system: "yes"
+  name: constrainttemplates.templates.gatekeeper.sh
+spec:
+  group: templates.gatekeeper.sh
+  names:
+    kind: ConstraintTemplate
+    listKind: ConstraintTemplateList
+    plural: constrainttemplates
+    singular: constrainttemplate
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: ConstraintTemplate is the Schema for the constrainttemplates API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate.
+            properties:
+              crd:
+                properties:
+                  spec:
+                    properties:
+                      names:
+                        properties:
+                          kind:
+                            type: string
+                          shortNames:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      validation:
+                        default:
+                          legacySchema: false
+                        properties:
+                          legacySchema:
+                            default: false
+                            type: boolean
+                          openAPIV3Schema:
+                            type: object
+                            x-kubernetes-preserve-unknown-fields: true
+                        type: object
+                    type: object
+                type: object
+              targets:
+                items:
+                  properties:
+                    libs:
+                      items:
+                        type: string
+                      type: array
+                    rego:
+                      type: string
+                    target:
+                      type: string
+                  type: object
+                type: array
+            type: object
+          status:
+            description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate.
+            properties:
+              byPod:
+                items:
+                  description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller
+                  properties:
+                    errors:
+                      items:
+                        description: CreateCRDError represents a single error caught during parsing, compiling, etc.
+                        properties:
+                          code:
+                            type: string
+                          location:
+                            type: string
+                          message:
+                            type: string
+                        required:
+                        - code
+                        - message
+                        type: object
+                      type: array
+                    id:
+                      description: a unique identifier for the pod that wrote the status
+                      type: string
+                    observedGeneration:
+                      format: int64
+                      type: integer
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+                type: array
+              created:
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ConstraintTemplate is the Schema for the constrainttemplates API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate.
+            properties:
+              crd:
+                properties:
+                  spec:
+                    properties:
+                      names:
+                        properties:
+                          kind:
+                            type: string
+                          shortNames:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      validation:
+                        default:
+                          legacySchema: true
+                        properties:
+                          legacySchema:
+                            default: true
+                            type: boolean
+                          openAPIV3Schema:
+                            type: object
+                            x-kubernetes-preserve-unknown-fields: true
+                        type: object
+                    type: object
+                type: object
+              targets:
+                items:
+                  properties:
+                    libs:
+                      items:
+                        type: string
+                      type: array
+                    rego:
+                      type: string
+                    target:
+                      type: string
+                  type: object
+                type: array
+            type: object
+          status:
+            description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate.
+            properties:
+              byPod:
+                items:
+                  description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller
+                  properties:
+                    errors:
+                      items:
+                        description: CreateCRDError represents a single error caught during parsing, compiling, etc.
+                        properties:
+                          code:
+                            type: string
+                          location:
+                            type: string
+                          message:
+                            type: string
+                        required:
+                        - code
+                        - message
+                        type: object
+                      type: array
+                    id:
+                      description: a unique identifier for the pod that wrote the status
+                      type: string
+                    observedGeneration:
+                      format: int64
+                      type: integer
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+                type: array
+              created:
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: ConstraintTemplate is the Schema for the constrainttemplates API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate.
+            properties:
+              crd:
+                properties:
+                  spec:
+                    properties:
+                      names:
+                        properties:
+                          kind:
+                            type: string
+                          shortNames:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      validation:
+                        default:
+                          legacySchema: true
+                        properties:
+                          legacySchema:
+                            default: true
+                            type: boolean
+                          openAPIV3Schema:
+                            type: object
+                            x-kubernetes-preserve-unknown-fields: true
+                        type: object
+                    type: object
+                type: object
+              targets:
+                items:
+                  properties:
+                    libs:
+                      items:
+                        type: string
+                      type: array
+                    rego:
+                      type: string
+                    target:
+                      type: string
+                  type: object
+                type: array
+            type: object
+          status:
+            description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate.
+            properties:
+              byPod:
+                items:
+                  description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller
+                  properties:
+                    errors:
+                      items:
+                        description: CreateCRDError represents a single error caught during parsing, compiling, etc.
+                        properties:
+                          code:
+                            type: string
+                          location:
+                            type: string
+                          message:
+                            type: string
+                        required:
+                        - code
+                        - message
+                        type: object
+                      type: array
+                    id:
+                      description: a unique identifier for the pod that wrote the status
+                      type: string
+                    observedGeneration:
+                      format: int64
+                      type: integer
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+                type: array
+              created:
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
diff --git a/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml
new file mode 100644
index 000000000..1efe6689f
--- /dev/null
+++ b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml
@@ -0,0 +1,66 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  labels:
+    gatekeeper.sh/system: "yes"
+  name: constrainttemplatepodstatuses.status.gatekeeper.sh
+spec:
+  group: status.gatekeeper.sh
+  names:
+    kind: ConstraintTemplatePodStatus
+    listKind: ConstraintTemplatePodStatusList
+    plural: constrainttemplatepodstatuses
+    singular: constrainttemplatepodstatus
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          status:
+            description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus.
+            properties:
+              errors:
+                items:
+                  description: CreateCRDError represents a single error caught during parsing, compiling, etc.
+                  properties:
+                    code:
+                      type: string
+                    location:
+                      type: string
+                    message:
+                      type: string
+                  required:
+                  - code
+                  - message
+                  type: object
+                type: array
+              id:
+                description: 'Important: Run "make" to regenerate code after modifying this file'
+                type: string
+              observedGeneration:
+                format: int64
+                type: integer
+              operations:
+                items:
+                  type: string
+                type: array
+              templateUID:
+                description: UID is a type that holds unique ID values, including UUIDs.  Because we don't ONLY use UUIDs, this is an alias to string.  Being a type captures intent and helps make sure that UIDs and names do not get conflated.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
diff --git a/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/modifyset-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/modifyset-customresourcedefinition.yaml
new file mode 100644
index 000000000..df77d3ecb
--- /dev/null
+++ b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/modifyset-customresourcedefinition.yaml
@@ -0,0 +1,450 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  labels:
+    gatekeeper.sh/system: "yes"
+  name: modifyset.mutations.gatekeeper.sh
+spec:
+  group: mutations.gatekeeper.sh
+  names:
+    kind: ModifySet
+    listKind: ModifySetList
+    plural: modifyset
+    singular: modifyset
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            properties:
+              name:
+                maxLength: 63
+                type: string
+            type: object
+          spec:
+            description: ModifySetSpec defines the desired state of ModifySet.
+            properties:
+              applyTo:
+                description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs.
+                items:
+                  description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.
+                  properties:
+                    groups:
+                      items:
+                        type: string
+                      type: array
+                    kinds:
+                      items:
+                        type: string
+                      type: array
+                    versions:
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+              location:
+                description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.'
+                type: string
+              match:
+                description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.
+                properties:
+                  excludedNamespaces:
+                    description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob.  For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
+                    items:
+                      description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system".  The asterisk is required for wildcard matching.'
+                      pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                      type: string
+                    type: array
+                  kinds:
+                    items:
+                      description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
+                      properties:
+                        apiGroups:
+                          description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
+                          items:
+                            type: string
+                          type: array
+                        kinds:
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  labelSelector:
+                    description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`.  These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata.  All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.'
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  name:
+                    description: 'Name is the name of an object.  If defined, it will match against objects with the specified name.  Name also supports a prefix or suffix glob.  For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.'
+                    pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                    type: string
+                  namespaceSelector:
+                    description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  namespaces:
+                    description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace.  Namespaces also supports a prefix or suffix based glob.  For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
+                    items:
+                      description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system".  The asterisk is required for wildcard matching.'
+                      pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                      type: string
+                    type: array
+                  scope:
+                    description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched.  Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)
+                    type: string
+                type: object
+              parameters:
+                description: Parameters define the behavior of the mutator.
+                properties:
+                  operation:
+                    default: merge
+                    description: Operation describes whether values should be merged in ("merge"), or pruned ("prune"). Default value is "merge"
+                    enum:
+                    - merge
+                    - prune
+                    type: string
+                  pathTests:
+                    description: PathTests are a series of existence tests that can be checked before a mutation is applied
+                    items:
+                      description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist    - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate."
+                      properties:
+                        condition:
+                          description: Condition describes whether the path either MustExist or MustNotExist in the original object
+                          enum:
+                          - MustExist
+                          - MustNotExist
+                          type: string
+                        subPath:
+                          type: string
+                      type: object
+                    type: array
+                  values:
+                    description: Values describes the values provided to the operation as `values.fromList`.
+                    type: object
+                    x-kubernetes-preserve-unknown-fields: true
+                type: object
+            type: object
+          status:
+            description: ModifySetStatus defines the observed state of ModifySet.
+            properties:
+              byPod:
+                items:
+                  description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
+                  properties:
+                    enforced:
+                      type: boolean
+                    errors:
+                      items:
+                        description: MutatorError represents a single error caught while adding a mutator to a system.
+                        properties:
+                          message:
+                            type: string
+                          type:
+                            description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.
+                            type: string
+                        required:
+                        - message
+                        type: object
+                      type: array
+                    id:
+                      type: string
+                    mutatorUID:
+                      description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
+                      type: string
+                    observedGeneration:
+                      format: int64
+                      type: integer
+                    operations:
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ModifySetSpec defines the desired state of ModifySet.
+            properties:
+              applyTo:
+                description: ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs.
+                items:
+                  description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.
+                  properties:
+                    groups:
+                      items:
+                        type: string
+                      type: array
+                    kinds:
+                      items:
+                        type: string
+                      type: array
+                    versions:
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+              location:
+                description: 'Location describes the path to be mutated, for example: `spec.containers[name: main].args`.'
+                type: string
+              match:
+                description: Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.
+                properties:
+                  excludedNamespaces:
+                    description: 'ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob.  For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
+                    items:
+                      description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system".  The asterisk is required for wildcard matching.'
+                      pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                      type: string
+                    type: array
+                  kinds:
+                    items:
+                      description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
+                      properties:
+                        apiGroups:
+                          description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
+                          items:
+                            type: string
+                          type: array
+                        kinds:
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  labelSelector:
+                    description: 'LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`.  These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata.  All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.'
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  name:
+                    description: 'Name is the name of an object.  If defined, it will match against objects with the specified name.  Name also supports a prefix or suffix glob.  For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.'
+                    pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                    type: string
+                  namespaceSelector:
+                    description: NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  namespaces:
+                    description: 'Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace.  Namespaces also supports a prefix or suffix based glob.  For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.'
+                    items:
+                      description: 'A string that supports globbing at its front or end. Ex: "kube-*" will match "kube-system" or "kube-public", "*-system" will match "kube-system" or "gatekeeper-system".  The asterisk is required for wildcard matching.'
+                      pattern: ^(\*|\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                      type: string
+                    type: array
+                  scope:
+                    description: Scope determines if cluster-scoped and/or namespaced-scoped resources are matched.  Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)
+                    type: string
+                type: object
+              parameters:
+                description: Parameters define the behavior of the mutator.
+                properties:
+                  operation:
+                    default: merge
+                    description: Operation describes whether values should be merged in ("merge"), or pruned ("prune"). Default value is "merge"
+                    enum:
+                    - merge
+                    - prune
+                    type: string
+                  pathTests:
+                    description: PathTests are a series of existence tests that can be checked before a mutation is applied
+                    items:
+                      description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist    - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate."
+                      properties:
+                        condition:
+                          description: Condition describes whether the path either MustExist or MustNotExist in the original object
+                          enum:
+                          - MustExist
+                          - MustNotExist
+                          type: string
+                        subPath:
+                          type: string
+                      type: object
+                    type: array
+                  values:
+                    description: Values describes the values provided to the operation as `values.fromList`.
+                    type: object
+                    x-kubernetes-preserve-unknown-fields: true
+                type: object
+            type: object
+          status:
+            description: ModifySetStatus defines the observed state of ModifySet.
+            properties:
+              byPod:
+                items:
+                  description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
+                  properties:
+                    enforced:
+                      type: boolean
+                    errors:
+                      items:
+                        description: MutatorError represents a single error caught while adding a mutator to a system.
+                        properties:
+                          message:
+                            type: string
+                          type:
+                            description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.
+                            type: string
+                        required:
+                        - message
+                        type: object
+                      type: array
+                    id:
+                      type: string
+                    mutatorUID:
+                      description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
+                      type: string
+                    observedGeneration:
+                      format: int64
+                      type: integer
+                    operations:
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml
new file mode 100644
index 000000000..f6fd581ff
--- /dev/null
+++ b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml
@@ -0,0 +1,65 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  labels:
+    gatekeeper.sh/system: "yes"
+  name: mutatorpodstatuses.status.gatekeeper.sh
+spec:
+  group: status.gatekeeper.sh
+  names:
+    kind: MutatorPodStatus
+    listKind: MutatorPodStatusList
+    plural: mutatorpodstatuses
+    singular: mutatorpodstatus
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: MutatorPodStatus is the Schema for the mutationpodstatuses API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          status:
+            description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
+            properties:
+              enforced:
+                type: boolean
+              errors:
+                items:
+                  description: MutatorError represents a single error caught while adding a mutator to a system.
+                  properties:
+                    message:
+                      type: string
+                    type:
+                      description: Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.
+                      type: string
+                  required:
+                  - message
+                  type: object
+                type: array
+              id:
+                type: string
+              mutatorUID:
+                description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
+                type: string
+              observedGeneration:
+                format: int64
+                type: integer
+              operations:
+                items:
+                  type: string
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
diff --git a/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/provider-customresourcedefinition.yaml b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/provider-customresourcedefinition.yaml
new file mode 100644
index 000000000..9bd6d5cc0
--- /dev/null
+++ b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/crd-manifest/provider-customresourcedefinition.yaml
@@ -0,0 +1,44 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  labels:
+    gatekeeper.sh/system: "yes"
+  name: providers.externaldata.gatekeeper.sh
+spec:
+  group: externaldata.gatekeeper.sh
+  names:
+    kind: Provider
+    listKind: ProviderList
+    plural: providers
+    singular: provider
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Provider is the Schema for the Provider API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Spec defines the Provider specifications.
+            properties:
+              timeout:
+                description: Timeout is the timeout when querying the provider.
+                type: integer
+              url:
+                description: URL is the url for the provider. URL is prefixed with http:// or https://.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
diff --git a/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/templates/_helpers.tpl b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/templates/_helpers.tpl
new file mode 100644
index 000000000..6a89079bc
--- /dev/null
+++ b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+# Rancher
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
diff --git a/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/templates/jobs.yaml b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/templates/jobs.yaml
new file mode 100644
index 000000000..671d11f8c
--- /dev/null
+++ b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/templates/jobs.yaml
@@ -0,0 +1,108 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ .Chart.Name }}-create
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade, post-rollback
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  template:
+    metadata:
+      name: {{ .Chart.Name }}-create
+      labels:
+        app: {{ .Chart.Name }}
+    spec:
+      serviceAccountName: {{ .Chart.Name }}-manager
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+      containers:
+        - name: create-crds
+          image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+          imagePullPolicy: IfNotPresent
+          command:
+          - /bin/kubectl
+          - apply
+          - -f
+          - /etc/config/crd-manifest.yaml
+          volumeMounts:
+            - name: crd-manifest
+              readOnly: true
+              mountPath: /etc/config
+      restartPolicy: OnFailure
+      volumes:
+      - name: crd-manifest
+        configMap:
+          name: {{ .Chart.Name }}-manifest
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ .Chart.Name }}-delete
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  template:
+    metadata:
+      name: {{ .Chart.Name }}-delete
+      labels:
+        app: {{ .Chart.Name }}
+    spec:
+      serviceAccountName: {{ .Chart.Name }}-manager
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+      initContainers:
+        - name: remove-finalizers
+          image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+          imagePullPolicy: IfNotPresent
+          command:
+          - /bin/kubectl
+          - apply
+          - -f
+          - /etc/config/crd-manifest.yaml
+          volumeMounts:
+            - name: crd-manifest
+              readOnly: true
+              mountPath: /etc/config
+      containers:
+        - name: delete-crds
+          image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+          imagePullPolicy: IfNotPresent
+          command:
+          - /bin/kubectl
+          - delete
+          - -f
+          - /etc/config/crd-manifest.yaml
+          volumeMounts:
+            - name: crd-manifest
+              readOnly: true
+              mountPath: /etc/config
+      restartPolicy: OnFailure
+      volumes:
+      - name: crd-manifest
+        configMap:
+          name: {{ .Chart.Name }}-manifest
diff --git a/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/templates/manifest.yaml b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/templates/manifest.yaml
new file mode 100644
index 000000000..31016b6ef
--- /dev/null
+++ b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/templates/manifest.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Chart.Name }}-manifest
+  namespace: {{ .Release.Namespace }}
+data:
+  crd-manifest.yaml: |
+    {{- $currentScope := . -}}
+    {{- $crds := (.Files.Glob  "crd-manifest/**.yaml") -}}
+    {{- range $path, $_ :=  $crds -}}
+    {{- with $currentScope -}}
+    {{ .Files.Get $path | nindent 4 }}
+    ---
+    {{- end -}}{{- end -}}
diff --git a/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/templates/rbac.yaml b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/templates/rbac.yaml
new file mode 100644
index 000000000..bdda1ddad
--- /dev/null
+++ b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/templates/rbac.yaml
@@ -0,0 +1,72 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Chart.Name }}-manager
+  labels:
+    app: {{ .Chart.Name }}-manager
+rules:
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs: ['create', 'get', 'patch', 'delete']
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+  - {{ .Chart.Name }}-manager
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Chart.Name }}-manager
+  labels:
+    app: {{ .Chart.Name }}-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Chart.Name }}-manager
+subjects:
+- kind: ServiceAccount
+  name: {{ .Chart.Name }}-manager
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}-manager
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}-manager
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ .Chart.Name }}-manager
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}-manager
+spec:
+  privileged: false
+  allowPrivilegeEscalation: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  volumes:
+    - 'configMap'
+    - 'secret'
diff --git a/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/values.yaml b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/values.yaml
new file mode 100644
index 000000000..657ccacf8
--- /dev/null
+++ b/charts/rancher-gatekeeper-crd/100.2.0+up3.8.1/values.yaml
@@ -0,0 +1,11 @@
+# Default values for rancher-gatekeeper-crd.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+image:
+  repository: rancher/kubectl
+  tag: v1.20.2
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/.helmignore b/charts/rancher-gatekeeper/100.2.0+up3.8.1/.helmignore
new file mode 100644
index 000000000..f0c131944
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/CHANGELOG.md b/charts/rancher-gatekeeper/100.2.0+up3.8.1/CHANGELOG.md
new file mode 100644
index 000000000..c68d23c24
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/CHANGELOG.md
@@ -0,0 +1,15 @@
+# Changelog
+All notable changes from the upstream OPA Gatekeeper chart will be added to this file
+
+## [Package Version 00] - 2020-09-10
+### Added
+- Enabled the CRD chart generator in `package.yaml`
+
+### Modified
+- Updated namespace to `cattle-gatekeeper-system`
+- Updated for Helm 3 compatibility
+    - Moved crds to `crds` directory
+    - Removed `crd-install` hooks and templates from crds
+
+### Removed
+- Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/Chart.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/Chart.yaml
new file mode 100644
index 000000000..f4a21f322
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/Chart.yaml
@@ -0,0 +1,26 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: OPA Gatekeeper
+  catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.25.0-0'
+  catalog.cattle.io/namespace: cattle-gatekeeper-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1
+  catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0'
+  catalog.cattle.io/release-name: rancher-gatekeeper
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/ui-component: gatekeeper
+apiVersion: v2
+appVersion: v3.8.1
+description: Modifies Open Policy Agent's upstream gatekeeper chart that provides
+  policy-based control for cloud native environments
+home: https://github.com/open-policy-agent/gatekeeper
+icon: https://charts.rancher.io/assets/logos/gatekeeper.svg
+keywords:
+- open policy agent
+- security
+name: rancher-gatekeeper
+sources:
+- https://github.com/open-policy-agent/gatekeeper.git
+version: 100.2.0+up3.8.1
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/README.md b/charts/rancher-gatekeeper/100.2.0+up3.8.1/README.md
new file mode 100644
index 000000000..d028ba586
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/README.md
@@ -0,0 +1,143 @@
+# Gatekeeper Helm Chart
+
+## Get Repo Info
+
+```console
+helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
+helm repo update
+```
+
+_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
+
+## Install Chart
+
+```console
+# Helm install with gatekeeper-system namespace already created
+$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper
+
+# Helm install and create namespace
+$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper --create-namespace
+
+```
+
+_See [parameters](#parameters) below._
+
+_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
+
+## Upgrade Chart
+
+**Upgrading from < v3.4.0**
+Chart 3.4.0 deprecates support for Helm 2 and also removes the creation of the `gatekeeper-system` Namespace from within the chart. This follows Helm 3 Best Practices.
+
+Option 1:
+A simple way to upgrade is to uninstall first and re-install with 3.4.0 or greater.
+
+```console
+$ helm uninstall gatekeeper
+$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper --create-namespace
+
+```
+
+Option 2:
+Run the `helm_migrate.sh` script before installing the 3.4.0 or greater chart. This will remove the Helm secret for the original release, while keeping all of the resources. It then updates the annotations of the resources so that the new chart can import and manage them.
+
+```console
+$ helm_migrate.sh
+$ helm install -n gatekeeper-system gatekeeper gatekeeper/gatekeeper
+```
+
+**Upgrading from >= v3.4.0**
+```console
+$ helm upgrade -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper
+```
+
+_See [helm 2 to 3](https://helm.sh/docs/topics/v2_v3_migration/) for Helm 2 migration documentation._
+
+
+## Exempting Namespace
+
+The Helm chart automatically sets the Gatekeeper flag `--exempt-namespace={{ .Release.Namespace }}` in order to exempt the namespace where the chart is installed, and adds the `admission.gatekeeper.sh/ignore` label to the namespace during a post-install hook.
+
+_See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/website/docs/exempt-namespaces) for more information._
+
+## Parameters
+
+| Parameter                                     | Description                                                                                                                                                                                                                                         | Default                                                                   |
+| :-------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ |
+| postInstall.labelNamespace.enabled            | Add labels to the namespace during post install hooks                                                                                                                                                                                               | `true`                                                                    |
+| postInstall.labelNamespace.image.repository   | Image with kubectl to label the namespace                                                                                                                                                                                                           | `openpolicyagent/gatekeeper-crds`                                         |
+| postInstall.labelNamespace.image.tag          | Image tag                                                                                                                                                                                                                                           | Current release version: `v3.8.1`                                         |
+| postInstall.labelNamespace.image.pullPolicy   | Image pullPolicy                                                                                                                                                                                                                                    | `IfNotPresent`                                                            |
+| postInstall.labelNamespace.image.pullSecrets  | Image pullSecrets                                                                                                                                                                                                                                   | `[]`                                                                      |
+| postInstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
+| preUninstall.deleteWebhooks.enabled           | Delete webhooks before gatekeeper itself is uninstalled                                                                                                                                                                                             | `false`                                                                   |
+| preUninstall.deleteWebhooks.image.repository  | Image with kubectl to delete the webhooks                                                                                                                                                                                                           | `openpolicyagent/gatekeeper-crds`                                         |
+| preUninstall.deleteWebhooks.image.tag         | Image tag                                                                                                                                                                                                                                           | Current release version: `v3.8.1`                                         |
+| preUninstall.deleteWebhooks.image.pullPolicy  | Image pullPolicy                                                                                                                                                                                                                                    | `IfNotPresent`                                                            |
+| preUninstall.deleteWebhooks.image.pullSecrets | Image pullSecrets                                                                                                                                                                                                                                   | `[]`                                                                      |
+| preUninstall.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
+| psp.enabled                                   | Enabled PodSecurityPolicy                                                                                                                                                                                                                           | `true`                                                                    |
+| upgradeCRDs.enabled                           | Upgrade CRDs using pre-install/pre-upgrade hooks                                                                                                                                                                                                    | `true`                                                                    |
+| crds.securityContext | Security context applied to the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 65532, "runAsNonRoot": true, "runAsUser": 65532 }` |
+| auditInterval                                | The frequency with which audit is run                                                  | `300`                                                                      |
+| constraintViolationsLimit                     | The maximum # of audit violations reported on a constraint                                                                                                                                                                                          | `20`                                                                      |
+| auditFromCache                                | Take the roster of resources to audit from the OPA cache                                                                                                                                                                                            | `false`                                                                   |
+| auditChunkSize                                | Chunk size for listing cluster resources for audit (alpha feature)                                                                                                                                                                                  | `0`                                                                       |
+| auditMatchKindOnly                            | Only check resources of the kinds specified in all constraints defined in the cluster.                                                                                                                                                              | `false`                                                                   |
+| disableValidatingWebhook                      | Disable the validating webhook                                                                                                                                                                                                                      | `false`                                                                   |
+| disableMutation                               | Disable mutation                                                                                                                                                                                                                                    | `false`                                                                   |
+| validatingWebhookTimeoutSeconds               | The timeout for the validating webhook in seconds                                                                                                                                                                                                   | `3`                                                                       |
+| validatingWebhookFailurePolicy                | The failurePolicy for the validating webhook                                                                                                                                                                                                        | `Ignore`                                                                  |
+| validatingWebhookCheckIgnoreFailurePolicy     | The failurePolicy for the check-ignore-label validating webhook                                                                                                                                                                                     | `Fail`                                                                    |
+| validatingWebhookExemptNamespacesLabels       | Additional namespace labels that will be exempt from the validating webhook. Please note that anyone in the cluster capable to manage namespaces will be able to skip all Gatekeeper validation by setting one of these labels for their namespace. | `{}`                                                                      |
+| validatingWebhookCustomRules                  | Custom rules for selecting which API resources trigger the webhook. Mutually exclusive with `enableDeleteOperations`. NOTE: If you change this, ensure all your constraints are still being enforced.                                               | `{}`                                                                      |
+| enableDeleteOperations                        | Enable validating webhook for delete operations. Does not work with `validatingWebhookCustomRules`                                                                                                                                                  | `false`                                                                   |
+| enableExternalData                            | Enable external data (alpha feature)                                                                                                                                                                                                                | `false`                                                                   |
+| enableTLSHealthcheck                          | Enable probing webhook API with certificate stored in certDir                                                                                                                                                                                       | `false`                                                                   |
+| mutatingWebhookFailurePolicy                  | The failurePolicy for the mutating webhook                                                                                                                                                                                                          | `Ignore`                                                                  |
+| mutatingWebhookReinvocationPolicy             | The reinvocationPolicy for the mutating webhook                                                                                                                                                                                                     | `Never`                                                                   |
+| mutatingWebhookExemptNamespacesLabels         | Additional namespace labels that will be exempt from the mutating webhook. Please note that anyone in the cluster capable to manage namespaces will be able to skip all Gatekeeper validation by setting one of these labels for their namespace.   | `{}`                                                                      |
+| mutatingWebhookTimeoutSeconds                 | The timeout for the mutating webhook in seconds                                                                                                                                                                                                     | `3`                                                                       |
+| mutatingWebhookCustomRules                    | Custom rules for selecting which API resources trigger the webhook. NOTE: If you change this, ensure all your constraints are still being enforced.                                                                                                 | `{}`                                                                      |
+| emitAdmissionEvents                           | Emit K8s events in gatekeeper namespace for admission violations (alpha feature)                                                                                                                                                                    | `false`                                                                   |
+| emitAuditEvents                               | Emit K8s events in gatekeeper namespace for audit violations (alpha feature)                                                                                                                                                                        | `false`                                                                   |
+| logDenies                                     | Log detailed info on each deny                                                                                                                                                                                                                      | `false`                                                                   |
+| logLevel                                      | Minimum log level                                                                                                                                                                                                                                   | `INFO`                                                                    |
+| image.pullPolicy                              | The image pull policy                                                                                                                                                                                                                               | `IfNotPresent`                                                            |
+| image.repository                              | Image repository                                                                                                                                                                                                                                    | `openpolicyagent/gatekeeper`                                              |
+| image.release                                 | The image release tag to use                                                                                                                                                                                                                        | Current release version: `v3.8.1`                                         |
+| image.pullSecrets                             | Specify an array of imagePullSecrets                                                                                                                                                                                                                | `[]`                                                                      |
+| resources                                     | The resource request/limits for the container image                                                                                                                                                                                                 | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi                            |
+| nodeSelector                                  | The node selector to use for pod scheduling                                                                                                                                                                                                         | `kubernetes.io/os: linux`                                                 |
+| affinity                                      | The node affinity to use for pod scheduling                                                                                                                                                                                                         | `{}`                                                                      |
+| tolerations                                   | The tolerations to use for pod scheduling                                                                                                                                                                                                           | `[]`                                                                      |
+| controllerManager.healthPort                  | Health port for controller manager                                                                                                                                                                                                                  | `9090`                                                                    |
+| controllerManager.port                        | Webhook-server port for controller manager                                                                                                                                                                                                          | `8443`                                                                    |
+| controllerManager.metricsPort                 | Metrics port for controller manager                                                                                                                                                                                                                 | `8888`                                                                    |
+| controllerManager.priorityClassName           | Priority class name for controller manager                                                                                                                                                                                                          | `system-cluster-critical`                                                 |
+| controllerManager.exemptNamespaces            | The exact namespaces to exempt by the admission webhook                                                                                                                                                                                             | `[]`                                                                      |
+| controllerManager.exemptNamespacePrefixes     | The namespace prefixes to exempt by the admission webhook                                                                                                                                                                                           | `[]`                                                                      |
+| controllerManager.hostNetwork                 | Enables controllerManager to be deployed on hostNetwork                                                                                                                                                                                             | `false`                                                                   |
+| controllerManager.dnsPolicy                   | Set the dnsPolicy for controllerManager pods                                                                                                                                                                                                        | `ClusterFirst`                                                            |
+| controllerManager.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
+| audit.priorityClassName                       | Priority class name for audit controller                                                                                                                                                                                                            | `system-cluster-critical`                                                 |
+| audit.hostNetwork                             | Enables audit to be deployed on hostNetwork                                                                                                                                                                                                         | `false`                                                                   |
+| audit.dnsPolicy                               | Set the dnsPolicy for audit pods                                                                                                                                                                                                                    | `ClusterFirst`                                                            |
+| audit.securityContext | Security context applied on the container | `{ "allowPrivilegeEscalation": false, "capabilities": "drop": [all], "readOnlyRootFilesystem": true, "runAsGroup": 999, "runAsNonRoot": true, "runAsUser": 1000 }` |
+| audit.healthPort                              | Health port for audit                                                                                                                                                                                                                               | `9090`                                                                    |
+| audit.metricsPort                             | Metrics port for audit                                                                                                                                                                                                                              | `8888`                                                                    |
+| replicas                                      | The number of Gatekeeper replicas to deploy for the webhook                                                                                                                                                                                         | `3`                                                                       |
+| podAnnotations                                | The annotations to add to the Gatekeeper pods                                                                                                                                                                                                       | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` |
+| podLabels                                     | The labels to add to the Gatekeeper pods                                                                                                                                                                                                            | `{}`                                                                      |
+| podCountLimit                                 | The maximum number of Gatekeeper pods to run                                                                                                                                                                                                        | `100`                                                                     |
+| secretAnnotations                             | The annotations to add to the Gatekeeper secrets                                                                                                                                                                                                    | `{}`                                                                      |
+| pdb.controllerManager.minAvailable            | The number of controller manager pods that must still be available after an eviction                                                                                                                                                                | `1`                                                                       |
+| service.type                                  | Service type                                                                                                                                                                                                                                        | `ClusterIP`                                                               |
+| service.loadBalancerIP                        | The IP address of LoadBalancer service                                                                                                                                                                                                              | ``                                                                        |
+| service.healthzPort                       | Service port to gatekeeper Webhook health port                                                 | `9090`
+                                                           |
+| rbac.create                                   | Enable the creation of RBAC resources                                                                                                                                                                                                               | `true`                                                                    |
+
+## Contributing Changes
+
+Please refer to [Contributing to Helm Chart](https://open-policy-agent.github.io/gatekeeper/website/docs/help#contributing-to-helm-chart) for modifying the Helm chart.
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/app-readme.md b/charts/rancher-gatekeeper/100.2.0+up3.8.1/app-readme.md
new file mode 100644
index 000000000..d44cf7b2b
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/app-readme.md
@@ -0,0 +1,14 @@
+# Rancher OPA Gatekeeper
+
+This chart is based off of the upstream [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper/tree/master/charts/gatekeeper) chart.
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/opa-gatekeper/).
+
+The chart installs the following components:
+
+- OPA Gatekeeper Controller-Manager - OPA Gatekeeper is a policy engine for providing policy based governance for Kubernetes clusters. The controller installs as a [validating admission controller webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook) on the cluster and intercepts all admission requests that create, update or delete a resource in the cluster.
+- [Audit](https://github.com/open-policy-agent/gatekeeper#audit) - A periodic audit of the cluster resources against the enforced policies. Any existing resource that violates a policy will be recorded as violations.
+- [Constraint Template](https://github.com/open-policy-agent/gatekeeper#constraint-templates) - A template is a CRD (`ConstraintTemplate`) that defines the schema and Rego logic of a policy to be applied to the cluster by Gatekeeper's admission controller webhook. This chart installs a few default `ConstraintTemplate` custom resources.
+- [Constraint](https://github.com/open-policy-agent/gatekeeper#constraints) - A constraint is a custom resource that defines the scope of resources which a specific constraint template should apply to. The complete policy is defined by a combination of `ConstraintTemplates` (i.e. what the policy is) and `Constraints` (i.e. what resource to apply the policy to).
+
+For more information on how to configure the Helm chart, refer to the Helm README.
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/_helpers.tpl b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/_helpers.tpl
new file mode 100644
index 000000000..3d2366b3d
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/_helpers.tpl
@@ -0,0 +1,64 @@
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "gatekeeper.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "gatekeeper.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "gatekeeper.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Adds additional pod labels to the common ones
+*/}}
+{{- define "gatekeeper.podLabels" -}}
+{{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+{{- end }}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/allowedrepos.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/allowedrepos.yaml
new file mode 100644
index 000000000..9abb84ecb
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/allowedrepos.yaml
@@ -0,0 +1,35 @@
+apiVersion: templates.gatekeeper.sh/v1beta1
+kind: ConstraintTemplate
+metadata:
+  name: k8sallowedrepos
+spec:
+  crd:
+    spec:
+      names:
+        kind: K8sAllowedRepos
+      validation:
+        # Schema for the `parameters` field
+        openAPIV3Schema:
+          properties:
+            repos:
+              type: array
+              items:
+                type: string
+  targets:
+    - target: admission.k8s.gatekeeper.sh
+      rego: |
+        package k8sallowedrepos
+
+        violation[{"msg": msg}] {
+          container := input.review.object.spec.containers[_]
+          satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)]
+          not any(satisfied)
+          msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos])
+        }
+
+        violation[{"msg": msg}] {
+          container := input.review.object.spec.initContainers[_]
+          satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)]
+          not any(satisfied)
+          msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos])
+        }
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-admin-podsecuritypolicy.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-admin-podsecuritypolicy.yaml
new file mode 100644
index 000000000..eee2ac964
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-admin-podsecuritypolicy.yaml
@@ -0,0 +1,38 @@
+{{- if .Values.psp.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-admin
+spec:
+  allowPrivilegeEscalation: false
+  fsGroup:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  requiredDropCapabilities:
+  - ALL
+  runAsUser:
+    rule: MustRunAsNonRoot
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  volumes:
+  - configMap
+  - projected
+  - secret
+  - downwardAPI
+  - emptyDir
+{{- end }}
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-admin-serviceaccount.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-admin-serviceaccount.yaml
new file mode 100644
index 000000000..4b68998cb
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-admin-serviceaccount.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-admin
+  namespace: '{{ .Release.Namespace }}'
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-audit-deployment.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-audit-deployment.yaml
new file mode 100644
index 000000000..396b79178
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-audit-deployment.yaml
@@ -0,0 +1,119 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    control-plane: audit-controller
+    gatekeeper.sh/operation: audit
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-audit
+  namespace: '{{ .Release.Namespace }}'
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: '{{ template "gatekeeper.name" . }}'
+      chart: '{{ template "gatekeeper.name" . }}'
+      control-plane: audit-controller
+      gatekeeper.sh/operation: audit
+      gatekeeper.sh/system: "yes"
+      heritage: '{{ .Release.Service }}'
+      release: '{{ .Release.Name }}'
+  template:
+    metadata:
+      annotations:
+        {{- toYaml .Values.podAnnotations | trim | nindent 8 }}
+      labels:
+{{- include "gatekeeper.podLabels" . }}
+        app: '{{ template "gatekeeper.name" . }}'
+        chart: '{{ template "gatekeeper.name" . }}'
+        control-plane: audit-controller
+        gatekeeper.sh/operation: audit
+        gatekeeper.sh/system: "yes"
+        heritage: '{{ .Release.Service }}'
+        release: '{{ .Release.Name }}'
+    spec:
+      affinity:
+        {{- toYaml .Values.audit.affinity | nindent 8 }}
+      automountServiceAccountToken: true
+      containers:
+      - image: '{{ template "system_default_registry" . }}{{ .Values.images.gatekeeper.repository }}:{{ .Values.images.gatekeeper.tag }}'
+        args:
+        - --audit-interval={{ .Values.auditInterval }}
+        - --log-level={{ .Values.logLevel }}
+        - --constraint-violations-limit={{ .Values.constraintViolationsLimit }}
+        - --audit-from-cache={{ .Values.auditFromCache }}
+        - --audit-chunk-size={{ .Values.auditChunkSize }}
+        - --audit-match-kind-only={{ .Values.auditMatchKindOnly }}
+        - --emit-audit-events={{ .Values.emitAuditEvents }}
+        - --operation=audit
+        - --operation=status
+        {{ if not .Values.disableMutation}}- --operation=mutation-status{{- end }}
+        - --logtostderr
+        - --health-addr=:{{ .Values.audit.healthPort }}
+        - --prometheus-port={{ .Values.audit.metricsPort }}
+        - --enable-external-data={{ .Values.enableExternalData }}
+        command:
+        - /manager
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        imagePullPolicy: '{{ .Values.images.pullPolicy }}'
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: {{ .Values.audit.healthPort }}
+        name: manager
+        ports:
+        - containerPort: {{ .Values.audit.metricsPort }}
+          name: metrics
+          protocol: TCP
+        - containerPort: {{ .Values.audit.healthPort }}
+          name: healthz
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: {{ .Values.audit.healthPort }}
+        resources:
+          {{- toYaml .Values.audit.resources | nindent 10 }}
+        securityContext:
+          {{- toYaml .Values.audit.securityContext | nindent 10}}
+        volumeMounts:
+        - mountPath: /tmp/audit
+          name: tmp-volume
+      dnsPolicy: {{ .Values.audit.dnsPolicy }}
+      hostNetwork: {{ .Values.audit.hostNetwork }}
+      imagePullSecrets:
+        {{- toYaml .Values.images.pullSecrets | nindent 8 }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.audit.nodeSelector }}
+{{ toYaml .Values.audit.nodeSelector | indent 8 }}
+{{- end }}
+      {{- if .Values.audit.priorityClassName }}
+      priorityClassName:  {{ .Values.audit.priorityClassName }}
+      {{- end }}
+      serviceAccountName: gatekeeper-admin
+      terminationGracePeriodSeconds: 60
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.audit.tolerations }}
+{{ toYaml .Values.audit.tolerations | indent 8 }}
+{{- end }}
+      volumes:
+      {{- if .Values.audit.writeToRAMDisk }}
+      - emptyDir:
+          medium: Memory
+      {{ else }}
+      - emptyDir: {}
+      {{- end }}
+        name: tmp-volume
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-controller-manager-deployment.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-controller-manager-deployment.yaml
new file mode 100644
index 000000000..11a5ec13a
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-controller-manager-deployment.yaml
@@ -0,0 +1,132 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    control-plane: controller-manager
+    gatekeeper.sh/operation: webhook
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-controller-manager
+  namespace: '{{ .Release.Namespace }}'
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: '{{ template "gatekeeper.name" . }}'
+      chart: '{{ template "gatekeeper.name" . }}'
+      control-plane: controller-manager
+      gatekeeper.sh/operation: webhook
+      gatekeeper.sh/system: "yes"
+      heritage: '{{ .Release.Service }}'
+      release: '{{ .Release.Name }}'
+  template:
+    metadata:
+      annotations:
+        {{- toYaml .Values.podAnnotations | trim | nindent 8 }}
+      labels:
+{{- include "gatekeeper.podLabels" . }}
+        app: '{{ template "gatekeeper.name" . }}'
+        chart: '{{ template "gatekeeper.name" . }}'
+        control-plane: controller-manager
+        gatekeeper.sh/operation: webhook
+        gatekeeper.sh/system: "yes"
+        heritage: '{{ .Release.Service }}'
+        release: '{{ .Release.Name }}'
+    spec:
+      affinity:
+        {{- toYaml .Values.controllerManager.affinity | nindent 8 }}
+      automountServiceAccountToken: true
+      containers:
+      - image: '{{ template "system_default_registry" . }}{{ .Values.images.gatekeeper.repository }}:{{ .Values.images.gatekeeper.tag }}'
+        imagePullPolicy: '{{ .Values.images.pullPolicy }}'
+        args:
+        - --port={{ .Values.controllerManager.port }}
+        - --health-addr=:{{ .Values.controllerManager.healthPort }}
+        - --prometheus-port={{ .Values.controllerManager.metricsPort }}
+        - --logtostderr
+        - --log-denies={{ .Values.logDenies }}
+        - --emit-admission-events={{ .Values.emitAdmissionEvents }}
+        - --log-level={{ .Values.logLevel }}
+        - --exempt-namespace={{ .Release.Namespace }}
+        - --operation=webhook
+        - --enable-external-data={{ .Values.enableExternalData }}
+        - --log-mutations={{ .Values.logMutations }}
+        - --mutation-annotations={{ .Values.mutationAnnotations }}
+        {{ if .Values.enableTLSHealthcheck}}- --enable-tls-healthcheck{{- end }}
+        {{ if not .Values.disableMutation}}- --operation=mutation-webhook{{- end }}
+        
+        {{- range .Values.disabledBuiltins}}
+        - --disable-opa-builtin={{ . }}
+        {{- end }}
+        
+        {{- range .Values.controllerManager.exemptNamespaces}}
+        - --exempt-namespace={{ . }}
+        {{- end }}
+        
+        {{- range .Values.controllerManager.exemptNamespacePrefixes}}
+        - --exempt-namespace-prefix={{ . }}
+        {{- end }}
+        command:
+        - /manager
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: {{ .Values.controllerManager.healthPort }}
+        name: manager
+        ports:
+        - containerPort: {{ .Values.controllerManager.port }}
+          name: webhook-server
+          protocol: TCP
+        - containerPort: {{ .Values.controllerManager.metricsPort }}
+          name: metrics
+          protocol: TCP
+        - containerPort: {{ .Values.controllerManager.healthPort }}
+          name: healthz
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: {{ .Values.controllerManager.healthPort }}
+        resources:
+          {{- toYaml .Values.controllerManager.resources | nindent 10 }}
+        securityContext:
+          {{- toYaml .Values.controllerManager.securityContext | nindent 10}}
+        volumeMounts:
+        - mountPath: /certs
+          name: cert
+          readOnly: true
+      dnsPolicy: {{ .Values.controllerManager.dnsPolicy }}
+      hostNetwork: {{ .Values.controllerManager.hostNetwork }}
+      imagePullSecrets:
+        {{- toYaml .Values.images.pullSecrets | nindent 8 }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.controllerManager.nodeSelector }}
+{{ toYaml .Values.controllerManager.nodeSelector | indent 8 }}
+{{- end }}
+      {{- if .Values.controllerManager.priorityClassName }}
+      priorityClassName:  {{ .Values.controllerManager.priorityClassName }}
+      {{- end }}
+      serviceAccountName: gatekeeper-admin
+      terminationGracePeriodSeconds: 60
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.controllerManager.tolerations }}
+{{ toYaml .Values.controllerManager.tolerations | indent 8 }}
+{{- end }}
+      volumes:
+      - name: cert
+        secret:
+          defaultMode: 420
+          secretName: gatekeeper-webhook-server-cert
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml
new file mode 100644
index 000000000..53e564a74
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }}
+apiVersion: policy/v1
+{{ else }}
+apiVersion: policy/v1beta1
+{{ end -}}
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-controller-manager
+  namespace: '{{ .Release.Namespace }}'
+spec:
+  minAvailable: {{ .Values.pdb.controllerManager.minAvailable }}
+  selector:
+    matchLabels:
+      app: '{{ template "gatekeeper.name" . }}'
+      chart: '{{ template "gatekeeper.name" . }}'
+      control-plane: controller-manager
+      gatekeeper.sh/operation: webhook
+      gatekeeper.sh/system: "yes"
+      heritage: '{{ .Release.Service }}'
+      release: '{{ .Release.Name }}'
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-critical-pods-resourcequota.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-critical-pods-resourcequota.yaml
new file mode 100644
index 000000000..154646366
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-critical-pods-resourcequota.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.resourceQuota }}
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-critical-pods
+  namespace: '{{ .Release.Namespace }}'
+spec:
+  hard:
+    pods: {{ .Values.podCountLimit }}
+  scopeSelector:
+    matchExpressions:
+    - operator: In
+      scopeName: PriorityClass
+      values:
+      - {{ .Values.controllerManager.priorityClassName }}
+      - {{ .Values.audit.priorityClassName }}
+{{- end }}
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-manager-role-clusterrole.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-manager-role-clusterrole.yaml
new file mode 100644
index 000000000..2ccd9f067
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-manager-role-clusterrole.yaml
@@ -0,0 +1,165 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-manager-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - admissionregistration.k8s.io
+  resourceNames:
+  - gatekeeper-mutating-webhook-configuration
+  resources:
+  - mutatingwebhookconfigurations
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - config.gatekeeper.sh
+  resources:
+  - configs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - config.gatekeeper.sh
+  resources:
+  - configs/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - constraints.gatekeeper.sh
+  resources:
+  - '*'
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - externaldata.gatekeeper.sh
+  resources:
+  - providers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - mutations.gatekeeper.sh
+  resources:
+  - '*'
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - policy
+  resourceNames:
+  - gatekeeper-admin
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+- apiGroups:
+  - status.gatekeeper.sh
+  resources:
+  - '*'
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - templates.gatekeeper.sh
+  resources:
+  - constrainttemplates
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - templates.gatekeeper.sh
+  resources:
+  - constrainttemplates/finalizers
+  verbs:
+  - delete
+  - get
+  - patch
+  - update
+- apiGroups:
+  - templates.gatekeeper.sh
+  resources:
+  - constrainttemplates/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - admissionregistration.k8s.io
+  resourceNames:
+  - gatekeeper-validating-webhook-configuration
+  resources:
+  - validatingwebhookconfigurations
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+{{- end }}
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-manager-role-role.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-manager-role-role.yaml
new file mode 100644
index 000000000..25b2e702f
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-manager-role-role.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: null
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-manager-role
+  namespace: '{{ .Release.Namespace }}'
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+{{- end }}
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml
new file mode 100644
index 000000000..1fb9f6c87
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: gatekeeper-manager-role
+subjects:
+- kind: ServiceAccount
+  name: gatekeeper-admin
+  namespace: '{{ .Release.Namespace }}'
+{{- end }}
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-manager-rolebinding-rolebinding.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-manager-rolebinding-rolebinding.yaml
new file mode 100644
index 000000000..fbe9580d5
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-manager-rolebinding-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-manager-rolebinding
+  namespace: '{{ .Release.Namespace }}'
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: gatekeeper-manager-role
+subjects:
+- kind: ServiceAccount
+  name: gatekeeper-admin
+  namespace: '{{ .Release.Namespace }}'
+{{- end }}
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml
new file mode 100644
index 000000000..ad409d1ae
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml
@@ -0,0 +1,51 @@
+{{- if not .Values.disableMutation }}
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: gatekeeper-webhook-service
+      namespace: '{{ .Release.Namespace }}'
+      path: /v1/mutate
+  failurePolicy: {{ .Values.mutatingWebhookFailurePolicy }}
+  matchPolicy: Exact
+  name: mutation.gatekeeper.sh
+  namespaceSelector:
+    matchExpressions:
+    - key: admission.gatekeeper.sh/ignore
+      operator: DoesNotExist
+    
+    {{- range $key, $value := .Values.mutatingWebhookExemptNamespacesLabels}}
+    - key: {{ $key }}
+      operator: NotIn
+      value: {{ $value }}
+    {{- end }}
+  reinvocationPolicy: {{ .Values.mutatingWebhookReinvocationPolicy }}
+  rules:
+  {{- if .Values.mutatingWebhookCustomRules }}
+  {{- toYaml .Values.mutatingWebhookCustomRules | nindent 2 }}
+  {{- else }}
+  - apiGroups:
+    - '*'
+    apiVersions:
+    - '*'
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - '*'
+  {{- end }}
+  sideEffects: None
+  timeoutSeconds: {{ .Values.mutatingWebhookTimeoutSeconds }}
+{{- end }}
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
new file mode 100644
index 000000000..ba07e823b
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
@@ -0,0 +1,76 @@
+{{- if not .Values.disableValidatingWebhook }}
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: gatekeeper-webhook-service
+      namespace: '{{ .Release.Namespace }}'
+      path: /v1/admit
+  failurePolicy: {{ .Values.validatingWebhookFailurePolicy }}
+  matchPolicy: Exact
+  name: validation.gatekeeper.sh
+  namespaceSelector:
+    matchExpressions:
+    - key: admission.gatekeeper.sh/ignore
+      operator: DoesNotExist
+    
+    {{- range $key, $value := .Values.validatingWebhookExemptNamespacesLabels}}
+    - key: {{ $key }}
+      operator: NotIn
+      value: {{ $value }}
+    {{- end }}
+  rules:
+  {{- if .Values.validatingWebhookCustomRules }}
+  {{- toYaml .Values.validatingWebhookCustomRules | nindent 2 }}
+  {{- else }}
+  - apiGroups:
+    - '*'
+    apiVersions:
+    - '*'
+    operations:
+    - CREATE
+    - UPDATE
+    {{- if .Values.enableDeleteOperations }}
+    - DELETE
+    {{- end }}
+    resources:
+    - '*'
+  {{- end }}
+  sideEffects: None
+  timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }}
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: gatekeeper-webhook-service
+      namespace: '{{ .Release.Namespace }}'
+      path: /v1/admitlabel
+  failurePolicy: {{ .Values.validatingWebhookCheckIgnoreFailurePolicy }}
+  matchPolicy: Exact
+  name: check-ignore-label.gatekeeper.sh
+  rules:
+  - apiGroups:
+    - ""
+    apiVersions:
+    - '*'
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - namespaces
+  sideEffects: None
+  timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }}
+{{- end }}
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-webhook-server-cert-secret.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-webhook-server-cert-secret.yaml
new file mode 100644
index 000000000..d6e906a99
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-webhook-server-cert-secret.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations: {{- toYaml .Values.secretAnnotations | trim | nindent 4 }}
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-webhook-server-cert
+  namespace: '{{ .Release.Namespace }}'
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-webhook-service-service.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-webhook-service-service.yaml
new file mode 100644
index 000000000..3c0f4453a
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/gatekeeper-webhook-service-service.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-webhook-service
+  namespace: '{{ .Release.Namespace }}'
+spec:
+  
+  ports:
+  - name: https-webhook-server
+    port: 443
+    targetPort: webhook-server
+{{- if .Values.service }}
+{{- if .Values.service.healthzPort }}
+  - name: http-webhook-healthz
+    port: {{ .Values.service.healthzPort }}
+    targetPort: healthz
+      {{- end }}
+  {{- end }}
+  {{- if .Values.service }}
+  type: {{ .Values.service.type | default "ClusterIP" }}
+    {{- if .Values.service.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+    {{- end }}
+  {{- end }}
+  selector:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    control-plane: controller-manager
+    gatekeeper.sh/operation: webhook
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/namespace-post-install.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/namespace-post-install.yaml
new file mode 100644
index 000000000..73313a17c
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/namespace-post-install.yaml
@@ -0,0 +1,102 @@
+{{- if .Values.postInstall.labelNamespace.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: gatekeeper-update-namespace-label
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+spec:
+  template:
+    metadata:
+      labels:
+        app: '{{ template "gatekeeper.name" . }}'
+        release: '{{ .Release.Name }}'
+    spec:
+      restartPolicy: OnFailure
+      {{- if .Values.postInstall.labelNamespace.image.pullSecrets }}
+      imagePullSecrets:
+      {{- .Values.postInstall.labelNamespace.image.pullSecrets | toYaml | nindent 12 }}
+      {{- end }}
+      serviceAccount: gatekeeper-update-namespace-label
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+      containers:
+        - name: kubectl-label
+          image: '{{ template "system_default_registry" . }}{{ .Values.postInstall.labelNamespace.image.repository }}:{{ .Values.postInstall.labelNamespace.image.tag }}'
+          imagePullPolicy: {{ .Values.postInstall.labelNamespace.image.pullPolicy }}
+          args:
+            - label
+            - ns
+            - {{ .Release.Namespace }}
+            - admission.gatekeeper.sh/ignore=no-self-managing
+            - --overwrite
+          securityContext:
+            {{- toYaml .Values.postInstall.securityContext | nindent 12 }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gatekeeper-update-namespace-label
+  labels:
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+---
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: gatekeeper-update-namespace-label
+  labels:
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+      - update
+      - patch
+    resourceNames:
+      - {{ .Release.Namespace }}
+{{- end }}
+---
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: gatekeeper-update-namespace-label
+  labels:
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: gatekeeper-update-namespace-label
+subjects:
+  - kind: ServiceAccount
+    name: gatekeeper-update-namespace-label
+    namespace: {{ .Release.Namespace | quote }}
+{{- end }}
+{{- end }}
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/requiredlabels.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/requiredlabels.yaml
new file mode 100644
index 000000000..e93e6a0a7
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/requiredlabels.yaml
@@ -0,0 +1,57 @@
+apiVersion: templates.gatekeeper.sh/v1beta1
+kind: ConstraintTemplate
+metadata:
+  name: k8srequiredlabels
+spec:
+  crd:
+    spec:
+      names:
+        kind: K8sRequiredLabels
+      validation:
+        # Schema for the `parameters` field
+        openAPIV3Schema:
+          properties:
+            message:
+              type: string
+            labels:
+              type: array
+              items:
+                type: object
+                properties:
+                  key:
+                    type: string
+                  allowedRegex:
+                    type: string
+  targets:
+    - target: admission.k8s.gatekeeper.sh
+      rego: |
+        package k8srequiredlabels
+
+        get_message(parameters, _default) = msg {
+          not parameters.message
+          msg := _default
+        }
+
+        get_message(parameters, _default) = msg {
+          msg := parameters.message
+        }
+
+        violation[{"msg": msg, "details": {"missing_labels": missing}}] {
+          provided := {label | input.review.object.metadata.labels[label]}
+          required := {label | label := input.parameters.labels[_].key}
+          missing := required - provided
+          count(missing) > 0
+          def_msg := sprintf("you must provide labels: %v", [missing])
+          msg := get_message(input.parameters, def_msg)
+        }
+
+        violation[{"msg": msg}] {
+          value := input.review.object.metadata.labels[key]
+          expected := input.parameters.labels[_]
+          expected.key == key
+          # do not match if allowedRegex is not defined, or is an empty string
+          expected.allowedRegex != ""
+          not re_match(expected.allowedRegex, value)
+          def_msg := sprintf("Label <%v: %v> does not satisfy allowed regex: %v", [key, value, expected.allowedRegex])
+          msg := get_message(input.parameters, def_msg)
+        }
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/upgrade-crds-hook.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/upgrade-crds-hook.yaml
new file mode 100644
index 000000000..f9ba165b6
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/upgrade-crds-hook.yaml
@@ -0,0 +1,96 @@
+{{- if .Values.upgradeCRDs.enabled }}
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gatekeeper-admin-upgrade-crds
+  labels:
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
+    helm.sh/hook-weight: "1"
+rules:
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    verbs: ["get", "create", "update", "patch"]
+{{- end }}
+---
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: gatekeeper-admin-upgrade-crds
+  labels:
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
+    helm.sh/hook-weight: "1"
+subjects:
+  - kind: ServiceAccount
+    name: gatekeeper-admin-upgrade-crds
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: gatekeeper-admin-upgrade-crds
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  name: gatekeeper-admin-upgrade-crds
+  namespace: '{{ .Release.Namespace }}'
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
+    helm.sh/hook-weight: "1"
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: gatekeeper-update-crds-hook
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "gatekeeper.name" . }}
+    chart: {{ template "gatekeeper.name" . }}
+    gatekeeper.sh/system: "yes"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-weight: "1"
+    helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
+spec:
+  backoffLimit: 0
+  template:
+    metadata:
+      name: gatekeeper-update-crds-hook
+    spec:
+      serviceAccountName: gatekeeper-admin-upgrade-crds
+      restartPolicy: Never
+      {{- if .Values.images.pullSecrets }}
+      imagePullSecrets:
+        {{- toYaml .Values.images.pullSecrets | nindent 8 }}
+      {{- end }}
+      containers:
+      - name: crds-upgrade
+        image: '{{ template "system_default_registry" . }}{{ .Values.images.gatekeepercrd.repository }}:{{ .Values.images.gatekeepercrd.tag }}'
+        imagePullPolicy: '{{ .Values.images.pullPolicy }}'
+        args:
+        - apply
+        - -f
+        - crds/
+        resources:
+          {{- toYaml .Values.crds.resources | nindent 10 }}
+        securityContext:
+          {{- toYaml .Values.crds.securityContext | nindent 10 }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- end }}
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/validate-install-crd.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..033c3ddcf
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/validate-install-crd.yaml
@@ -0,0 +1,22 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "mutations.gatekeeper.sh/v1alpha1/Assign" false -}}
+# {{- set $found "mutations.gatekeeper.sh/v1alpha1/AssignMetadata" false -}}
+# {{- set $found "config.gatekeeper.sh/v1alpha1/Config" false -}}
+# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintPodStatus" false -}}
+# {{- set $found "templates.gatekeeper.sh/v1/ConstraintTemplate" false -}}
+# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintTemplatePodStatus" false -}}
+# {{- set $found "mutations.gatekeeper.sh/v1alpha1/ModifySet" false -}}
+# {{- set $found "status.gatekeeper.sh/v1beta1/MutatorPodStatus" false -}}
+# {{- set $found "externaldata.gatekeeper.sh/v1alpha1/Provider" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/webhook-configs-pre-delete.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/webhook-configs-pre-delete.yaml
new file mode 100644
index 000000000..93febafaf
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/templates/webhook-configs-pre-delete.yaml
@@ -0,0 +1,114 @@
+{{- if and (or (not .Values.disableValidatingWebhook) (not .Values.disableMutation)) .Values.preUninstall.deleteWebhookConfigurations.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: gatekeeper-delete-webhook-configs
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+spec:
+  template:
+    metadata:
+      labels:
+        app: '{{ template "gatekeeper.name" . }}'
+        release: '{{ .Release.Name }}'
+    spec:
+      restartPolicy: OnFailure
+      {{- if .Values.preUninstall.deleteWebhookConfigurations.image.pullSecrets }}
+      imagePullSecrets:
+      {{- .Values.preUninstall.deleteWebhookConfigurations.image.pullSecrets | toYaml | nindent 12 }}
+      {{- end }}
+      serviceAccount: gatekeeper-delete-webhook-configs
+      nodeSelector:
+        kubernetes.io/os: linux
+      containers:
+        - name: kubectl-delete
+          image: "{{ .Values.preUninstall.deleteWebhookConfigurations.image.repository }}:{{ .Values.preUninstall.deleteWebhookConfigurations.image.tag }}"
+          imagePullPolicy: {{ .Values.preUninstall.deleteWebhookConfigurations.image.pullPolicy }}
+          args:
+            - delete
+            {{- if not .Values.disableValidatingWebhook }}
+            - validatingwebhookconfiguration/gatekeeper-validating-webhook-configuration
+            {{- end }}
+            {{- if not .Values.disableMutation }}
+            - mutatingwebhookconfiguration/gatekeeper-mutating-webhook-configuration
+            {{- end }}
+          securityContext:
+            {{- toYaml .Values.preUninstall.securityContext | nindent 10 }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gatekeeper-delete-webhook-configs
+  labels:
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+---
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gatekeeper-delete-webhook-configs
+  labels:
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+rules:
+  {{- if not .Values.disableValidatingWebhook }}
+  - apiGroups:
+      - admissionregistration.k8s.io
+    resources:
+      - validatingwebhookconfigurations
+    resourceNames:
+      - gatekeeper-validating-webhook-configuration
+    verbs:
+      - delete
+  {{- end }}
+  {{- if not .Values.disableMutation }}
+  - apiGroups:
+      - admissionregistration.k8s.io
+    resources:
+      - mutatingwebhookconfigurations
+    resourceNames:
+      - gatekeeper-mutating-webhook-configuration
+    verbs:
+      - delete
+  {{- end }}
+{{- end }}
+---
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: gatekeeper-delete-webhook-configs
+  labels:
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: gatekeeper-delete-webhook-configs
+subjects:
+  - kind: ServiceAccount
+    name: gatekeeper-delete-webhook-configs
+    namespace: {{ .Release.Namespace | quote }}
+{{- end }}
+{{- end }}
diff --git a/charts/rancher-gatekeeper/100.2.0+up3.8.1/values.yaml b/charts/rancher-gatekeeper/100.2.0+up3.8.1/values.yaml
new file mode 100644
index 000000000..b107bcc39
--- /dev/null
+++ b/charts/rancher-gatekeeper/100.2.0+up3.8.1/values.yaml
@@ -0,0 +1,169 @@
+replicas: 3
+auditInterval: 60
+auditMatchKindOnly: false
+constraintViolationsLimit: 20
+auditFromCache: false
+disableMutation: false
+disableValidatingWebhook: false
+validatingWebhookTimeoutSeconds: 3
+validatingWebhookFailurePolicy: Ignore
+validatingWebhookExemptNamespacesLabels: {}
+validatingWebhookCheckIgnoreFailurePolicy: Fail
+validatingWebhookCustomRules: {}
+enableDeleteOperations: false
+enableExternalData: false
+enableTLSHealthcheck: false
+mutatingWebhookFailurePolicy: Ignore
+mutatingWebhookReinvocationPolicy: Never
+mutatingWebhookExemptNamespacesLabels: {}
+mutatingWebhookTimeoutSeconds: 1
+mutatingWebhookCustomRules: {}
+mutationAnnotations: false
+auditChunkSize: 500
+logLevel: INFO
+logDenies: false
+logMutations: false
+emitAdmissionEvents: false
+emitAuditEvents: false
+resourceQuota: true
+postInstall:
+  labelNamespace:
+    enabled: true
+    image:
+      repository: rancher/kubectl
+      tag: v1.20.2
+      pullPolicy: IfNotPresent
+      pullSecrets: []
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+      - all
+    readOnlyRootFilesystem: true
+    runAsGroup: 999
+    runAsNonRoot: true
+    runAsUser: 1000
+preUninstall:
+  deleteWebhookConfigurations:
+    enabled: false
+    image:
+      repository: openpolicyagent/gatekeeper-crds
+      tag: v3.8.1
+      pullPolicy: IfNotPresent
+      pullSecrets: []
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+      - all
+    readOnlyRootFilesystem: true
+    runAsGroup: 999
+    runAsNonRoot: true
+    runAsUser: 1000
+images:
+  gatekeeper:
+    repository: rancher/mirrored-openpolicyagent-gatekeeper
+    tag: v3.8.1
+  gatekeepercrd:
+    repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
+    tag: v3.8.1
+  pullPolicy: IfNotPresent
+  pullSecrets: []
+podAnnotations:
+  {container.seccomp.security.alpha.kubernetes.io/manager: runtime/default}
+podLabels: {}
+podCountLimit: 100
+secretAnnotations: {}
+controllerManager:
+  exemptNamespaces: []
+  exemptNamespacePrefixes: []
+  hostNetwork: false
+  dnsPolicy: ClusterFirst
+  port: 8443
+  metricsPort: 8888
+  healthPort: 9090
+  priorityClassName: system-cluster-critical
+  affinity:
+    podAntiAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+        - podAffinityTerm:
+            labelSelector:
+              matchExpressions:
+                - key: gatekeeper.sh/operation
+                  operator: In
+                  values:
+                    - webhook
+            topologyKey: kubernetes.io/hostname
+          weight: 100
+  tolerations: []
+  nodeSelector: {}
+  resources:
+    limits:
+      cpu: 1000m
+      memory: 512Mi
+    requests:
+      cpu: 100m
+      memory: 256Mi
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+      - all
+    readOnlyRootFilesystem: true
+    runAsGroup: 999
+    runAsNonRoot: true
+    runAsUser: 1000
+audit:
+  hostNetwork: false
+  dnsPolicy: ClusterFirst
+  metricsPort: 8888
+  healthPort: 9090
+  priorityClassName: system-cluster-critical
+  affinity: {}
+  tolerations: []
+  nodeSelector: {}
+  writeToRAMDisk: false
+  resources:
+    limits:
+      cpu: 1000m
+      memory: 512Mi
+    requests:
+      cpu: 100m
+      memory: 256Mi
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+      - all
+    readOnlyRootFilesystem: true
+    runAsGroup: 999
+    runAsNonRoot: true
+    runAsUser: 1000
+crds:
+  resources: {}
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+      - all
+    readOnlyRootFilesystem: true
+    runAsGroup: 65532
+    runAsNonRoot: true
+    runAsUser: 65532
+pdb:
+  controllerManager:
+    minAvailable: 1
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+service: {}
+disabledBuiltins: ["{http.send}"]
+psp:
+  enabled: true
+upgradeCRDs:
+  enabled: true
+rbac:
+  create: true
diff --git a/index.yaml b/index.yaml
index d8a74e3d3..f61097d28 100755
--- a/index.yaml
+++ b/index.yaml
@@ -3214,6 +3214,36 @@ entries:
     - assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.400.tgz
     version: 0.1.400
   rancher-gatekeeper:
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: OPA Gatekeeper
+      catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.25.0-0'
+      catalog.cattle.io/namespace: cattle-gatekeeper-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1
+      catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0'
+      catalog.cattle.io/release-name: rancher-gatekeeper
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/ui-component: gatekeeper
+    apiVersion: v2
+    appVersion: v3.8.1
+    created: "2022-06-17T15:19:34.954848239+05:30"
+    description: Modifies Open Policy Agent's upstream gatekeeper chart that provides
+      policy-based control for cloud native environments
+    digest: 25f7ba3d4e586f00af405906f19f20998c99fccc239e9800cab2841280d21187
+    home: https://github.com/open-policy-agent/gatekeeper
+    icon: https://charts.rancher.io/assets/logos/gatekeeper.svg
+    keywords:
+    - open policy agent
+    - security
+    name: rancher-gatekeeper
+    sources:
+    - https://github.com/open-policy-agent/gatekeeper.git
+    urls:
+    - assets/rancher-gatekeeper/rancher-gatekeeper-100.2.0+up3.8.1.tgz
+    version: 100.2.0+up3.8.1
   - annotations:
       catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
       catalog.cattle.io/certified: rancher
@@ -3434,6 +3464,20 @@ entries:
     - assets/rancher-gatekeeper/rancher-gatekeeper-3.1.100.tgz
     version: 3.1.100
   rancher-gatekeeper-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-gatekeeper-system
+      catalog.cattle.io/release-name: rancher-gatekeeper-crd
+    apiVersion: v1
+    created: "2022-06-17T15:19:34.960400268+05:30"
+    description: Installs the CRDs for rancher-gatekeeper.
+    digest: 4d2fa3d65ed29e4c866d3671a978fb6e4c674a29e3c7433c870b9472753cd670
+    name: rancher-gatekeeper-crd
+    type: application
+    urls:
+    - assets/rancher-gatekeeper-crd/rancher-gatekeeper-crd-100.2.0+up3.8.1.tgz
+    version: 100.2.0+up3.8.1
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"

From 88e46900e0cbbe7a9024eca57c2fab8f77bf6cd7 Mon Sep 17 00:00:00 2001
From: yaocw2020 <canwu.yao@suse.com>
Date: Wed, 15 Jun 2022 12:54:21 +0800
Subject: [PATCH 04/10] Bump harvester csi driver 0.1.14

---
 .../generated-changes/patch/Chart.yaml.patch           | 10 ----------
 packages/harvester/harvester-csi-driver/package.yaml   |  2 +-
 release.yaml                                           |  2 ++
 3 files changed, 3 insertions(+), 11 deletions(-)
 delete mode 100644 packages/harvester/harvester-csi-driver/generated-changes/patch/Chart.yaml.patch

diff --git a/packages/harvester/harvester-csi-driver/generated-changes/patch/Chart.yaml.patch b/packages/harvester/harvester-csi-driver/generated-changes/patch/Chart.yaml.patch
deleted file mode 100644
index 3275837a7..000000000
--- a/packages/harvester/harvester-csi-driver/generated-changes/patch/Chart.yaml.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- charts-original/Chart.yaml
-+++ charts/Chart.yaml
-@@ -4,6 +4,7 @@
-   catalog.cattle.io/kube-version: '>= 1.18'
-   catalog.cattle.io/namespace: kube-system
-   catalog.cattle.io/os: linux
-+  catalog.cattle.io/permits-os: linux,windows
-   catalog.cattle.io/rancher-version: '>= 2.6.1-0 <= 2.6.99-0'
-   catalog.cattle.io/release-name: harvester-csi-driver
-   catalog.cattle.io/ui-component: harvester-csi-driver
diff --git a/packages/harvester/harvester-csi-driver/package.yaml b/packages/harvester/harvester-csi-driver/package.yaml
index 55e92951d..1ab623d07 100644
--- a/packages/harvester/harvester-csi-driver/package.yaml
+++ b/packages/harvester/harvester-csi-driver/package.yaml
@@ -1,2 +1,2 @@
-url: https://github.com/harvester/charts/releases/download/harvester-csi-driver-0.1.11/harvester-csi-driver-0.1.11.tgz
+url: https://github.com/harvester/charts/releases/download/harvester-csi-driver-0.1.14/harvester-csi-driver-0.1.14.tgz
 version: 100.0.2
diff --git a/release.yaml b/release.yaml
index b827e83cd..c72cbe06f 100644
--- a/release.yaml
+++ b/release.yaml
@@ -30,3 +30,5 @@ rancher-gke-operator:
 - 100.0.3+up1.1.4-rc2
 rancher-gke-operator-crd:
 - 100.0.3+up1.1.4-rc2
+harvester-csi-driver:
+- 100.0.2+up0.1.14

From a0112c31ddfca3c917d3c729788ddb922fb453df Mon Sep 17 00:00:00 2001
From: yaocw2020 <canwu.yao@suse.com>
Date: Wed, 15 Jun 2022 13:00:03 +0800
Subject: [PATCH 05/10] make charts

---
 .../harvester-csi-driver-100.0.2+up0.1.14.tgz | Bin 0 -> 3761 bytes
 .../100.0.2+up0.1.14/.helmignore              |  23 +++
 .../100.0.2+up0.1.14/Chart.yaml               |  21 +++
 .../100.0.2+up0.1.14/questions.yml            |  11 ++
 .../100.0.2+up0.1.14/templates/NOTES.txt      |   1 +
 .../100.0.2+up0.1.14/templates/_helpers.tpl   |  62 ++++++++
 .../100.0.2+up0.1.14/templates/csidriver.yaml |  10 ++
 .../100.0.2+up0.1.14/templates/daemonset.yaml | 149 ++++++++++++++++++
 .../templates/deployment.yaml                 |  95 +++++++++++
 .../100.0.2+up0.1.14/templates/rbac.yaml      |  75 +++++++++
 .../templates/storageclass.yaml               |  10 ++
 .../100.0.2+up0.1.14/values.yaml              |  54 +++++++
 12 files changed, 511 insertions(+)
 create mode 100644 assets/harvester-csi-driver/harvester-csi-driver-100.0.2+up0.1.14.tgz
 create mode 100644 charts/harvester-csi-driver/100.0.2+up0.1.14/.helmignore
 create mode 100644 charts/harvester-csi-driver/100.0.2+up0.1.14/Chart.yaml
 create mode 100644 charts/harvester-csi-driver/100.0.2+up0.1.14/questions.yml
 create mode 100644 charts/harvester-csi-driver/100.0.2+up0.1.14/templates/NOTES.txt
 create mode 100644 charts/harvester-csi-driver/100.0.2+up0.1.14/templates/_helpers.tpl
 create mode 100644 charts/harvester-csi-driver/100.0.2+up0.1.14/templates/csidriver.yaml
 create mode 100644 charts/harvester-csi-driver/100.0.2+up0.1.14/templates/daemonset.yaml
 create mode 100644 charts/harvester-csi-driver/100.0.2+up0.1.14/templates/deployment.yaml
 create mode 100644 charts/harvester-csi-driver/100.0.2+up0.1.14/templates/rbac.yaml
 create mode 100644 charts/harvester-csi-driver/100.0.2+up0.1.14/templates/storageclass.yaml
 create mode 100644 charts/harvester-csi-driver/100.0.2+up0.1.14/values.yaml

diff --git a/assets/harvester-csi-driver/harvester-csi-driver-100.0.2+up0.1.14.tgz b/assets/harvester-csi-driver/harvester-csi-driver-100.0.2+up0.1.14.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..aab03d3c70baa79b680aef3c51db1347f28b2442
GIT binary patch
literal 3761
zcmV;i4o>kOiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH+#Z`(Mw{j6VcuG+<Rx-0n+Cm9$w7w9J0-QZ4>pdNIvxVQ*t
z>DcCmA~huC#xw2x?H42^S(4>P9!;k+=7&U<$n)ZP@sQGt$T=#FGKdrnVoB#HJEt=u
zb+{l2d+`*l+wFFb1_S%Q+wC_0_xgk0i{7Ar*zX@59CrIJy1m2xp!)*4PlA0*%akVa
zMfcITn#_G8jc_hB(Nu6X^Z+8F2@}&WB3d&Hspv!~HJwn5had@$W++>`#Z;w?ECNmv
z9Kt^ft%B3h1)N!}Y8`f)jWL*`R8;UG{Q195pcnSO54%AZ{u6p(e_$^E+&a`?QYndW
z2o{Q3D2+*LSD}W$D9`R%pQb1is#UPLSI&H$*nW5v_AIUa@OV9`5*ZSOxp3M{u60;O
zgGeN);K=owVI-v=3WDZ+kEH4HXE*GH2VRUSk~G!!-dp%5vIHVy-!KufF;O|tTU>k;
zGFC$`0LmwlC@r%{XA-?&NrsmY$~B=JrR~{Z&fCDOUZgk#lBSGCR`<M8s=aPE?1ufn
zWT_#)H}Jl;f&9)}tN))9mZ5sG0I<dX_YV$^oBsc>d${-i&(U7O8BR#XG`LB(UZG7X
zLeG<E4OX3s%s8Y2&!Y*MqKO;j2=fCVQq(zp_Y**3Diqa1F3K>{S>p#ydkI%_l#<4%
zK+g~?9?)b8A7?@##5v8>J$C+V>HNYRj3(0|_|6gfo+Zl>#6^sb!1p+%N=vel(u7JW
zB*p;~d^!`7Q(<W~U~<9(Spcfyp7+Cpu<JRvivF@$AnVZNLu-J0VLu0)N-?K~>xTia
z3~x~03;XsC(V7?#4}o5ct${uW`(e)mNHfN+1*6eo2p5w}p|2$><l3{bqtJjM_`WyE
z7+bmNnYhnTzZXKEQ8|RpoX8HN<4*p-i<rpbQ^6;6YN%HjNz|7%F!@FyW<u#}qGv<!
z%drJZ@)r9Y)KMq0<AVuhs5-vqnOPqp!$=D&6N5~0)TrvYhNlHXxy-Esz{vz7J%md!
zie?yR46R&lap7{9IhEQbQ<6|_ABogJ5ON6TcT{P$6^vC$DHw)zvLeB?6f8&?;n)QI
zb4FML^7$P`nce{~>L^|d&yK9-VQYGV^FBlHt>}DvtA$N(%EXwkJX6&Sold&cFLz|Q
zMKA0We{J{rn{Tc0Ut^LoqEU4&uYNoqh5AlE2FI58-|h8}8u9<=cyO?f|Ig7zSrnmC
z#=kBg#*~Q##;wZ&(831WUw?)0y<5<Pm&F<kK7WRCK^E@K?we^_?EhwlEJdk8oj!ai
zu*Lol1_y(N{U09<dVBkSj`r)Xoi{M2$q*E3FgcD{oS!5{EYS>y@TT+mvuApF=XWXL
zvGoDQ)Im&^$#>}G{Q{GlQ;y)bE+Wi8AA)69o5qK(;Ap%Fgdg1EvzqO}C(ttE5gZ-Z
zOPY+b$%Nj4ANY{NLLQq-N9w6Wq7g`m!TC3nZP;3tSu0p3LhmPZux)>BFc^juj4>ja
zLQo<>`0q01ajZ`$vRDC;2#h9FW9+;mRq%Seuwps89GSk9PeG*^eHVHc6UYle4v0y~
z2<0kYzSw(I!$-;(j1e+r=u|)~@j11-Nx8_Dmy)KFQn1Zbx)9*n=er1>sS?gB%gFF#
z_t{<2Sc=2}sl}O+&f3j;5|>KK^#uGsso+n_Z@_X$ch|M{%bEsOrq<X_Ugk2>YNt2X
z71xWAF|u8!*bZ6FZ<DX8$lZ0mG=@)R{l-kl_W$C8f8*cZxI~f&?#NX;lIuD<dS}Rz
zP|Z4)g`vqOD34ecZ(%ib#BAxT@`c$CIl{1_UAZLQmURO2jHGE}MN`%yO{TLl<P-dy
z360z4zgQsNPfShfgH{4vWp%44oCgTonWS84!XpQ#)y`_{{KKxh@`YAu*?G-lvC5t6
zc$0U$DLS?~B)6t3>fWtuxfVU|_zwbLok8)#U(#c^ZC-!v*!&!AOa2!rnrqV|iox5~
ze+LJL_582j?H%{``QLN2>IRb1LXs(lx8FNI*z;~FkB4Rrm~Y`Fs7XvT8G4ZK_vG49
zs?jW>Ar+oUc}yo)|9g)=XH;T5G?4~9fQkBt6j@pn|K1~sf09(=6_4;Is%L*6{kTX?
z$5g}@d?K#+J6Chg$Ik`J68wQqFj_<m--#HND+L8`ZP-y7x&A{K@FUw6`;Q4Gf-8K~
zX@Jf4-|HPW_y7Cd-qGIvpQTmppQNc;TK$=w`Vs0DtG`d~0Z`egUspWxAWxJG4x1lr
z1kcLs?h|mzW8@kJ22A01RHZ%-kPscsekkGF9jfKV`pWLpcKoYZ=8}#h$4+5GIRzCF
zn#O9xY$oTi1by!a0w{#z5H9!b3p4=`Ij#J5_kv)4a=3EOZtldfM5Rt%y?%Rk_Wpb{
z`fjCLz7bRIj%g}*kP<yRF`AI)Z}n{)`24xDHJGw&O1bK^#~G8Kgi1uW6~xHrO%|Ne
z=0w(>l^YKRQX4e4!)f%kn9vQ$t<m=iUv_M0fVS*6hRba<`22ae^Ds@O#e7yMysm7e
zt$<qYv(-nkB7WB8l}a3Gkq#Sz!n>vREL$X!gz$LvfsuP>OnFDmTAu|`>us4pASckN
zD$JV6H%ir<u4S_m+IdrX=Cokbo~>yLqfAo0I2Byuoo<ST&MCubC6y_fOG#{+vSLDs
zx$E{BEm;kM9btwO)Im(;hS62Av_h#FS{2qh<2Lf3@yV;#mse-!Hy3BCHjF$@1?BqW
z)$7yI#m)KU+4a@M<&W*g?lwzL%H7m*&N_B4)@?V(#(CL}yVz|`SexDcU5aE?^=x(S
zJx<z`vUXsq*V4fbcG5Qf(%PVjRIQ{{<<ag}GEVP?oz9nYFQtIP^3cUL*U~n`xRp=M
zl3l%0(xCcx<#Hx#{l$h;DzMF65XQvE>%wQ8tB5e-4&pVO2S7wpGNz1bimJ&OiCdTr
zVDzui&D*ng7ne`rq8zi%MpsM|?5PhDUvai*p&e>2YQ^$fF)gc655<Ez>a2lM^O+kH
zjUv5h9F|bD6|od4ndUS2HyTrkk@=AyVOX{%i%xYmI`&6}h0QFAxGCd@aAUv(cHkCH
zVw|@Em<gqW=EM3>wP;dW8QOf<2#iAL$y4xYaBaY2G&>P-##R*94QF&5v_EfEY<mFd
z;;eR0p`6nQ-$s$ad-;F`7vyV(k5tc=TP~GjOUrJ}!%W3cE&fFk*1nE#J@WeS8f=xb
zPs?7715ppe<=j|p-Lk=ZHHyuZ6Jg=<I9NSMx%+hwSv@*dF}LmDsyk3iaOJ_Xy6<jU
za}|6sqz(wc9i~3BYAxjAO1iD5IssMr8G&uWzsa+1L$>Psc0~FFUi$vDt@!1~(^#f!
zn@C$BX+zfjV1jmCLqAA{Em7$)vTKH@UCCGzl(y)1JqWFdPFrBqqtTi$wFO2ifL#Z-
z2cp#=w59&Ht^R9IgeAxyQvlww|8q1r=r`-X2S<Z_{r5TAhWc+g^^Yq62l>%shEjc<
zVsP=^Ld^@+US@De?^`skGX}qj%JC{q-*Wj_(*#APPkPB=x0(G10Yeg_3@q)<dRWWz
zpj5q+SFf+H&TcN>zB?aXzdb$wZkICDgUZLt;WdQMU&|`gC@h8Wq*W-xdj6WqE`{x)
z>k}5U^CiH_>oV|#YO}u&ZFfWSNe(8;9{$8TJ=j~s6Iev$-Kt%zqT2n7SjOtRUa+^0
zeJuC_nqR#4w~N}BeZPp#H{L*mFQV}KlHI*acE9<$#@Ak%Jx|-R{+DACJ^DKUTh{-B
z<NnI~KfT`m{r_iajkw{K{-c^Z`<Bjs1wl~zCW_TxlIfX{^cU;KR!_IG%z%F{82*j&
znDXhP8GaI0q+pl_dy-OnUUmaN9>5Aa529XW<9}nM^EcL8^<n8Q?;GQG(S*lM;csN_
zGKRSXi@8%n_#f~iA!JN>l?@;M*UCns5}Az9b+m#}#j`oevAaJ-?f(`0k3>f^bHS*x
zH)0bd(OhL|Ox#suW1NH0B&2@UyPbwe(Y#wkQWDv-32P}T2q`JcvDYX{i-$S6Eu{JW
zDk*+ip6Sjr3ID!Sd;uaNMrhKc<m(aAQJUy%g&v2b1#&|JTJRK;&xlehB5!B34G$-&
znh70lN0?7;K42rpr$iJ9ZiIPHd^_8a$=7$an^s$Ghm3Pe^9tO17~(y!r6PV54<t=h
zJLIAek8R8t1iPArlk-EhbVr?W%gJP$x>V)A&H{H+pcS-*ov+BMoYVW{e_QhZstb7V
zI$+!TUxV&ZbN}z?c>n(Yv$S2_{~Edbr$z}{@~i4WzsBbz0cr}=cm-9Jg=hPC2)>pX
z`kp;D`N8VF{pNsL9+|9u>}uV+XVL}4qGohvgRAH4D9`ZUi5Q1)kt7&XqVW&1)^BUA
z_8-oWC3MP##HYZq&HfLY?|=3V2Z#Ijzn-PNglnQTO0GZ)aB~hHXUJikQD$rfQWD*g
zDXP$W2|v!L0+pqykXnJ7A!9IQV(fOyDWCooBr>Au9BnPHa-Z<ndkGxfQA~K9N}SL;
zj9n4(KfVj$in9d>ZburDAVmp`atyujY;<GX5PB~m|Ng*-(-Fi}DleQ;-LZci`Cd5w
zMRx4p;>K*+F@K7mYR)@LKw}c!W~u%5iSpir>SOA?3CHBtdlTx!TnkC3-kbmPUcv_=
zsmK&uoSiE#Or<bOWiO;Ll8);x#lO99t|Ad*=UZ?qt@i(OhRXWzaPbsh0Non@d(H2E
z9(9lR=YO81MMUFNNc+~o#;^UZ`P_1;DrWecNJ_@6IEvdixLOofhHz@0f;*^d?aulN
z51{t3Vt<rkL?`YODb|@3UmU6o4}A|{>WX82{?P|>%N6{UmXuE|VEbeUe&cj&r+R33
b|GmI{+qZrD1GWDT00960;KN>$0Ac_DUCVdc

literal 0
HcmV?d00001

diff --git a/charts/harvester-csi-driver/100.0.2+up0.1.14/.helmignore b/charts/harvester-csi-driver/100.0.2+up0.1.14/.helmignore
new file mode 100644
index 000000000..0e8a0eb36
--- /dev/null
+++ b/charts/harvester-csi-driver/100.0.2+up0.1.14/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/harvester-csi-driver/100.0.2+up0.1.14/Chart.yaml b/charts/harvester-csi-driver/100.0.2+up0.1.14/Chart.yaml
new file mode 100644
index 000000000..0e6e43810
--- /dev/null
+++ b/charts/harvester-csi-driver/100.0.2+up0.1.14/Chart.yaml
@@ -0,0 +1,21 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Harvester CSI Driver
+  catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.24.0-0'
+  catalog.cattle.io/namespace: kube-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux
+  catalog.cattle.io/rancher-version: '>= 2.6.1-0 < 2.7.0-0'
+  catalog.cattle.io/release-name: harvester-csi-driver
+  catalog.cattle.io/ui-component: harvester-csi-driver
+apiVersion: v2
+appVersion: v0.1.3
+description: A Helm chart for Harvester CSI driver
+keywords:
+- infrastructure
+- harvester
+maintainers:
+- name: harvester
+name: harvester-csi-driver
+type: application
+version: 100.0.2+up0.1.14
diff --git a/charts/harvester-csi-driver/100.0.2+up0.1.14/questions.yml b/charts/harvester-csi-driver/100.0.2+up0.1.14/questions.yml
new file mode 100644
index 000000000..0c703a0f2
--- /dev/null
+++ b/charts/harvester-csi-driver/100.0.2+up0.1.14/questions.yml
@@ -0,0 +1,11 @@
+categories:
+- infrastructure
+- harvester
+namespace: kube-system
+questions:
+- variable: cloudConfig.hostPath
+  label: Cloud config file path
+  description: "Specify the path of the cloud config."
+  group: "Default"
+  type: string
+  default: "/etc/kubernetes/cloud-config"
diff --git a/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/NOTES.txt b/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/NOTES.txt
new file mode 100644
index 000000000..ba09c6d51
--- /dev/null
+++ b/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/NOTES.txt
@@ -0,0 +1 @@
+Successfully deployed Harvester CSI driver to the {{ .Release.Namespace }} namespace.
diff --git a/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/_helpers.tpl b/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/_helpers.tpl
new file mode 100644
index 000000000..def471b21
--- /dev/null
+++ b/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "harvester-csi-driver.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "harvester-csi-driver.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "harvester-csi-driver.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "harvester-csi-driver.labels" -}}
+helm.sh/chart: {{ include "harvester-csi-driver.chart" . }}
+{{ include "harvester-csi-driver.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "harvester-csi-driver.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "harvester-csi-driver.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Global system default registry
+*/}}
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/csidriver.yaml b/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/csidriver.yaml
new file mode 100644
index 000000000..5fc6ec84a
--- /dev/null
+++ b/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/csidriver.yaml
@@ -0,0 +1,10 @@
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: driver.harvesterhci.io
+spec:
+  attachRequired: true
+  fsGroupPolicy: ReadWriteOnceWithFSType
+  podInfoOnMount: true
+  volumeLifecycleModes:
+    - Persistent
diff --git a/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/daemonset.yaml b/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/daemonset.yaml
new file mode 100644
index 000000000..e995ee65b
--- /dev/null
+++ b/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/daemonset.yaml
@@ -0,0 +1,149 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "harvester-csi-driver.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "harvester-csi-driver.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      component: csi-driver
+      {{- include "harvester-csi-driver.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        component: csi-driver
+        {{- include "harvester-csi-driver.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+        - args:
+            - --v=5
+            - --csi-address=$(ADDRESS)
+            - --kubelet-registration-path={{ .Values.kubeletRootDir }}/harvester-plugins/driver.harvesterhci.io/csi.sock
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+          image: {{ template "system_default_registry" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - /bin/sh
+                  - -c
+                  - rm -rf /registration/driver.harvesterhci.io-reg.sock
+                    /csi//*
+          name: node-driver-registrar
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /csi/
+              name: socket-dir
+            - mountPath: /registration
+              name: registration-dir
+        - args:
+            - --nodeid=$(NODE_ID)
+            - --endpoint=$(CSI_ENDPOINT)
+            - --kubeconfig=/var/lib/harvester/cloud-provider-config
+          env:
+            - name: NODE_ID
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+          image: {{ template "system_default_registry" . }}{{ .Values.image.harvester.csiDriver.repository }}:{{ .Values.image.harvester.csiDriver.tag | default .Chart.AppVersion }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - /bin/sh
+                  - -c
+                  - rm -f /csi//*
+          name: harvester-csi-driver
+          securityContext:
+            allowPrivilegeEscalation: true
+            capabilities:
+              add:
+                - SYS_ADMIN
+            privileged: true
+          volumeMounts:
+            - name: cloud-config
+              readOnly: true
+              mountPath: /var/lib/harvester
+            - name: kubernetes
+              readOnly: true
+              mountPath: /etc/kubernetes
+            - mountPath: {{ .Values.kubeletRootDir }}/plugins/kubernetes.io/csi
+              mountPropagation: Bidirectional
+              name: kubernetes-csi-dir
+            - mountPath: /csi/
+              name: socket-dir
+            - mountPath: {{ .Values.kubeletRootDir }}/pods
+              mountPropagation: Bidirectional
+              name: pods-mount-dir
+            - mountPath: /dev
+              name: host-dev
+            - mountPath: /sys
+              name: host-sys
+            - mountPath: /rootfs
+              mountPropagation: Bidirectional
+              name: host
+            - mountPath: /lib/modules
+              name: lib-modules
+              readOnly: true
+      hostPID: true
+      serviceAccountName: {{ include "harvester-csi-driver.name" . }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: cloud-config
+        {{- if .Values.cloudConfig.secretName }}
+          secret:
+            secretName: {{ .Values.cloudConfig.secretName }}
+        {{- else }}
+          hostPath:
+            path: {{ .Values.cloudConfig.hostPath }}
+            type: DirectoryOrCreate
+        {{- end }}
+        - hostPath:
+            path: /etc/kubernetes
+            type: DirectoryOrCreate
+          name: kubernetes
+        - hostPath:
+            path: {{ .Values.kubeletRootDir }}/plugins/kubernetes.io/csi
+            type: DirectoryOrCreate
+          name: kubernetes-csi-dir
+        - hostPath:
+            path: {{ .Values.kubeletRootDir }}/plugins_registry
+            type: Directory
+          name: registration-dir
+        - hostPath:
+            path: {{ .Values.kubeletRootDir }}/harvester-plugins/driver.harvesterhci.io
+            type: DirectoryOrCreate
+          name: socket-dir
+        - hostPath:
+            path: {{ .Values.kubeletRootDir }}/pods
+            type: DirectoryOrCreate
+          name: pods-mount-dir
+        - hostPath:
+            path: /dev
+          name: host-dev
+        - hostPath:
+            path: /sys
+          name: host-sys
+        - hostPath:
+            path: /
+          name: host
+        - hostPath:
+            path: /lib/modules
+          name: lib-modules
diff --git a/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/deployment.yaml b/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/deployment.yaml
new file mode 100644
index 000000000..bb511dfa7
--- /dev/null
+++ b/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/deployment.yaml
@@ -0,0 +1,95 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "harvester-csi-driver.name" . }}-controllers
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "harvester-csi-driver.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicasCount }}
+  selector:
+    matchLabels:
+      component: csi-controllers
+      {{- include "harvester-csi-driver.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        component: csi-controllers
+        {{- include "harvester-csi-driver.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+        - args:
+            - --v=5
+            - --csi-address=$(ADDRESS)
+            - --timeout=1m50s
+            - --leader-election
+            - --leader-election-namespace=$(POD_NAMESPACE)
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+          image: {{ template "system_default_registry" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          name: csi-resizer
+          volumeMounts:
+            - mountPath: /csi/
+              name: socket-dir
+        - args:
+            - --v=5
+            - --csi-address=$(ADDRESS)
+            - --timeout=1m50s
+            - --leader-election
+            - --leader-election-namespace=$(POD_NAMESPACE)
+            - --default-fstype=ext4
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+          image: {{ template "system_default_registry" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          name: csi-provisioner
+          volumeMounts:
+            - mountPath: /csi/
+              name: socket-dir
+        - args:
+            - --v=5
+            - --csi-address=$(ADDRESS)
+            - --timeout=1m50s
+            - --leader-election
+            - --leader-election-namespace=$(POD_NAMESPACE)
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+          image: {{ template "system_default_registry" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          name: csi-attacher
+          volumeMounts:
+            - mountPath: /csi/
+              name: socket-dir
+      serviceAccountName: {{ include "harvester-csi-driver.name" . }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - hostPath:
+            path: {{ .Values.kubeletRootDir }}/harvester-plugins/driver.harvesterhci.io
+            type: DirectoryOrCreate
+          name: socket-dir
diff --git a/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/rbac.yaml b/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/rbac.yaml
new file mode 100644
index 000000000..2ba042a26
--- /dev/null
+++ b/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/rbac.yaml
@@ -0,0 +1,75 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "harvester-csi-driver.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "harvester-csi-driver.labels" . | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "harvester-csi-driver.name" . }}
+  labels:
+  {{- include "harvester-csi-driver.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "harvester-csi-driver.name" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "harvester-csi-driver.name" . }}
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "harvester-csi-driver.name" . }}
+  labels:
+  {{- include "harvester-csi-driver.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [ "coordination.k8s.io" ]
+    resources: [ "leases" ]
+    verbs: [ "get", "watch", "list", "delete", "update", "create" ]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "csistoragecapacities" ]
+    verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: [ "get", "list", "watch", "create","update", "patch", "delete" ]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "create","update", "patch", "delete" ]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims/status"]
+    verbs: ["patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["get", "list"]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "csinodes" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "" ]
+    resources: [ "events" ]
+    verbs: [ "list", "watch", "create", "update", "patch" ]
+  - apiGroups: [ "" ]
+    resources: [ "pods" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "apps" ]
+    resources: [ "replicasets" ]
+    verbs: [ "get" ]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "patch"]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "volumeattachments/status" ]
+    verbs: [ "patch" ]
diff --git a/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/storageclass.yaml b/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/storageclass.yaml
new file mode 100644
index 000000000..a29c9c7da
--- /dev/null
+++ b/charts/harvester-csi-driver/100.0.2+up0.1.14/templates/storageclass.yaml
@@ -0,0 +1,10 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: harvester
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true"
+allowVolumeExpansion: true
+provisioner: driver.harvesterhci.io
+reclaimPolicy: Delete
+volumeBindingMode: Immediate
diff --git a/charts/harvester-csi-driver/100.0.2+up0.1.14/values.yaml b/charts/harvester-csi-driver/100.0.2+up0.1.14/values.yaml
new file mode 100644
index 000000000..6817bc510
--- /dev/null
+++ b/charts/harvester-csi-driver/100.0.2+up0.1.14/values.yaml
@@ -0,0 +1,54 @@
+# Default values for harvester-csi-driver.
+
+replicasCount: 3
+
+image:
+  harvester:
+    csiDriver:
+      repository: rancher/harvester-csi-driver
+      # Overrides the image tag whose default is the chart appVersion.
+      tag: "v0.1.3"
+  csi:
+    nodeDriverRegistrar:
+      repository: rancher/mirrored-longhornio-csi-node-driver-registrar
+      tag: v2.3.0
+    resizer:
+      repository: rancher/mirrored-longhornio-csi-resizer
+      tag: v1.2.0
+    provisioner:
+      repository: rancher/mirrored-longhornio-csi-provisioner
+      tag: v2.1.2
+    attacher:
+      repository: rancher/mirrored-longhornio-csi-attacher
+      tag: v3.2.1
+  pullPolicy: IfNotPresent
+
+nameOverride: ""
+fullnameOverride: ""
+
+kubeletRootDir: /var/lib/kubelet
+cloudConfig:
+  secretName: ""
+  hostPath: "/var/lib/rancher/rke2/etc/config-files/"
+
+nodeSelector:
+  kubernetes.io/os: linux
+
+tolerations:
+  - effect: NoSchedule
+    key: kubevirt.io/drain
+    operator: Exists
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/control-plane
+    operator: Equal
+  - effect: NoExecute
+    key: node-role.kubernetes.io/etcd
+    operator: Equal
+  - key: cattle.io/os
+    operator: Equal
+    value: "linux"
+    effect: NoSchedule
+
+global:
+  cattle:
+    systemDefaultRegistry: ""

From 5f29efd3f956dcc973e3a0db1f720cf38926b219 Mon Sep 17 00:00:00 2001
From: Vaishnav Gaikwad <vaishnavgaikwad721@gmail.com>
Date: Wed, 15 Jun 2022 15:36:46 +0530
Subject: [PATCH 06/10] update annotations and sonobuoy version

---
 packages/rancher-cis-benchmark/charts/Chart.yaml  | 6 +++---
 packages/rancher-cis-benchmark/charts/values.yaml | 4 ++--
 packages/rancher-cis-benchmark/package.yaml       | 2 +-
 release.yaml                                      | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/packages/rancher-cis-benchmark/charts/Chart.yaml b/packages/rancher-cis-benchmark/charts/Chart.yaml
index 3049f3475..d5dcb9b97 100644
--- a/packages/rancher-cis-benchmark/charts/Chart.yaml
+++ b/packages/rancher-cis-benchmark/charts/Chart.yaml
@@ -2,7 +2,7 @@ annotations:
   catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: CIS Benchmark
-  catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.24.0-0'
+  catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.25.0-0'
   catalog.cattle.io/namespace: cis-operator-system
   catalog.cattle.io/os: linux
   catalog.cattle.io/permits-os: linux,windows
@@ -12,11 +12,11 @@ annotations:
   catalog.cattle.io/type: cluster-tool
   catalog.cattle.io/ui-component: rancher-cis-benchmark
 apiVersion: v1
-appVersion: v2.0.5-rc2
+appVersion: v2.0.5-rc3
 description: The cis-operator enables running CIS benchmark security scans on a kubernetes
   cluster
 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
 keywords:
 - security
 name: rancher-cis-benchmark
-version: 2.0.5-rc2
+version: 2.0.5-rc3
diff --git a/packages/rancher-cis-benchmark/charts/values.yaml b/packages/rancher-cis-benchmark/charts/values.yaml
index 8030e6330..91e812a90 100644
--- a/packages/rancher-cis-benchmark/charts/values.yaml
+++ b/packages/rancher-cis-benchmark/charts/values.yaml
@@ -8,10 +8,10 @@ image:
     tag: v1.0.9
   securityScan:
     repository: rancher/security-scan
-    tag: v0.2.8-rc1
+    tag: v0.2.8-rc2
   sonobuoy:
     repository: rancher/mirrored-sonobuoy-sonobuoy
-    tag: v0.53.2
+    tag: v0.56.7
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
diff --git a/packages/rancher-cis-benchmark/package.yaml b/packages/rancher-cis-benchmark/package.yaml
index 8104ee8af..58571e2fe 100644
--- a/packages/rancher-cis-benchmark/package.yaml
+++ b/packages/rancher-cis-benchmark/package.yaml
@@ -1,5 +1,5 @@
 url: local
-version: 2.0.5-rc2
+version: 2.0.5-rc3
 additionalCharts:
   - workingDir: charts-crd
     crdOptions:
diff --git a/release.yaml b/release.yaml
index c72cbe06f..df3af4568 100644
--- a/release.yaml
+++ b/release.yaml
@@ -19,9 +19,9 @@ rancher-aks-operator-crd:
 rancher-csp-adapter:
 - 1.0.0+up1.0.0-rc2
 rancher-cis-benchmark:
-- 2.0.5-rc2
+- 2.0.5-rc3
 rancher-cis-benchmark-crd:
-- 2.0.5-rc2
+- 2.0.5-rc3
 rancher-eks-operator:
 - 100.0.3+up1.1.4-rc2
 rancher-eks-operator-crd:

From 5ffef404e7b692098d3c22b291efc5525b59eaaa Mon Sep 17 00:00:00 2001
From: Vaishnav Gaikwad <vaishnavgaikwad721@gmail.com>
Date: Thu, 7 Jul 2022 17:19:38 +0530
Subject: [PATCH 07/10] remove older rc version

---
 .../rancher-cis-benchmark-crd-2.0.5-rc2.tgz   | Bin 1467 -> 0 bytes
 .../rancher-cis-benchmark-2.0.5-rc2.tgz       | Bin 5341 -> 0 bytes
 .../2.0.5-rc2/Chart.yaml                      |  10 --
 .../2.0.5-rc2/README.md                       |   2 -
 .../2.0.5-rc2/templates/clusterscan.yaml      | 148 ------------------
 .../templates/clusterscanbenchmark.yaml       |  54 -------
 .../templates/clusterscanprofile.yaml         |  36 -----
 .../templates/clusterscanreport.yaml          |  39 -----
 .../2.0.5-rc2/Chart.yaml                      |  22 ---
 .../rancher-cis-benchmark/2.0.5-rc2/README.md |   9 --
 .../2.0.5-rc2/app-readme.md                   |  15 --
 .../2.0.5-rc2/templates/_helpers.tpl          |  27 ----
 .../2.0.5-rc2/templates/alertingrule.yaml     |  14 --
 .../templates/benchmark-aks-1.0.yaml          |   8 -
 .../templates/benchmark-cis-1.5.yaml          |   8 -
 .../templates/benchmark-cis-1.6.yaml          |   8 -
 .../templates/benchmark-eks-1.0.1.yaml        |   8 -
 .../templates/benchmark-gke-1.0.yaml          |   8 -
 .../benchmark-k3s-cis-1.6-hardened.yaml       |   8 -
 .../benchmark-k3s-cis-1.6-permissive.yaml     |   8 -
 .../benchmark-rke-cis-1.5-hardened.yaml       |   8 -
 .../benchmark-rke-cis-1.5-permissive.yaml     |   8 -
 .../benchmark-rke-cis-1.6-hardened.yaml       |   8 -
 .../benchmark-rke-cis-1.6-permissive.yaml     |   8 -
 .../benchmark-rke2-cis-1.5-hardened.yaml      |   8 -
 .../benchmark-rke2-cis-1.5-permissive.yaml    |   8 -
 .../benchmark-rke2-cis-1.6-hardened.yaml      |   8 -
 .../benchmark-rke2-cis-1.6-permissive.yaml    |   8 -
 .../2.0.5-rc2/templates/cis-roles.yaml        |  49 ------
 .../2.0.5-rc2/templates/configmap.yaml        |  18 ---
 .../2.0.5-rc2/templates/deployment.yaml       |  55 -------
 .../templates/network_policy_allow_all.yaml   |  15 --
 .../patch_default_serviceaccount.yaml         |  29 ----
 .../2.0.5-rc2/templates/rbac.yaml             |  43 -----
 .../templates/scanprofile-cis-1.5.yml         |   9 --
 .../templates/scanprofile-cis-1.6.yaml        |   9 --
 .../scanprofile-k3s-cis-1.6-hardened.yml      |   9 --
 .../scanprofile-k3s-cis-1.6-permissive.yml    |   9 --
 .../scanprofile-rke-1.5-hardened.yml          |   9 --
 .../scanprofile-rke-1.5-permissive.yml        |   9 --
 .../scanprofile-rke-1.6-hardened.yaml         |   9 --
 .../scanprofile-rke-1.6-permissive.yaml       |   9 --
 .../scanprofile-rke2-cis-1.5-hardened.yml     |   9 --
 .../scanprofile-rke2-cis-1.5-permissive.yml   |   9 --
 .../scanprofile-rke2-cis-1.6-hardened.yml     |   9 --
 .../scanprofile-rke2-cis-1.6-permissive.yml   |   9 --
 .../2.0.5-rc2/templates/scanprofileaks.yml    |   9 --
 .../2.0.5-rc2/templates/scanprofileeks.yml    |   9 --
 .../2.0.5-rc2/templates/scanprofilegke.yml    |   9 --
 .../2.0.5-rc2/templates/serviceaccount.yaml   |  14 --
 .../templates/validate-install-crd.yaml       |  17 --
 .../2.0.5-rc2/values.yaml                     |  49 ------
 index.yaml                                    |  40 -----
 53 files changed, 960 deletions(-)
 delete mode 100644 assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-2.0.5-rc2.tgz
 delete mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.5-rc2.tgz
 delete mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc2/Chart.yaml
 delete mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc2/README.md
 delete mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc2/templates/clusterscan.yaml
 delete mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc2/templates/clusterscanbenchmark.yaml
 delete mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc2/templates/clusterscanprofile.yaml
 delete mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc2/templates/clusterscanreport.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/Chart.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/README.md
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/app-readme.md
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/_helpers.tpl
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/alertingrule.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-aks-1.0.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-cis-1.5.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-cis-1.6.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-eks-1.0.1.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-gke-1.0.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-k3s-cis-1.6-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-k3s-cis-1.6-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke-cis-1.5-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke-cis-1.5-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke-cis-1.6-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke-cis-1.6-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke2-cis-1.5-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke2-cis-1.5-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke2-cis-1.6-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke2-cis-1.6-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/cis-roles.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/configmap.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/deployment.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/network_policy_allow_all.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/patch_default_serviceaccount.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/rbac.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-cis-1.5.yml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-cis-1.6.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-k3s-cis-1.6-hardened.yml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-k3s-cis-1.6-permissive.yml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke-1.5-hardened.yml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke-1.5-permissive.yml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke-1.6-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke-1.6-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke2-cis-1.5-hardened.yml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke2-cis-1.5-permissive.yml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke2-cis-1.6-hardened.yml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke2-cis-1.6-permissive.yml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofileaks.yml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofileeks.yml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofilegke.yml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/serviceaccount.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/templates/validate-install-crd.yaml
 delete mode 100644 charts/rancher-cis-benchmark/2.0.5-rc2/values.yaml

diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-2.0.5-rc2.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-2.0.5-rc2.tgz
deleted file mode 100644
index eda11fbf37ce8b638af67b93ae4b90e9dc1153b8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1467
zcmV;s1w{HEiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI>(bK*7-&NIJ4bA85V93UOua@@6ZZ7-K0>GgS$H=v6xd8BoE
zOsD_7BijkKu`vciu5;`QgCu_|+24LEt*t@wCF(vGrawo?mm%oKKG*)+=@K+KD+q&&
z1I=|^cRU;>zpm?+f8CKcyci6<(a0TNdE=`KcQ78f!wcpf>UbB64S~LJ5B61F-2cQt
zN<~0INi*p&#(^ME3x@+yfR0daIcgFQ0{scgxKcT6DSRL0guNjh<D1GM5<)Z)aGWs9
zHWi@;Qo3(ehA^zWL}P$pux~GY@xRH{9z@~`Y9o}Ku%|)KN5i#<DEa?U8iF7&jF!lz
zv-gHQC|!-^^qL&eD#8haC<+8m?pp8Z*{|og&Zw`s*L&?}+Q#bRpD>I9AT)1z5F0{m
zILN*9V0-)zTyHQa#=keX91qU%e+tV-4nzXK5lZ{dIFCOY8-h=R-lLHIgiT{ZDx9HF
zvF7+5AA}T11cXT71A*0#G=6e~F%B1I9nn1#A-4k;TE$T!1i8-i`b3Br%e<ygcN}EW
z8U?Y2py;B<nBmF>W;VLVSQeHERzI88(;$H`sGqEyS*1!FNNHGLt_6HQSsMhmT1Y}Y
zRY4reY-WA-)hKxjw45-<5KwHK01VAyY3F&X)q@D|2Er8V`L5)ak`2kaQ&BObg<RA+
zFmV`yUOA))f&%V+uB8=J1jZDQZr2U1fF3{;r}WFZp%svM6j1@_Zr#ud=x@-n0QA?o
zp%su+be*dGJSaZS8%1oRYbWfCEB7KqLl72M{6}?X18{`gF?@-B9H4I*HdXRLEF7+t
zyvy2)WZdl7aAD%P&cZ!ozKs>TgbDlS-*gCHVhGQjDnfaE`|-==U7?w=NZV{rVvUnr
zoN2+@s>h{{3V~JbW=zIGU>`&-iu1OyxIFa6eQOP0KXGgMr%=`32;Z;*YZ?iq)vT$C
zB~^P#A*`S+5|J#My~)=BYMLD~(e3xb8dx8n<y3`HfK=mYJ>j`h0fO8PW+f-q2Vtcn
z)ch-Qsv%Hir{PMY6&N8an1eD7H(UEGr@r~-oR+R_Uvk$>It$_*L+=K^kqwRO3RdkO
zb$8EP6LMkc)^${KCDR;U!9qb8R+6)cx>mXGHAs^nTaB*c+YWKk7}BY~KO-LqkMAo)
zW9%;Is7^G3QS!Jxs@UDNk7U3RJ#3Ytoq__ihE=K07bXf|)p2%1t(D%EaOyR8E9VZ+
ziIxdR1E&`qsFZ!yxcn{8xcW5Fr977Rpj~3Cd3wb96(#DVO0tQ*Z7Y)Py*s9<O|1KE
ziwb9e{UB_z-*Zp)C@LP#E>|We#r-a|$ESU+tfh2iN1^ex3n4$KwXFZGOQkIeferP4
z?`k+M)&DNNk$0~Dox+Y?|9c@!hlRj*&zMPfMMZG!^mR*v5ppM+)~!}g!hey>LPfCD
zw?nBX6!Q0Yj#?t2$(~;U`BVLXUEtwc1AP5}9pHJwq?f0dmRvqTv{5nLVc>!8lJ`+N
z`^=C2uB&Aw(sg>S-g19V<tKfM*rBs3!gq>a5suyAAF{b>ng65oG}7)hU_<^NjJ(TI
z{`am%?m7RT!j7H)Gs1M3{qyh6Dsum`!|pTx_ayKyp?U<dvM0`aG}NYW+E`B6T1?rq
zpw+B<Y>y3F`PLS82k)vo3#)tWkZxry^<QJ8T7MPRr2pg5sI33v%k%diC$VGee@d7R
z<$sm{)~SEy?)8s-M|#J9usE?FD3Kkr#+?%Fx4X|bC)~#$A^z+2fA-<}{ihF3=pXE(
z>HFWo&?|laI~rb|>whP)pSFDLdd+5OALC2V#Ape`#Kz~eu|c2BS9PD%zV-^wcDA#f
V?QB){UjP6A|Nk<uMo|DX0017X(b50_

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.5-rc2.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.5-rc2.tgz
deleted file mode 100644
index 86eb2126c0980c7fe795db4139e39e5ecccb33bd..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 5341
zcmYkAcRbZ^*vAhdBU>b)viHg!#~#`Hml3kE_bMD@m93(T4%wR=J5Gd?O;(OQvgO3V
z;f(L2=lSQk|Gw_)`rMz_^}65J>*7oyX9E2@fB;CyN!Lu=S=Ug;AVOaHnUs~di@CIi
zjk&yxv6YpKp|!WCldnsJg{hyiuB*2X=rAfOXi+XZj1Ywu=-i4D9D1kMjU2BEZ5`gk
zv_`VIn}vq9m47j(F=*wk<&Pm!^$OvD<YI*{hU!6?Oj@RM`rODBCu_kR-6En#r~}`x
zl@G{I6Z!9DJl<jcD0`1l!n1(-waK4%sjsXRi`<$Ql>UT{t-3XT1Qr#1TOC?Dk4j3m
z|LS2eTb9isGkd`fYC$Xs4WD%dA3l|achyF2J|(9gY=8JBkoToDD1)B?6?;HmMjR~Q
zm#G_&Bw3|Phc5DOm-~c*+++MrO(h@B&vayto<2+%iWK}FW5BLG`0G`3iWf#ephz6g
z->J1jlTcc4wsr=Mj?Y<C2+cQQB#?`=Ezfc~u(-`?{m2aeMY2rC@%jE6DjlP;z5pj?
z(U){4%=j9VPx3Q^_rX6ck{E|0Rk8-ENZ}<akKO(G45;0X?ZlEx)gLJLxop;3egN;q
zcMP^Immc|CxI|2olId~}nu#8c_eFZ%_4HUk%D*`+5`Ut}o{^z3o>}F3sHY3$%;4%R
zxt!#%$k6;hSzKR3$8`26?h2mbPU&`DP-bQ=f_RdXC5Fk|+Dmz2G{qP!411I5<w%HM
zw38=N8bW`C&Qw-((7va1ZJ0vA=HB|+c}Zc)G<n#FIQ<tUZ;QVgXWAO>QuB$QreNtg
zoGpM&BAq`Qc6rZDRt!Lz2yia7_&{qi#{`03m_p%K0$8C64G{<i9XA<&R*gLh+6^*Q
z3SCALMRJ%?SP;iL7>R-9qC^KZ1<=LDBr_B%B`kEY{yH~W$Sv>r(yOO&bMl+tD_3GD
z^1nx>Ssd&ot-wq2XfA2^#`={|%(qPa>h=%iF`h1GF?yvxRD~GY_6R!EW_O;xj2Cgw
zE)9ew{_ywc^tmYHQmPB*amUGQO#ikUv>+Fq49hOvOOnsgVQ;gqp?Ignz%k6R1fBuW
ztR0hQrRvfds1+d)&MqqA^{`QwWR4@_-i()gW7P4N3TiQ1G-`V^4>~oJ#!Gb~xT(GT
zepDruOU;_Fyy|P|)*&8>l{9`Xb-$O5VS53t&Kgxc%kxE1P>zkuoPpPZ`azM+0NaX(
zC5@W)iU|uuk9D?sDj}ukj{{2HfIQzzkJq-}+v|Om9rPv<)I>&niDWpKVFQrL-p2pO
z@@-N>;PnTNymP91LDMg8h%xjs`I1U}*%M+yz2M!S_Z_v!-}!WTYc0W))@E#5j-WEw
zv^QskUFJ#4$B3wR_@*O!i6XaD)Kz^Y8tEuIXf+=zh^x;C)Hi~qq@}!E>^T1nCH~=Z
zr!(bbOU3T$-kO}=ZZK7ptK8F>-=<)319{|dR$6?+7CFQ{w7AIGC<-rHk40&>y`p@F
z%7rP3r~mxBXj3p89*z1vZ<B_`zB83>IlM^(=TSRktOkit)+RC4qzc_Lse;|x4>^^Q
zso_i`dNdKNsC-*E$)v!M=EqU_AQgqlFOJ5+m18yN4F>ALW0MbgM#+w$TdAfL`$NWd
zl^kEadc0JcoT46Bcmw7~OYN-B=ssuGQ?`YYT8#k;N510(XhCq^d%W1IKgVp~Z}M-m
zRCOz~kp22F<dbZPxWUC>NzGW4#^!o)DCGG0h$gGL{e;8Mf)IZWSim&Jl91xOKe#*+
zqJQ+H+i}BH>Yx@$w?7d?x}Yg5k;F#t1$`olym{d_7u13j`uKs#v+j{CKfifYB>-8d
z^cw(?yxz;bdL|So;)yfCb``SoQZn*BB9FmD3v!f<rah3D)+<^6?PSQ;F%V<Cfna5?
zzYWBvn0|XL*1Kt1^fnHixT`~S7pg|x(JzcZs{7^Trc0=@ZnqlJq?!m}4{QGuirADt
z-}rh(bdKGv;+O%S9JEK`<<5?Zq6s1o)uJLC+^Zir*SH^u`^mXCp9oh}49@6(w!B*X
z&uN(KA*KJ~<r*b^_3#sH`wY?*5%{wj4PkvZoj<o1=$tX~c_m;w$9u5AgERe0>_I@R
zT_*>p>>ryJde>-Ll>p#pd1aa@J(T}*RQrHdRwmYHR4AHLY-oA4qWL@N!A9SA4Z{ik
z7lYKPc&AO}JklSugCuRVj?o@<66W9z0hb?m{R8DsQs6CQ+T6W+<Y`iSrmTv&RXLXz
zrjj)%u<aHP*WRw)`SxSS+l0jkpkdh)3KPQRszn4(Xz*&CeGIXvSMGDGIZ45!BXr+P
z{(@h+uzXF>E86jVH^y7)F?DwR{RZZrL0F!5liP3t3R)w|NGgJ23I<${av(cm2L9f8
zk`8I+x99~fC(AKlQ7VA%HesYFY7GeY!f{$-#6Hd;z=H&cmos(aT>ue*3sbyJ&@W!z
z0JC$ANQ11TVs<nSHX-7D3_Ac~76)fSiV!v>zTCsVqPN<G7{OEsI_w`ui3%Rjt4N~f
z&B=uRu8uVTVd<SZ|H>?Hz@MiITa%THm(;6v?QvKRJ5IpZ31boN0(;9gFXL+dLZLvI
zEuxSTaGfNez-(Oa$-;ZClMax-RgS?g0-K?(z&|zr(&)e|c}a|o7S|!i=MLa%lmqb*
zEpYG)cub-s?ehv?*ai?sp1`$27Q*~Tpg|qd!qyH!(f~Zafc*<-*>!$671qHcCTdz6
z<LB1~YLq7^^40C*AOf%;oLG96&iZOJ6L2huJO0?(4`|bT^TcufK7v%(7Xkta=gELH
zd(3qy9-jn&ng!JQ1(>~rnmzZ!I0O-`nWC++ke3xAf8k+RhXDwG(sj7~KV^p>t=1jD
zEJ~PqM}HyIs;~6v4kW*Ba~KdyIKi;A^#|#dCfZE`GQHrXDa9wHRQ2I8`q9LiI0;v2
zdeS>U=BIe{M4XP()kviK)2aUT;_OQMX3gg3ANJPXY58gNVjq3$3rnCSO|;|3?$Zp^
z9rosS@@4YZa;hs+;xTVCh>*q)OjjDC|KlwB>A-g`G(#e2iJvb!8b$mVZMoeuqj%@=
zcgORk_|d6j%D=39MhD$b(l#9JwKleEjc+<Lxc$!ViNb$BNN}W6WEBl#;uG_S;l>Ah
z0|~};-vyDMtdM{U|KS9o4ZTx<_iL-c!_D~Trpj~0^ghszf30lXBzHAxQds6rHSP;z
zj+2oZ!7!c1(`nu16`?5*Q8m=4js2vIUXw-eSAmg7>RmTk=lP{bC7dXNJHhyN$@M1J
z<?)j_#w^^`w)zSzCSe9KP!+)a(gcxZ@YL(Q(qvsVty{}9?Q1=~ZS!=6tM#Sgg9NkS
z&i08HGW$<??Ymnk0hL4|XnIx@A_R2pzP!8*3h0`>1OoX}!j2%LxYi4g39*1hNqU$}
zta86oU|m;}RdT)kP26L_JEuc1BXe;?pienSPkPLqDQxDu`NSr@IVVf}c0Wb3Vde}}
zN{e43D`1e4)OUz%JaIlq(%~+zxjsNpp+0ky?E09w_(xbpOi2mNVOaeG#KG}&Vt&h<
z=>{}hwcCT%=oQ7sVRUx@)cxTYOpv0EOrT7?u_;pOEV*RbRUMBca-~>Uenv6B;|}TW
z#NbB8&KC9%`6(mQV5s|>H(b`yNw_cTgFB?{MwY%RP(nweLI%?_E%*=oP6il2&qE;#
zI&7Oo+cij8>sKN9IjE;UYnxLJ@~3Hctf38lq7z^T`vUvb$g9i!(}z3rHG@M3h;Roe
zaAbEeRwA9gz&ll8ZE=Cy+%x7JUv2m<LDBYsBEw7FetumR!yJ&1pcREVINLd`$<L_B
zC0#DOjffOpG|2oTUnM+BBE7t-ScDOCxmUX6mbD8Z(f*iWpjM+?<0NW!scf=MngtiG
ztjTverD5i}bX!=MzoZ;1!%&}m-3U)>4GdD7$er;K{c}{k@5+T@o)gV?)cTDkVe|&G
za|CFfKgoWi{nDoiaw1(=7S8SRTM)=7&hwY(q)2-Tf1vh_?+P&d+G~jg7m@-E(^VVb
z9F0rT?sm8Uo3QX!6s(~(0pjBJd@z{+8ELG4aIxd704nmnZ!%c(YMWx4^Vi?Yh`YQg
z$t*G%myy0;m6lp4S6v_c3EGG~A)+G0p1si%s8~>Vg29I+T=!50V7t63H43o6MN~Uk
znbNtXW0vp%ptA>L&ek++8sj==9PxJ5TZDEEtO(`JI86J8rKWt5bkd;io7=^yO0-it
z0G)5s1gXMy(?V@=LD>uEXsZkS+os{Hg}E&HO0}}=jy0Vl@rHu+ymc3WPxEtadCmPR
zzL8C%Cwe}jg@urr+==Hb&D+^7g~1sa2u+e*ePz-6&9BJMF8{i<u^Kj`b@*n0RiMP^
z;Q&IR_iPD+AJzFmFwJQA9+4~?n;OPX<^~;fI{W_q{CwVqdMziMYvmYH<Xrt?vf5zl
zIL&GS(%g$Jya3fB0r?>);8_T>oxN-@d#;mzxgc%MkoX5DEt26NWApC2+${rRwl6F>
z%%b4@O}(MNu}j)*%CJn^MO}_^1Y2kTY@Kg7a+qx5F@IY?A$mvX@Zb&i&xq0p>6n3@
zr=sDk%LGPcR~Nt2G25DsTB_(d-cyZbHT~Z`p%cnIxmn@W{4!p@0*wRTGP^14XNe{s
zueBuA&h7uyLBSsb?&o3dvLNs0)K>Mt)-mAQmYz3zd<~7U31Cq1bfg5}%OBBd{ytz%
z@+b0j8$C6Xt8%3fy_0g`Qkk=qt$A}5FvAeJ0Fx)k!igNIaGac$1P1}wOB`qJ8(@<X
zSk=m3gUb=4E&xKq^pjtJeANadSEH*RGNlGX>%?F!$r56dpf;^yv8@A;^P4fNSS;K~
z7D8xSl&=~G-m7B=fu(@?FOO8qCo6J}gDMPBVxvbiI&2FB>w`6T;VN(hGZy?uEgnMi
z&Hc9$4A8DszLS(V8gR>h4!5qkX6Oynh~NRY-$1T9wh!nN^BevNdVjQ<EQ0{bry%pa
zkQLxKxMmf2uW?Pf&7YGFV|dweAJlc<uKFB8+MWymB1w;%09VhLVS=9~+XkGU7!`&9
z{sf;~0HL;)I3Vyj0^@)SiPU2Q4P;%vrE>z>ItY-Zfd0Y!7zoR##==L6yEox5>KNCi
z>wvzA{C|YJ`HzDCrUm77IGW`D-~Dt1X+r`+3FqlRMI$gP_zejoA`I#JMxs|I1#xZ0
zCx79#b-p2hu>edT=l*&6i1nbeGza@E9+&Dtg4-mZpkQFyGeqeBd}(@wD;a<<zVQ6p
z9gYM6ucq>LqE29G_+yLn|MgAkf!9SU5WDa?T0%W~5XJ!5YDMN%SYp8Y+ZTXs;Xa`u
zke}ta3zhUIqO^f?FYJtV>-5U~A|yPH|5k^LN(d)dy9Nc(A>L<9&~v<jVDy4w^`Dax
zYzs?pc!-ZOPv!Nf!QSumjf`^T#*a0_Z<qX(#f1Op(iCQ-vIO=`=7E)-1YS8>+7=SV
zAT(_hhXm&faGbI7`-lgoJYokCekECdrS@fdW|`%u*@j!)=@sP{rP?KB2Zgs;;;HGD
zq!_Yo@0w_tc2+<|pW*qW1UxtsH3_5@dJ%q1aI3g4MD2c?!GM@`SqC@r^)O0fTMX~!
zb(WN`fgvHJJmv|34=C+;qRHT8dIr<mo)1yBnxt1I@W(2J_T9OvH{zb8yOOY|u$ECY
zsSrtPqT1>BHGI`Oc7@lj_Xz>*aPF$;ibM-!Zar(LP=4;^$&AU%9E)0@VcdAt;ZxV<
zGA`ZiJuvUHa}Kdx-hAsxu%=}H_MV-{KQw^4YCB#kt;y!7S=)UuiiEA&E-v|wlw)`M
zr?H9q6c)7GydrD2$Vb0cpgCCjBJbRv7M8{!oK#zMNdHRP7A0!N>fBj+h>7eYHi|?q
z+Z=&JYegHgz+MjU=sIeNI~B-Mf4NtSAjBY5%XnS@U9Xe;#LSHkkCdRD*25*waBszf
zZ!kboyC#W*P<}KoM>m1pt;)XZS?&g4rU8~{5!l^X^I4m~&cz_UrNdq)iRI1aOSxQ`
zLaEv(p?3t^(^<b3?%ldP$S*c4K9s)ucBudCxmohafMY1$-??1-uHUsJa7Rp22+fsU
zYMRRAmD>-#A~{V4!+|SZ3vLwMjdRmoStSP4z|Pb1r8^|`2n02rH)68gs|)bFFO^$#
zH?16c@8gNo&(|RtFw&FzYm6eKb@Or><t`0YL2LR}^P|HYCeo?ChEsY~3-Nxvv83!u
z+@tf$^qI*K8pC7&7TmcjW~0g6pMV=`OXlwL8U5KqIuPL)QlI?c2C?L4%8=Flbc@PD
z<#B`4I~S(=vgRU)Yp{m07-2i->j=l@+P_hgG+EwM48I$wY$pNzSvbjjVjW3EIjBeh
z9?G&BIo7`7uxdl2axS1j@%Dk_^6BHr-uoQ8RZ+v~E4B}(j5&}?D%|?-{qro0!@f50
zsL)OSSEy8#;Xy5EyNqU#vfunLmHil@cN)^RB5^RS=He{IrnFa~Cq&~US-N7<Je%RJ
zeJuLXtlxi9JGZflBGnK(lcH!9kjZtI*tK=*T`ZNBbAc)+-<~v&mIz2J`%Q+sgzQlv
z^Jos^XFn>VeV;8EjuPY7eU8;wrJu`1;YvO3_%bbpQxi9HUO9X3a|Vfug_Il0$0OXS
zO!JM&mW#J!RJjer$<Ypl3&QWVt^~Q`Qca691KOf8BHb+=G8>skJz~`N1fP}#hA}J?
zY_`8DG9(h6dGnB1n0;S>WtTdNlOW~%f3kh%Bn^L_m^srd@X{|$%Zhp5cT5}IBTh-o
z8!sRN_5x?yy<u~7Ry{T`rl-!e>!nEDDt79hOec4dWOz<`={nc0KVG@vwo+5`A^8~z
zHP}dAj(eQ_;7b09DMhjFd>@S1v1bo2X1!bNoAD^4KD^YQk*XPn>mZty6Bk3oXT_c`
zjCQrTy(lbg4wNkH=enJuw3lPPT9HRf5x4i%kw*~Y$#^l^*K1uvN9X+`2=g0#@=DuV
mT$X)@*jpS}TEc~Gsaji@YTfQOxq|=OWCH7$?mW;O2=qTtq}2)l

diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc2/Chart.yaml b/charts/rancher-cis-benchmark-crd/2.0.5-rc2/Chart.yaml
deleted file mode 100644
index 8ac54062e..000000000
--- a/charts/rancher-cis-benchmark-crd/2.0.5-rc2/Chart.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-annotations:
-  catalog.cattle.io/certified: rancher
-  catalog.cattle.io/hidden: "true"
-  catalog.cattle.io/namespace: cis-operator-system
-  catalog.cattle.io/release-name: rancher-cis-benchmark-crd
-apiVersion: v1
-description: Installs the CRDs for rancher-cis-benchmark.
-name: rancher-cis-benchmark-crd
-type: application
-version: 2.0.5-rc2
diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc2/README.md b/charts/rancher-cis-benchmark-crd/2.0.5-rc2/README.md
deleted file mode 100644
index f6d9ef621..000000000
--- a/charts/rancher-cis-benchmark-crd/2.0.5-rc2/README.md
+++ /dev/null
@@ -1,2 +0,0 @@
-# rancher-cis-benchmark-crd
-A Rancher chart that installs the CRDs used by rancher-cis-benchmark.
diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc2/templates/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/2.0.5-rc2/templates/clusterscan.yaml
deleted file mode 100644
index 3cbb0ffcd..000000000
--- a/charts/rancher-cis-benchmark-crd/2.0.5-rc2/templates/clusterscan.yaml
+++ /dev/null
@@ -1,148 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: clusterscans.cis.cattle.io
-spec:
-  group: cis.cattle.io
-  names:
-    kind: ClusterScan
-    plural: clusterscans
-  scope: Cluster
-  versions:
-  - name: v1
-    served: true
-    storage: true
-    additionalPrinterColumns:
-    - jsonPath: .status.lastRunScanProfileName
-      name: ClusterScanProfile
-      type: string
-    - jsonPath: .status.summary.total
-      name: Total
-      type: string
-    - jsonPath: .status.summary.pass
-      name: Pass
-      type: string
-    - jsonPath: .status.summary.fail
-      name: Fail
-      type: string
-    - jsonPath: .status.summary.skip
-      name: Skip
-      type: string
-    - jsonPath: .status.summary.warn
-      name: Warn
-      type: string
-    - jsonPath: .status.summary.notApplicable
-      name: Not Applicable
-      type: string
-    - jsonPath: .status.lastRunTimestamp
-      name: LastRunTimestamp
-      type: string
-    - jsonPath: .spec.scheduledScanConfig.cronSchedule
-      name: CronSchedule
-      type: string
-    subresources:
-      status: {}
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            properties:
-              scanProfileName:
-                nullable: true
-                type: string
-              scheduledScanConfig:
-                nullable: true
-                properties:
-                  cronSchedule:
-                    nullable: true
-                    type: string
-                  retentionCount:
-                    type: integer
-                  scanAlertRule:
-                    nullable: true
-                    properties:
-                      alertOnComplete:
-                        type: boolean
-                      alertOnFailure:
-                        type: boolean
-                    type: object
-                type: object
-              scoreWarning:
-                enum:
-                - pass
-                - fail
-                nullable: true
-                type: string
-            type: object
-          status:
-            properties:
-              NextScanAt:
-                nullable: true
-                type: string
-              ScanAlertingRuleName:
-                nullable: true
-                type: string
-              conditions:
-                items:
-                  properties:
-                    lastTransitionTime:
-                      nullable: true
-                      type: string
-                    lastUpdateTime:
-                      nullable: true
-                      type: string
-                    message:
-                      nullable: true
-                      type: string
-                    reason:
-                      nullable: true
-                      type: string
-                    status:
-                      nullable: true
-                      type: string
-                    type:
-                      nullable: true
-                      type: string
-                  type: object
-                nullable: true
-                type: array
-              display:
-                nullable: true
-                properties:
-                  error:
-                    type: boolean
-                  message:
-                    nullable: true
-                    type: string
-                  state:
-                    nullable: true
-                    type: string
-                  transitioning:
-                    type: boolean
-                type: object
-              lastRunScanProfileName:
-                nullable: true
-                type: string
-              lastRunTimestamp:
-                nullable: true
-                type: string
-              observedGeneration:
-                type: integer
-              summary:
-                nullable: true
-                properties:
-                  fail:
-                    type: integer
-                  notApplicable:
-                    type: integer
-                  pass:
-                    type: integer
-                  skip:
-                    type: integer
-                  total:
-                    type: integer
-                  warn:
-                    type: integer
-                type: object
-            type: object
-        type: object
diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc2/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/2.0.5-rc2/templates/clusterscanbenchmark.yaml
deleted file mode 100644
index fd291f8c3..000000000
--- a/charts/rancher-cis-benchmark-crd/2.0.5-rc2/templates/clusterscanbenchmark.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: clusterscanbenchmarks.cis.cattle.io
-spec:
-  group: cis.cattle.io
-  names:
-    kind: ClusterScanBenchmark
-    plural: clusterscanbenchmarks
-  scope: Cluster
-  versions:
-  - name: v1
-    served: true
-    storage: true
-    additionalPrinterColumns:
-    - jsonPath: .spec.clusterProvider
-      name: ClusterProvider
-      type: string
-    - jsonPath: .spec.minKubernetesVersion
-      name: MinKubernetesVersion
-      type: string
-    - jsonPath: .spec.maxKubernetesVersion
-      name: MaxKubernetesVersion
-      type: string
-    - jsonPath: .spec.customBenchmarkConfigMapName
-      name: customBenchmarkConfigMapName
-      type: string
-    - jsonPath: .spec.customBenchmarkConfigMapNamespace
-      name: customBenchmarkConfigMapNamespace
-      type: string
-    subresources:
-      status: {}
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            properties:
-              clusterProvider:
-                nullable: true
-                type: string
-              customBenchmarkConfigMapName:
-                nullable: true
-                type: string
-              customBenchmarkConfigMapNamespace:
-                nullable: true
-                type: string
-              maxKubernetesVersion:
-                nullable: true
-                type: string
-              minKubernetesVersion:
-                nullable: true
-                type: string
-            type: object
-        type: object
diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc2/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/2.0.5-rc2/templates/clusterscanprofile.yaml
deleted file mode 100644
index 1e75501b7..000000000
--- a/charts/rancher-cis-benchmark-crd/2.0.5-rc2/templates/clusterscanprofile.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: clusterscanprofiles.cis.cattle.io
-spec:
-  group: cis.cattle.io
-  names:
-    kind: ClusterScanProfile
-    plural: clusterscanprofiles
-  scope: Cluster
-  versions:
-  - name: v1
-    served: true
-    storage: true
-    subresources:
-      status: {}
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            properties:
-              benchmarkVersion:
-                nullable: true
-                type: string
-              skipTests:
-                items:
-                  nullable: true
-                  type: string
-                nullable: true
-                type: array
-            type: object
-        type: object
-    additionalPrinterColumns:
-    - jsonPath: .spec.benchmarkVersion
-      name: BenchmarkVersion
-      type: string
diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc2/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/2.0.5-rc2/templates/clusterscanreport.yaml
deleted file mode 100644
index 6e8c0b7de..000000000
--- a/charts/rancher-cis-benchmark-crd/2.0.5-rc2/templates/clusterscanreport.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: clusterscanreports.cis.cattle.io
-spec:
-  group: cis.cattle.io
-  names:
-    kind: ClusterScanReport
-    plural: clusterscanreports
-  scope: Cluster
-  versions:
-  - name: v1
-    served: true
-    storage: true
-    additionalPrinterColumns:
-    - jsonPath: .spec.lastRunTimestamp
-      name: LastRunTimestamp
-      type: string
-    - jsonPath: .spec.benchmarkVersion
-      name: BenchmarkVersion
-      type: string
-    subresources:
-      status: {}
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            properties:
-              benchmarkVersion:
-                nullable: true
-                type: string
-              lastRunTimestamp:
-                nullable: true
-                type: string
-              reportJSON:
-                nullable: true
-                type: string
-            type: object
-        type: object
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/Chart.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/Chart.yaml
deleted file mode 100644
index 3049f3475..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/Chart.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-annotations:
-  catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
-  catalog.cattle.io/certified: rancher
-  catalog.cattle.io/display-name: CIS Benchmark
-  catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.24.0-0'
-  catalog.cattle.io/namespace: cis-operator-system
-  catalog.cattle.io/os: linux
-  catalog.cattle.io/permits-os: linux,windows
-  catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
-  catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0'
-  catalog.cattle.io/release-name: rancher-cis-benchmark
-  catalog.cattle.io/type: cluster-tool
-  catalog.cattle.io/ui-component: rancher-cis-benchmark
-apiVersion: v1
-appVersion: v2.0.5-rc2
-description: The cis-operator enables running CIS benchmark security scans on a kubernetes
-  cluster
-icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
-keywords:
-- security
-name: rancher-cis-benchmark
-version: 2.0.5-rc2
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/README.md b/charts/rancher-cis-benchmark/2.0.5-rc2/README.md
deleted file mode 100644
index 50beab58b..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/README.md
+++ /dev/null
@@ -1,9 +0,0 @@
-# Rancher CIS Benchmark Chart
-
-The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded.
-
-# Installation
-
-```
-helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system
-```
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/app-readme.md b/charts/rancher-cis-benchmark/2.0.5-rc2/app-readme.md
deleted file mode 100644
index 5e495d605..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/app-readme.md
+++ /dev/null
@@ -1,15 +0,0 @@
-# Rancher CIS Benchmarks
-
-This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/).
-
-For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/).
-
-This chart installs the following components:
-
-- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded.
-- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed.
-- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans.
-- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources.
-- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish.
-    - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts.
-    - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart.
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/_helpers.tpl b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/_helpers.tpl
deleted file mode 100644
index b7bb00042..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/_helpers.tpl
+++ /dev/null
@@ -1,27 +0,0 @@
-{{/* Ensure namespace is set the same everywhere */}}
-{{- define "cis.namespace" -}}
-  {{- .Release.Namespace | default "cis-operator-system" -}}
-{{- end -}}
-
-{{- define "system_default_registry" -}}
-{{- if .Values.global.cattle.systemDefaultRegistry -}}
-{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
-{{- else -}}
-{{- "" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Windows cluster will add default taint for linux nodes,
-add below linux tolerations to workloads could be scheduled to those linux nodes
-*/}}
-{{- define "linux-node-tolerations" -}}
-- key: "cattle.io/os"
-  value: "linux"
-  effect: "NoSchedule"
-  operator: "Equal"
-{{- end -}}
-
-{{- define "linux-node-selector" -}}
-kubernetes.io/os: linux
-{{- end -}}
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/alertingrule.yaml
deleted file mode 100644
index 1787c88a0..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/alertingrule.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-{{- if .Values.alerts.enabled -}}
----
-apiVersion: monitoring.coreos.com/v1
-kind: PodMonitor
-metadata:
-  name: rancher-cis-pod-monitor
-  namespace: {{ template "cis.namespace" . }}
-spec:
-  selector:
-    matchLabels:
-      cis.cattle.io/operator: cis-operator
-  podMetricsEndpoints:
-  - port: cismetrics
-{{- end }}
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-aks-1.0.yaml
deleted file mode 100644
index 1ac866253..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-aks-1.0.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: aks-1.0
-spec:
-  clusterProvider: aks
-  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-cis-1.5.yaml
deleted file mode 100644
index 39e8b834a..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-cis-1.5.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: cis-1.5
-spec:
-  clusterProvider: ""
-  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-cis-1.6.yaml
deleted file mode 100644
index 93ba064f4..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-cis-1.6.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: cis-1.6
-spec:
-  clusterProvider: ""
-  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-eks-1.0.1.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-eks-1.0.1.yaml
deleted file mode 100644
index d1ba9d295..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-eks-1.0.1.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: eks-1.0.1
-spec:
-  clusterProvider: eks
-  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-gke-1.0.yaml
deleted file mode 100644
index 72122e8c5..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-gke-1.0.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: gke-1.0
-spec:
-  clusterProvider: gke
-  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-k3s-cis-1.6-hardened.yaml
deleted file mode 100644
index 3ca9b6009..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-k3s-cis-1.6-hardened.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: k3s-cis-1.6-hardened
-spec:
-  clusterProvider: k3s
-  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-k3s-cis-1.6-permissive.yaml
deleted file mode 100644
index 6d4253c6e..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-k3s-cis-1.6-permissive.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: k3s-cis-1.6-permissive
-spec:
-  clusterProvider: k3s
-  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke-cis-1.5-hardened.yaml
deleted file mode 100644
index b5627f966..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke-cis-1.5-hardened.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke-cis-1.5-hardened
-spec:
-  clusterProvider: rke
-  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke-cis-1.5-permissive.yaml
deleted file mode 100644
index 95f80c0f0..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke-cis-1.5-permissive.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke-cis-1.5-permissive
-spec:
-  clusterProvider: rke
-  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke-cis-1.6-hardened.yaml
deleted file mode 100644
index d75de8154..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke-cis-1.6-hardened.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke-cis-1.6-hardened
-spec:
-  clusterProvider: rke
-  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke-cis-1.6-permissive.yaml
deleted file mode 100644
index 52428f4a7..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke-cis-1.6-permissive.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke-cis-1.6-permissive
-spec:
-  clusterProvider: rke
-  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke2-cis-1.5-hardened.yaml
deleted file mode 100644
index 3d83e9bd8..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke2-cis-1.5-hardened.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke2-cis-1.5-hardened
-spec:
-  clusterProvider: rke2
-  minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke2-cis-1.5-permissive.yaml
deleted file mode 100644
index f66aa8f6e..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke2-cis-1.5-permissive.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke2-cis-1.5-permissive
-spec:
-  clusterProvider: rke2
-  minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke2-cis-1.6-hardened.yaml
deleted file mode 100644
index 3593bf371..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke2-cis-1.6-hardened.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke2-cis-1.6-hardened
-spec:
-  clusterProvider: rke2
-  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke2-cis-1.6-permissive.yaml
deleted file mode 100644
index 522f846ae..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/benchmark-rke2-cis-1.6-permissive.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke2-cis-1.6-permissive
-spec:
-  clusterProvider: rke2
-  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/cis-roles.yaml
deleted file mode 100644
index 23c93dc65..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/cis-roles.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: cis-admin
-rules:
-  - apiGroups:
-      - cis.cattle.io
-    resources:
-      - clusterscanbenchmarks
-      - clusterscanprofiles
-      - clusterscans
-      - clusterscanreports
-    verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
-  - apiGroups:
-      - catalog.cattle.io
-    resources: ["apps"]
-    resourceNames: ["rancher-cis-benchmark"]
-    verbs: ["get", "watch", "list"]
-  - apiGroups:
-      - ""
-    resources:
-      - configmaps
-    verbs:
-      - '*'
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: cis-view
-rules:
-  - apiGroups:
-      - cis.cattle.io
-    resources:
-      - clusterscanbenchmarks
-      - clusterscanprofiles
-      - clusterscans
-      - clusterscanreports
-    verbs: ["get", "watch", "list"]
-  - apiGroups:
-      - catalog.cattle.io
-    resources: ["apps"]
-    resourceNames: ["rancher-cis-benchmark"]
-    verbs: ["get", "watch", "list"]
-  - apiGroups:
-      - ""
-    resources:
-      - configmaps
-    verbs: ["get", "watch", "list"]
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/configmap.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/configmap.yaml
deleted file mode 100644
index 3de10e55e..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/configmap.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: default-clusterscanprofiles
-  namespace: {{ template "cis.namespace" . }}
-data:
-  # Default ClusterScanProfiles per cluster provider type
-  rke: |-
-    <1.16.0: rke-profile-permissive-1.5
-    >=1.16.0: rke-profile-permissive-1.6
-  rke2: |-
-    <1.20.5: rke2-cis-1.5-profile-permissive
-    >=1.20.5: rke2-cis-1.6-profile-permissive
-  eks: "eks-profile"
-  gke: "gke-profile"
-  aks: "aks-profile"
-  k3s: "k3s-cis-1.6-profile-permissive"
-  default: "cis-1.6-profile"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/deployment.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/deployment.yaml
deleted file mode 100644
index ab0bb3e24..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/deployment.yaml
+++ /dev/null
@@ -1,55 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: cis-operator
-  namespace: {{ template "cis.namespace" . }}
-  labels:
-    cis.cattle.io/operator: cis-operator
-spec:
-  selector:
-    matchLabels:
-      cis.cattle.io/operator: cis-operator
-  template:
-    metadata:
-      labels:
-        cis.cattle.io/operator: cis-operator
-    spec:
-      serviceAccountName: cis-operator-serviceaccount
-      containers:
-      - name: cis-operator
-        image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}'
-        imagePullPolicy: Always
-        ports:
-        - name: cismetrics
-          containerPort: {{ .Values.alerts.metricsPort }}
-        env:
-        - name: SECURITY_SCAN_IMAGE
-          value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}
-        - name: SECURITY_SCAN_IMAGE_TAG
-          value: {{ .Values.image.securityScan.tag }}
-        - name: SONOBUOY_IMAGE
-          value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}
-        - name: SONOBUOY_IMAGE_TAG
-          value: {{ .Values.image.sonobuoy.tag }}
-        - name: CIS_ALERTS_METRICS_PORT
-          value: '{{ .Values.alerts.metricsPort }}'
-        - name: CIS_ALERTS_SEVERITY
-          value: {{ .Values.alerts.severity }}
-        - name: CIS_ALERTS_ENABLED
-          value: {{ .Values.alerts.enabled | default "false" | quote }}
-        - name: CLUSTER_NAME
-          value: '{{ .Values.global.cattle.clusterName }}'
-        resources:
-          {{- toYaml .Values.resources | nindent 12 }}
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-{{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
-{{- end }}
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- if .Values.tolerations }}
-{{ toYaml .Values.tolerations | indent 8 }}
-{{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/network_policy_allow_all.yaml
deleted file mode 100644
index 6ed5d645e..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/network_policy_allow_all.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: default-allow-all
-  namespace: {{ template "cis.namespace" . }}
-spec:
-  podSelector: {}
-  ingress:
-  - {}
-  egress:
-  - {}
-  policyTypes:
-  - Ingress
-  - Egress
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/patch_default_serviceaccount.yaml
deleted file mode 100644
index e78a6bd08..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/patch_default_serviceaccount.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: patch-sa
-  annotations:
-    "helm.sh/hook": post-install, post-upgrade
-    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
-spec:
-  template:
-    spec:
-      serviceAccountName: cis-operator-serviceaccount
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-{{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
-{{- end }}
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- if .Values.tolerations }}
-{{ toYaml .Values.tolerations | indent 8 }}
-{{- end }}
-      restartPolicy: Never
-      containers:
-      - name: sa
-        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
-        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
-        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
-        args: ["-n", {{ template "cis.namespace" . }}]
-
-  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/rbac.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/rbac.yaml
deleted file mode 100644
index 4ff88ea5f..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/rbac.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/name: rancher-cis-benchmark
-    app.kubernetes.io/instance: release-name
-  name: cis-operator-role
-rules:
-- apiGroups:
-  - '*'
-  resources:
-  - '*'
-  verbs:
-  - '*'
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/name: rancher-cis-benchmark
-    app.kubernetes.io/instance: release-name
-  name: cis-operator-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: cis-operator-role
-subjects:
-- kind: ServiceAccount
-  name: cis-serviceaccount
-  namespace: {{ template "cis.namespace" . }}
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: cis-operator-installer
-subjects:
-- kind: ServiceAccount
-  name: cis-operator-serviceaccount
-  namespace: {{ template "cis.namespace" . }}
-roleRef:
-  kind: ClusterRole
-  name: cluster-admin
-  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-cis-1.5.yml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-cis-1.5.yml
deleted file mode 100644
index d69ae9dd5..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-cis-1.5.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: cis-1.5-profile
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: cis-1.5
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-cis-1.6.yaml
deleted file mode 100644
index 8a8d8bf88..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-cis-1.6.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: cis-1.6-profile
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: cis-1.6
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-k3s-cis-1.6-hardened.yml
deleted file mode 100644
index 095e977ab..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-k3s-cis-1.6-hardened.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: k3s-cis-1.6-profile-hardened
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: k3s-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-k3s-cis-1.6-permissive.yml
deleted file mode 100644
index 3b22a80c8..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-k3s-cis-1.6-permissive.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: k3s-cis-1.6-profile-permissive
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: k3s-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke-1.5-hardened.yml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke-1.5-hardened.yml
deleted file mode 100644
index 4eabe158a..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke-1.5-hardened.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke-profile-hardened-1.5
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke-cis-1.5-hardened
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke-1.5-permissive.yml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke-1.5-permissive.yml
deleted file mode 100644
index 1f78751d1..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke-1.5-permissive.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke-profile-permissive-1.5
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke-1.6-hardened.yaml
deleted file mode 100644
index d38febd80..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke-1.6-hardened.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke-profile-hardened-1.6
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke-1.6-permissive.yaml
deleted file mode 100644
index d31b5b0d2..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke-1.6-permissive.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke-profile-permissive-1.6
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke2-cis-1.5-hardened.yml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke2-cis-1.5-hardened.yml
deleted file mode 100644
index 83eb3131e..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke2-cis-1.5-hardened.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke2-cis-1.5-profile-hardened
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke2-cis-1.5-hardened
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke2-cis-1.5-permissive.yml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke2-cis-1.5-permissive.yml
deleted file mode 100644
index 40dc44bdf..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke2-cis-1.5-permissive.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke2-cis-1.5-profile-permissive
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke2-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke2-cis-1.6-hardened.yml
deleted file mode 100644
index c7ac7f949..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke2-cis-1.6-hardened.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke2-cis-1.6-profile-hardened
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke2-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke2-cis-1.6-permissive.yml
deleted file mode 100644
index 96ca1345a..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofile-rke2-cis-1.6-permissive.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke2-cis-1.6-profile-permissive
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke2-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofileaks.yml
deleted file mode 100644
index ea7b25b40..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofileaks.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: aks-profile
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: aks-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofileeks.yml
deleted file mode 100644
index 3b4e34437..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofileeks.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: eks-profile
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: eks-1.0.1
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofilegke.yml
deleted file mode 100644
index 2ddd0686f..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/scanprofilegke.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: gke-profile
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: gke-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/serviceaccount.yaml
deleted file mode 100644
index ec48ec622..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  namespace: {{ template "cis.namespace" . }}
-  name: cis-operator-serviceaccount
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  namespace: {{ template "cis.namespace" . }}
-  labels:
-    app.kubernetes.io/name: rancher-cis-benchmark
-    app.kubernetes.io/instance: release-name
-  name: cis-serviceaccount
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/templates/validate-install-crd.yaml
deleted file mode 100644
index 562295791..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/templates/validate-install-crd.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
-# {{- $found := dict -}}
-# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}}
-# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}}
-# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}}
-# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}}
-# {{- range .Capabilities.APIVersions -}}
-# {{- if hasKey $found (toString .) -}}
-# 	{{- set $found (toString .) true -}}
-# {{- end -}}
-# {{- end -}}
-# {{- range $_, $exists := $found -}}
-# {{- if (eq $exists false) -}}
-# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
-# {{- end -}}
-# {{- end -}}
-#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc2/values.yaml b/charts/rancher-cis-benchmark/2.0.5-rc2/values.yaml
deleted file mode 100644
index 8030e6330..000000000
--- a/charts/rancher-cis-benchmark/2.0.5-rc2/values.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
-# Default values for rancher-cis-benchmark.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-image:
-  cisoperator:
-    repository: rancher/cis-operator
-    tag: v1.0.9
-  securityScan:
-    repository: rancher/security-scan
-    tag: v0.2.8-rc1
-  sonobuoy:
-    repository: rancher/mirrored-sonobuoy-sonobuoy
-    tag: v0.53.2
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-## Node labels for pod assignment
-## Ref: https://kubernetes.io/docs/user-guide/node-selection/
-##
-nodeSelector: {}
-
-## List of node taints to tolerate (requires Kubernetes >= 1.6)
-tolerations: []
-
-affinity: {}
-
-global:
-  cattle:
-    systemDefaultRegistry: ""
-    clusterName: ""
-  kubectl:
-    repository: rancher/kubectl
-    tag: v1.20.2
-
-alerts:
-  enabled: false
-  severity: warning
-  metricsPort: 8080
diff --git a/index.yaml b/index.yaml
index db158b1c9..dee4eb894 100755
--- a/index.yaml
+++ b/index.yaml
@@ -2476,32 +2476,6 @@ entries:
     - assets/rancher-backup-crd/rancher-backup-crd-1.0.200.tgz
     version: 1.0.200
   rancher-cis-benchmark:
-  - annotations:
-      catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
-      catalog.cattle.io/certified: rancher
-      catalog.cattle.io/display-name: CIS Benchmark
-      catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.24.0-0'
-      catalog.cattle.io/namespace: cis-operator-system
-      catalog.cattle.io/os: linux
-      catalog.cattle.io/permits-os: linux,windows
-      catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
-      catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0'
-      catalog.cattle.io/release-name: rancher-cis-benchmark
-      catalog.cattle.io/type: cluster-tool
-      catalog.cattle.io/ui-component: rancher-cis-benchmark
-    apiVersion: v1
-    appVersion: v2.0.5-rc2
-    created: "2022-06-23T19:16:31.151561355+05:30"
-    description: The cis-operator enables running CIS benchmark security scans on
-      a kubernetes cluster
-    digest: 54e7f86cbcb73c8168e62908428f301ae0b85fadc6e1a497d76ed5bfaa7556b3
-    icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
-    keywords:
-    - security
-    name: rancher-cis-benchmark
-    urls:
-    - assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.5-rc2.tgz
-    version: 2.0.5-rc2
   - annotations:
       catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
       catalog.cattle.io/certified: rancher
@@ -2765,20 +2739,6 @@ entries:
     - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz
     version: 1.0.100
   rancher-cis-benchmark-crd:
-  - annotations:
-      catalog.cattle.io/certified: rancher
-      catalog.cattle.io/hidden: "true"
-      catalog.cattle.io/namespace: cis-operator-system
-      catalog.cattle.io/release-name: rancher-cis-benchmark-crd
-    apiVersion: v1
-    created: "2022-06-23T19:16:31.157730516+05:30"
-    description: Installs the CRDs for rancher-cis-benchmark.
-    digest: ef8be19aeb29bad889d6326c4cd1f25ae123accc563469a3eb16516a9c0a54af
-    name: rancher-cis-benchmark-crd
-    type: application
-    urls:
-    - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-2.0.5-rc2.tgz
-    version: 2.0.5-rc2
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"

From 14054ebc91fab270f0d77f0895496b7f4e899ed0 Mon Sep 17 00:00:00 2001
From: Vaishnav Gaikwad <vaishnavgaikwad721@gmail.com>
Date: Thu, 7 Jul 2022 17:21:23 +0530
Subject: [PATCH 08/10] make charts

---
 .../rancher-cis-benchmark-crd-2.0.5-rc3.tgz   | Bin 0 -> 1467 bytes
 .../rancher-cis-benchmark-2.0.5-rc3.tgz       | Bin 0 -> 5343 bytes
 .../2.0.5-rc3/Chart.yaml                      |  10 ++
 .../2.0.5-rc3/README.md                       |   2 +
 .../2.0.5-rc3/templates/clusterscan.yaml      | 148 ++++++++++++++++++
 .../templates/clusterscanbenchmark.yaml       |  54 +++++++
 .../templates/clusterscanprofile.yaml         |  36 +++++
 .../templates/clusterscanreport.yaml          |  39 +++++
 .../2.0.5-rc3/Chart.yaml                      |  22 +++
 .../rancher-cis-benchmark/2.0.5-rc3/README.md |   9 ++
 .../2.0.5-rc3/app-readme.md                   |  15 ++
 .../2.0.5-rc3/templates/_helpers.tpl          |  27 ++++
 .../2.0.5-rc3/templates/alertingrule.yaml     |  14 ++
 .../templates/benchmark-aks-1.0.yaml          |   8 +
 .../templates/benchmark-cis-1.5.yaml          |   8 +
 .../templates/benchmark-cis-1.6.yaml          |   8 +
 .../templates/benchmark-eks-1.0.1.yaml        |   8 +
 .../templates/benchmark-gke-1.0.yaml          |   8 +
 .../benchmark-k3s-cis-1.6-hardened.yaml       |   8 +
 .../benchmark-k3s-cis-1.6-permissive.yaml     |   8 +
 .../benchmark-rke-cis-1.5-hardened.yaml       |   8 +
 .../benchmark-rke-cis-1.5-permissive.yaml     |   8 +
 .../benchmark-rke-cis-1.6-hardened.yaml       |   8 +
 .../benchmark-rke-cis-1.6-permissive.yaml     |   8 +
 .../benchmark-rke2-cis-1.5-hardened.yaml      |   8 +
 .../benchmark-rke2-cis-1.5-permissive.yaml    |   8 +
 .../benchmark-rke2-cis-1.6-hardened.yaml      |   8 +
 .../benchmark-rke2-cis-1.6-permissive.yaml    |   8 +
 .../2.0.5-rc3/templates/cis-roles.yaml        |  49 ++++++
 .../2.0.5-rc3/templates/configmap.yaml        |  18 +++
 .../2.0.5-rc3/templates/deployment.yaml       |  55 +++++++
 .../templates/network_policy_allow_all.yaml   |  15 ++
 .../patch_default_serviceaccount.yaml         |  29 ++++
 .../2.0.5-rc3/templates/rbac.yaml             |  43 +++++
 .../templates/scanprofile-cis-1.5.yml         |   9 ++
 .../templates/scanprofile-cis-1.6.yaml        |   9 ++
 .../scanprofile-k3s-cis-1.6-hardened.yml      |   9 ++
 .../scanprofile-k3s-cis-1.6-permissive.yml    |   9 ++
 .../scanprofile-rke-1.5-hardened.yml          |   9 ++
 .../scanprofile-rke-1.5-permissive.yml        |   9 ++
 .../scanprofile-rke-1.6-hardened.yaml         |   9 ++
 .../scanprofile-rke-1.6-permissive.yaml       |   9 ++
 .../scanprofile-rke2-cis-1.5-hardened.yml     |   9 ++
 .../scanprofile-rke2-cis-1.5-permissive.yml   |   9 ++
 .../scanprofile-rke2-cis-1.6-hardened.yml     |   9 ++
 .../scanprofile-rke2-cis-1.6-permissive.yml   |   9 ++
 .../2.0.5-rc3/templates/scanprofileaks.yml    |   9 ++
 .../2.0.5-rc3/templates/scanprofileeks.yml    |   9 ++
 .../2.0.5-rc3/templates/scanprofilegke.yml    |   9 ++
 .../2.0.5-rc3/templates/serviceaccount.yaml   |  14 ++
 .../templates/validate-install-crd.yaml       |  17 ++
 .../2.0.5-rc3/values.yaml                     |  49 ++++++
 index.yaml                                    |  40 +++++
 53 files changed, 960 insertions(+)
 create mode 100644 assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-2.0.5-rc3.tgz
 create mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.5-rc3.tgz
 create mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc3/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc3/README.md
 create mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc3/templates/clusterscan.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc3/templates/clusterscanbenchmark.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc3/templates/clusterscanprofile.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc3/templates/clusterscanreport.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/README.md
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/app-readme.md
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/_helpers.tpl
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/alertingrule.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-aks-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-cis-1.5.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-eks-1.0.1.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-gke-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-k3s-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-k3s-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke2-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke2-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke2-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke2-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/cis-roles.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/configmap.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/deployment.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/network_policy_allow_all.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/patch_default_serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/rbac.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-cis-1.5.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-k3s-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-k3s-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke-1.5-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke-1.5-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke2-cis-1.5-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke2-cis-1.5-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke2-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke2-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofileaks.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofileeks.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofilegke.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/templates/validate-install-crd.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc3/values.yaml

diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-2.0.5-rc3.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-2.0.5-rc3.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..116abae0ae6b28469b33b960ac73edc4cbb8d6ae
GIT binary patch
literal 1467
zcmV;s1w{HEiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI>(bK*7-&NIJ4bA85V93UOua@@6ZZ7-K0>GgS$H=v6xd8BoE
zOsD_7BijkKu`vciu5;`QgCu_|+24LEt*t@wCF(vGrawo?mm%oKKG*)+=@K+KD+q&&
z1I=|^cRU;>zpm?+f8CKcyci6<@nAF@dSmy(9gN*8?}E99I^M-%L!d9*gMF13_dhX^
zQW20)(oA}caUclP!r?#^pd-{<j+(@SK!3tAu2c?N3g1ULVQ)ys_@;7*gb+;x94E}O
zO+~1Il<u3AAq*=o(HI~Y?AuFU{BLr#2a))K+6W~l>}k;R(QqvyO8$S8h9C$Gqb0KG
z?7d+RN>^h!y(UMrig3apiUPrtyViSp_Uk#WGwN%8*?aA0+Q#bRpD>I9AT)1z5F0{m
zILN*9V0-)zTyHQa#=keX9A2H{{}h&w9Eb#dBb4@^aUOp*HUysry+<Ma37f`-R5(MU
zV$JbAJ_sq22ndnD2Lh`fY5e2}V;nBbI-+|fLT(2xw2Grd2y&h2^@$KMmU&H~?l{P#
zH40)4LD5BzF~gM&%xrXzu`DbTtbR7Fr$GW?P(N8Yvr3gVkkYWgTnqSqvNi~AwUC5*
zs)9I_+06Rvt5Nb6XgOhyA)wee0T`Oa($4c%s|OL_4TLG!^Igd;B^#1;r=ns=3%RIu
zVB#<Yy>dtq1O?ptTuUpc2#hHp-L4y20X={yPU)9*Ln|QjD53(;-MXO_(BGhC0qC!F
zLn|Pu=sH#Vc~E?uH;ULs*G||OSMEiKh9E4i_>bz&2H*&}WB3yNI6&VrY^vmgSU6lO
zd6%^p$++3E;ljjoorQbGd>bov2^03uzv&RZ#1Ni4RfO{T_T!h!yFxQ#k+#{M#2P2L
zIMaf)RgX&@6#}c=&6tdXz&?mv6z6SYae3&C`_>x1e&W{hPob*65x!vs)-)1It65VO
zORDygLRdjtBqCWhdy}sN)HFL}qTBC<HLyND%c%;Z0I9~)dct$10tC4o%t}tI55h`E
zsQFjqR70T3PQ#T(D=<P<Fb8EEZnpMWPJQ#uIW1k=zT~c%bQZ)rhTaW+BO4mm6|CAn
z>h7MoCgj4>t?Q`fN~Sryf`x)GtR!a>b**yWYmg>Ewi;c>w;kf7F{D#}e?~qK9^Y4p
z#@JoZQJrW6qvUaYRI$5jAIX3tde|yOI|T)34XaY0FH97`s^jd2S}VOR;nZvHR?Z!s
z6D<>t22L+JP$~PYars-GarJ4UOL;8sLA%6O^Yn=ID@xQ!m1Glr+g2podv{Dzn^^bT
z78T9_`$5=bzvrIpQB*vfU9L<{iu+w^k5BttSxf24jzZ&W7eaneYgzwWmr7d{0vqc8
z-qmnis{dVjL-$<&JB1y){`W$d4hw<ro-vc|ii+Uc>FbsTBjiptty`_0g#RL$g^FOQ
zZ--J(DCF<)9JNG3lRduz@~8R%yTHS@2Kf2`JHYdVNiR<^ExCMxXrp4f!@vXGCGVql
z_L(33U02IWr0eutz2*L#%1`<hu|sE7gzpr;A{@KJKV);&GXF>EX{6n2z=r%k7<rea
z{O?^|j?el36n5<VpAn|R?4N&kR+0Ok9d@7jzbAoz3DqNrl|6CZqoFp1)5dbj)?&(@
z1+8Y?V|#4a%D1+#J9t;!Sy<g`hjc4zss9=y)%vTjCjB3eMrHjU56<6zoWzc;|0!WQ
zl>b=*Sf~D(yVpPV9qAqa!Q#YzphR}e8h1*x-|jx&oNyn1g!r%5|JjG@_n$sEp?|QC
zrtg0TL$CDx?`Y_q>whP)pSFDLdd+5OALC2V#Ape`#Kz~eu|c2BS9PD%zV-^wcDA#f
V?QB){UjP6A|Nj$u{#pPu003bq(7*ry

literal 0
HcmV?d00001

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.5-rc3.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.5-rc3.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..e87cd9cf879bd293f58fb994e630c699568e7773
GIT binary patch
literal 5343
zcmV<56d>y#iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKDLa@#nPfByaQDY}&XR+1@``en&E)y`IVGQKU}CYh9--L0wY
zlmnA332O@A0HC!xkKg5<<(}*c07+34W&Mam+dJ$^#S{rNfCfI@4S;M2!u&A`*Qe6G
zM&^$vMBFsrjfqg+j7-88d!SaU)#@J~o4>7AtN6FwZ*^X@k30Q#@A$aWZ@p->d)-dw
z1+?~2_&SQEBH~5so69OT?wJr_j4PrjXL8^G_(YMAk363!6{1IZlf;U<lu1RxZ~&#l
z#q~w-{e&ogT*|>mq3DoekYz7T7El?5Wact5!2!HGzl0ys0!q{0#MkKFqL7rc0lfOt
z_t5q_ZLj6F;E(#Ur!QZXX4OT=i1;`F-4Gt3Ac_lD&ZNRgX%;RA5K<QZtMqAvVnUU4
zvs6b@$^t%><*5a~r2$HJbSq2^=FdDojHN;$eZpk(wq2S(?SzHKcf5Ym_KtV5y6FN#
zBoY%Tmv(1qJ~fN9v~2BM#d%noET*o{ClP1J)GGEQqJK+ke%p3P6wQBjyq4E<h2M1o
zl)j*mGWS1^aiOOG8MzKof`}QTY-EN@Rsu-$V?osnj2MA4AfShfV5rdaiEW2Nea(HW
zR3rz@rmwZ0^paYe!7n8$*$nxJ%cib?8FZ!~Pu`B48=OtK2;{(VvqGJRM4NTlyrGYa
z|8o6*OTrlCz6`(`{om<!yG8xq>(~0f5_$<g;*i9l0^8>><f44+dd^GuJf;$;1Oh*w
zet7Q=xtI{8Fn}QqQ78Bj{g4QRTOz1MsN!&q5NRX@K$+q&<FNpRlPDw#rRO+wLPlt;
z50xpx^-lnS5tmePG0One%<BP@NRg3NBwow=4+k<BUiyTsW|F3IwT8%XX?Y#*tt<SF
z=ENDlj`?ggmkAYu3k=*eX?C%|ve)-c97mw!vG7q2;O^c5cnN<;h-FN|a0UW>KA9j3
zfN`Z|CL{Fea0WrrJ6UcZEYJx;B)14kcL>oP;&Uc_%42C*`(sXhG@Yr&x)>Cm?L87o
z4wU&qn*j;_m@wb|70T#StuB$>Qo-2-nUXN2Y78OOD&FwUs&WJ}_Q$&T50p`@8a+54
z>i&g*!<4XvmgKU<%(hmU$_;rK@+oB_!#$)-Cn3Q<V`-jGbO8)~l#+<qk!ioc2{)}r
z@M96q;93wPo1sDhujZnD<t0qDc^;T+06&Tc&~CLR$?pkHOt-c>Z$HqaiND4uH_hR^
zd<h?UfDn>v3@wBr9srS&j*Jj>iVGahP0idI8P|vVvZ?#X9mO=jCgTCR5<~R0`D;2a
zUpo5MrMbg}89<uldny(1A?Syo2-Ur%I4B-!cp$vi?VtiB{3R<7jHA?l<0Pq!=LcVY
zaU3!nQbyIxvLA)~nuLi@s6w<TupUyPGA?jLrP6X}G|bb)tbQ~G(A?AQ^i{YTLP>%J
zAa`0`$8kuA!uEhQ_Q3##B$Q|{ev87?bV>xXBWHq2P+xxHLJi<;>uu|i4eK+Za{HfY
z=jPQI!w7}+RJ5}zux|d>?Hm{E|H(<aU)%pG=<crh9h@;43xsT1q)og;tDPm8AZWbJ
zrehQc-!<>=ox3|%TPDg78hZYc<!pd^uZ^2d;9c0chW9b!`&(wu8YL4in^|YohEQKG
z6l4=!B^<6qqJ8GM=n%ZWS<lsKuXJKks<pCgk)TWsq4ED^v#}Ec3?*hi8q2LHw5a)=
z^LINtOcf?fX&3?tf=oO{nHxi5rjtg)%Ogi8xyF!BliN8Rt`+~3i<^*>K!VTXP$vcH
zk1>ctG(LkGbBTG5&QfohhpsU|Ip(%aF5IA2_W4<{R`SMk93*-54IB>9R|9B#<d;eL
z`gZ2qLF4S#n1qeheVwa@Ost-*!=mAw&&u<h9vf57iPq_VV}&Uji8#bv=YwnXf9v?9
zy{P{?t&`qKt^cc_g5I=FmzQ{47WJ;Xuw*mgO#5(@jXa+V<kIu`q<PzRZYT=|@QDW>
zYzk+BiUdRv?ZYiEibOnc6JE*lWJ&JsE}I=LSr-rP?;Sm(7#KG&@rRA~Xci#f8xP#x
zfW@V?=3M<0rjQX2K3MPZj0F+bZnWm$LS&ptpUT9!%(TqEkCIu3|M?;>xsk4(WN)to
z*5SWX^#3|-{inu%1yn@$B4jdDzq5|YrBB#=Rel-Y$r#BHn)o-L?1Hy23G`fzviXEG
zE4tD4+C8t;_;-QUv!KoKuT!+W-a+u+UB>@$jsGfWzxYqa$ZGtXMWGu0PlvX}f4?gH
z_iFrCL5IM9e`oynYy4MCo8uo7|G&Mp23U{(ei8r2of`j@(0=isjgi$F0P7jRQ=-lB
zKf1vR=l{KW{$C007yro^S&jbD4c6#?O0+rtZ@My_1Gr-%0%RC$rVQ5N|G2pR-|cm~
zHU6uh{o=oDjI34$H{AzaflkZo)ym+&v>X1-`_59*+l}@F*W<r9|37Z`+BN>Gpu^#R
zK1ON{@N{W&{EHh*_W%xW|NHIQ{#Qc##edltS&e>CPX->HcEkU{?SH3R+y6@FaQNTE
z{?{7dv1u3lS1|wYx9k1?O6XAd-(>#34*m6R;NfXE{8wQA>+e4+p~K;SANIf20Eecn
z@ZZ^O0bqOlcl#&x`~Q{D-toUYMjnKJ=Ry3xt?_?g+7bU-IRNYN-z(bxZo7W}rxH3K
z{x@_0Y7Ow1v=jcfTmaa?{-3n!_kSv(gW-R}1%L<9U+@1NoOZ<j;q8AN|Dh5(ApZAZ
z|7#6!U|NTNeP8hKn}Wfu!GEXSD!%{QYWHgYzY;3qUtAO4Be5EDLI2wX|L|_!$}(MW
z!9!f}2@nY;lsO^}G5L_5MD)*s$5HlWzPqSslJHPz)UJ7=c{I#yaLTf$k>EobV(GKe
zn*t*)lznuI;#v;iOT!mP6gG~a5l2CC6<~<=Dk91sH;x)3RQl)C{)9$IrE2`LvYo{k
znT58(mj;O<X&B7!n~*vBSt&k~#96(!t5FiHt4!RS4e4k?qP$$Pr?0+ywG<3uFT>@Q
z;`AAgmfzVpSk3>jby!Wi(^~tV4u!+n|F*s^*#Azu-v6tF5*=-N`2&fH!I_s8b`qh?
zEmx=8gz-uF&O^}VW*MIno)DqP!lWgEvjwPGgbwK0!vKDBjgtDK-7d6ykV%blQxFrD
zK&SiD_iGdOE$dF6x1NX;*Eg5)W(6#z?w6;=8##am-pKT^R>>pXs>WzuJAIRwlw>jG
zO;_Jsc<Fkn6rC>Vvw@AemrK`h*5N<EDCDyVvTryJU=9AeC%q;A|G0ktzZ%NpUHcz%
zzwO7Y=U2FGxd>X@z#ft?xz^p-C`8x31Ae6yO!(wlrzu=uxiM3Kw3_A`#Vz&m)c1MJ
z)W;>Exk&<I6QuR$OcBaZ<eafmfm^bHv*Fc(%vXlV)Y8AZ%R;@G%w8_!wl|N@3-|Yf
z2a_r?g8Tbdi#7Qahv6q4Qhzpp({M^=GJ9^^=ebC8tx7|yK}MMnY%JegJ(B2jxlq4$
zKv_a|yIjKM*}K19oPYlL>hj&`$E))Xr++@n6_rG;{08~u!;LQraFeQBeLnqjX>}eb
z#EO2I`%fQ#`r)rX{d|ZvCPB^DwQr#Yn>H=wy`ov~&M&V{-=AH4zP$Qy_W9!c-R0G%
zpDsQxbAGjMoV<F7_vP8&&UD{ASmT6k8hv_Ab<aMY{_y_n$4xk<;TCh@aZRY}2K)xU
z##~`(QSbkH`T6YP>f`B$lJ3rnV=<O(E=c!+RF>v}n(ppgQ2b{y2{Uf<Nc6t}qbxwC
zpxv3*un?*I4k+`(I9L_b)yuJY3(Jvw^X%;7Vucn`{02o{NxVi|xrLzTE9$lo_jX<N
z@)3ATYnM;3rgHj*3AUdNk0c`dJV_R#-C6FRVom2M9tc^v&i`Ymrd-@yMMke*kuc;_
z{r@)J;JW>v?vnr4?bh)htD)k8Uee!`jg}VjKH5jt!ap!GG-E{nzhhX}hzAQN9RN@^
z5-5|^L30O-H|+TQJd4sr#B-a+T%Xy?$CmX|q;>c=i{6=|u;{dIssq;T|FqgCOW%Lj
z_^*bF_`lZuJ;(fi@#_+#n?d19;s6xRj{|6oF`RgE+#GX$(-=U+rAp6_JF>sxXe3C0
z%gJ54+2UF-HwIvC%Gmc20}PJf8i!n<Yi^s(8p>IwHx_4g-#!_u9hqGn8G#y9DxC{{
z)DH978Lk;lmXdjGW2ZSw;_W5}%dDQ%7Sh@IM`QJjb~$SyN#05K`D8*gfW9=60&+Wu
z&{!OAcAL>OOJBN?{{QYD4H7Fp(FraW#_wl-gX|xT<T#xBWE04Ehhk**X<XJgT5E5A
zaU6ha;@|M$@I9SSHGp<)B7bkR&i<PX-fuhyaNYjTN%8%!_DTDse*dcy+S6u!e$A9b
zk+*nE%fp9_mgO)G1Jl!n{DGyV%g^TZr1bTH!bZ1!X`!&Tk>1Q+Z`jAH4L?v8P&Rr}
zLb*=rq^~b<s4J36=Yi%q0Ly*7TJSQy{wMm%$lm5#v{nmQm;9`4=7+k2R?2<jo_lyN
zBlT2KY}c^Wp5!(y%yrZQU67o?YhSY3s7oKf|2qAj+uxm^0I;PsSiAmHJpa4XK0c|x
z|F49$fB!exnO`0KKiym|n;kB{HQ+6lcpcMFQ8s{v5-~Qi$z3)!^EEY_`j0Ka=S|z=
zfBO>vcEEqXTl;^N(Ejn?uN43N8vox!+u*-E0`Rwg|JUs<?f;zA@xQB~ed53DMYQZA
zz{4to(!j%yE!*cnyW&6p0pPcO|JOY(zW;mN?bq-BRYHfx|HA98RcU}+p^q)!r%v18
zUzpP!dRy847n|U}Q{4aUc6zn{UkU9K|M?f{(=n2~cYjFamjxYuY_UEY+6DjH*!~y0
z`TzZs+W)VF4u$`vFK?>S0JZJkinho9w$Xn#!GF>J?;h9R|5Za3*#CZI=&$GgThlK1
z-!A&^F82SpRmcCWhAOfDRce6R{%=KF;=e2c@HfZ*?skjk{~ovN`2W?=p7Fo@b$mq|
z0OgT~A6vRlpLWLo7K;FD@qb+0|3B{4=YLm22giS98vv_f4?nhqpEm7?|E*pC*vbCa
z_^*Txg#XH404R?<{Mgcc`m{6t4{iVJ{l7}+;P`(G`(LjDY)o6=pWMi;U;Q_<4*#8#
zV*KxRyHlV4Qwi-8|GDUN2gbTCsqH-*AwOZ-0{?h8{1@N<X}7zz|6d916aQEl{?X#!
zYd^O5o;_`W|Iy8c@B0*K7yI9??SCb-PyFXX)*cxDBeN6zY=r!TX)XSDiuklh>+s(@
zF7E%gyY=~B)lebccj<@jMWk;Y>397H@<si#|2jNE6ox_@AG?nqqILMcB_R!n!Za{~
z>x+%w`%7sJ{@dMN@%+C|r(gU3mC(y14A@A)>kt{d4mrPxBWOGnM56(XTx5y{H1xkW
zZ=eP4{k`+j#2o#@kjE^5!S@hQU*#T1RO!P;(c5U|{EUW;Z?!|t?1Zx2StL%*?hG!>
zi80Ih1z{ru?;VNAH4UkvD8189=ZXH4xs-GWV<P{8v$VX|ieD;0*$BKhNxJ`6sM10b
z?L_7HAq!UivbFld)e-yw|3#&ey5AC>3pIL;zh+5H(-vwX@Yk3M44`q5UcI~cQ34SN
zW;vFPJosdkCM5a<)EL3%LZFPe3FV@*fIlWeCE@<kr23f}Q)wT1X4tK5Uhc<ZL+wdY
zx&FU6JN@y)nK#+bcQot#zvE6}|F?bI@743aO6VnA*bxBl&MzU;obXO#%yB+zbmrVQ
zu%XH&h?p@0*7M8x{0!1S^<YlY0?vTI+<VH-aUm>#5i-qEgMSi*RC`pA9J2*#OceNp
z!8Jm_r!3?oz`%2ymvC-%fsOp>eEs^>8Dlufv`Oi32CoUOjTdU2HRB+H%L<;U2{37R
zK6bBEN9Fh@QRE6F!36iA1J>aGxLy4Iv)w!C*7&c4R^VT1=%=PO1N{QL4gC4g8t??z
zu{QDWMYDSS4w=3+<O0t16+;D=34=FtogsgDJyt4`gJyF&oq9e^3-P!Z&5s{$&ecfs
zjpsQ3$puWTb1>v$V)TL5H)B2p#UYkxDmFx-Vu42>aEL-b;jw@(0rzv|CK&L1K56PF
z>5b-X$NN_knK=a2Xf%DNXUfk>C(%997RbYpPqh@ZUgHdzk^{$a;Y(iE%*!58HIA=M
z(P^pqgm1uwB^^8_EYRH%l9>5p%0~bDKf35IT0|DarTodSF-e8noTq&Qiu2IwToE$~
z1Y}GV>b}(-sZcw6oSEh^9-!1uW?GJaSyJsDoDOxbTm3(zjLPwm9U}P_q{?3xwxs`8
zs(%+Q4O<sZO#wi4e(f&4{+e^WzrL{?0vu9?5~gEhy62Ukqfs)@Gy9Yuz1KuyklwVp
z14x%D;WVwD?s#KM0wAWbI(b?j(;8H^y4fLSy2c5k6_rks7VB=kV>YCt*v4Kqc+z*%
zRvf`}O#QKDt8dSZ-fcRiNZ_E2E@3kh7@H2MpLDF^Aa7^{l-ZIq1|F1+aRNh}X2+D2
zwE+BBDn6OV+_Yy}Fk4Q9fh{<#w~^aqf&nE8!<p{$Sa*Zs$@rf4mlo;VLzz#R;B>j!
zE5w{-FB9~lFOxD-T*D$!ZFATFkub$D)PHqmvrtm#tB43PL4`sl-S#c=omYKH!dft=
zAqu6dc#+B7O?CS#S@7;i6ou5cl?+iy4QJCzl7YbtXyd?1e~dvK;*l9bQqQLBxiuD9
zd8m7ijp%)D6a-8OQ(Au3ex$h+H^9b_-lCo&8ZL!`Qy9r3!-%0B5y)gL&<gU)ym22m
zql%k(udZS$iY+w!B;(+cBzL0g7i2{xL?T-Y(+YqEruV;GppUve(%ib>vBGUE%*yf?
z22}H<c{m}AjI_^Yp1m>C>olE}lj$TLt3>2!x10t6)qF@8&K3nLQNdT6cwiO|zFLKV
xU_+k6&!->WYs7{N({V1q2J<h>&3{J@bWJtYRMRu1{|f*B|NpF>;6?z}004Sp{%`;Q

literal 0
HcmV?d00001

diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc3/Chart.yaml b/charts/rancher-cis-benchmark-crd/2.0.5-rc3/Chart.yaml
new file mode 100644
index 000000000..d1ad06aee
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/2.0.5-rc3/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-cis-benchmark.
+name: rancher-cis-benchmark-crd
+type: application
+version: 2.0.5-rc3
diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc3/README.md b/charts/rancher-cis-benchmark-crd/2.0.5-rc3/README.md
new file mode 100644
index 000000000..f6d9ef621
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/2.0.5-rc3/README.md
@@ -0,0 +1,2 @@
+# rancher-cis-benchmark-crd
+A Rancher chart that installs the CRDs used by rancher-cis-benchmark.
diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc3/templates/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/2.0.5-rc3/templates/clusterscan.yaml
new file mode 100644
index 000000000..3cbb0ffcd
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/2.0.5-rc3/templates/clusterscan.yaml
@@ -0,0 +1,148 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscans.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScan
+    plural: clusterscans
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .status.lastRunScanProfileName
+      name: ClusterScanProfile
+      type: string
+    - jsonPath: .status.summary.total
+      name: Total
+      type: string
+    - jsonPath: .status.summary.pass
+      name: Pass
+      type: string
+    - jsonPath: .status.summary.fail
+      name: Fail
+      type: string
+    - jsonPath: .status.summary.skip
+      name: Skip
+      type: string
+    - jsonPath: .status.summary.warn
+      name: Warn
+      type: string
+    - jsonPath: .status.summary.notApplicable
+      name: Not Applicable
+      type: string
+    - jsonPath: .status.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.scheduledScanConfig.cronSchedule
+      name: CronSchedule
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              scanProfileName:
+                nullable: true
+                type: string
+              scheduledScanConfig:
+                nullable: true
+                properties:
+                  cronSchedule:
+                    nullable: true
+                    type: string
+                  retentionCount:
+                    type: integer
+                  scanAlertRule:
+                    nullable: true
+                    properties:
+                      alertOnComplete:
+                        type: boolean
+                      alertOnFailure:
+                        type: boolean
+                    type: object
+                type: object
+              scoreWarning:
+                enum:
+                - pass
+                - fail
+                nullable: true
+                type: string
+            type: object
+          status:
+            properties:
+              NextScanAt:
+                nullable: true
+                type: string
+              ScanAlertingRuleName:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              display:
+                nullable: true
+                properties:
+                  error:
+                    type: boolean
+                  message:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                  transitioning:
+                    type: boolean
+                type: object
+              lastRunScanProfileName:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              observedGeneration:
+                type: integer
+              summary:
+                nullable: true
+                properties:
+                  fail:
+                    type: integer
+                  notApplicable:
+                    type: integer
+                  pass:
+                    type: integer
+                  skip:
+                    type: integer
+                  total:
+                    type: integer
+                  warn:
+                    type: integer
+                type: object
+            type: object
+        type: object
diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc3/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/2.0.5-rc3/templates/clusterscanbenchmark.yaml
new file mode 100644
index 000000000..fd291f8c3
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/2.0.5-rc3/templates/clusterscanbenchmark.yaml
@@ -0,0 +1,54 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanbenchmarks.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanBenchmark
+    plural: clusterscanbenchmarks
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.clusterProvider
+      name: ClusterProvider
+      type: string
+    - jsonPath: .spec.minKubernetesVersion
+      name: MinKubernetesVersion
+      type: string
+    - jsonPath: .spec.maxKubernetesVersion
+      name: MaxKubernetesVersion
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapName
+      name: customBenchmarkConfigMapName
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapNamespace
+      name: customBenchmarkConfigMapNamespace
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              clusterProvider:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapName:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapNamespace:
+                nullable: true
+                type: string
+              maxKubernetesVersion:
+                nullable: true
+                type: string
+              minKubernetesVersion:
+                nullable: true
+                type: string
+            type: object
+        type: object
diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc3/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/2.0.5-rc3/templates/clusterscanprofile.yaml
new file mode 100644
index 000000000..1e75501b7
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/2.0.5-rc3/templates/clusterscanprofile.yaml
@@ -0,0 +1,36 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanprofiles.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanProfile
+    plural: clusterscanprofiles
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              skipTests:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+            type: object
+        type: object
+    additionalPrinterColumns:
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string
diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc3/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/2.0.5-rc3/templates/clusterscanreport.yaml
new file mode 100644
index 000000000..6e8c0b7de
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/2.0.5-rc3/templates/clusterscanreport.yaml
@@ -0,0 +1,39 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanreports.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanReport
+    plural: clusterscanreports
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              reportJSON:
+                nullable: true
+                type: string
+            type: object
+        type: object
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/Chart.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/Chart.yaml
new file mode 100644
index 000000000..d5dcb9b97
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/Chart.yaml
@@ -0,0 +1,22 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: CIS Benchmark
+  catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.25.0-0'
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+  catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0'
+  catalog.cattle.io/release-name: rancher-cis-benchmark
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/ui-component: rancher-cis-benchmark
+apiVersion: v1
+appVersion: v2.0.5-rc3
+description: The cis-operator enables running CIS benchmark security scans on a kubernetes
+  cluster
+icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+keywords:
+- security
+name: rancher-cis-benchmark
+version: 2.0.5-rc3
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/README.md b/charts/rancher-cis-benchmark/2.0.5-rc3/README.md
new file mode 100644
index 000000000..50beab58b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/README.md
@@ -0,0 +1,9 @@
+# Rancher CIS Benchmark Chart
+
+The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded.
+
+# Installation
+
+```
+helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system
+```
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/app-readme.md b/charts/rancher-cis-benchmark/2.0.5-rc3/app-readme.md
new file mode 100644
index 000000000..5e495d605
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/app-readme.md
@@ -0,0 +1,15 @@
+# Rancher CIS Benchmarks
+
+This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/).
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/).
+
+This chart installs the following components:
+
+- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded.
+- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed.
+- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans.
+- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources.
+- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish.
+    - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts.
+    - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart.
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/_helpers.tpl b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/_helpers.tpl
new file mode 100644
index 000000000..b7bb00042
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/_helpers.tpl
@@ -0,0 +1,27 @@
+{{/* Ensure namespace is set the same everywhere */}}
+{{- define "cis.namespace" -}}
+  {{- .Release.Namespace | default "cis-operator-system" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/alertingrule.yaml
new file mode 100644
index 000000000..1787c88a0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/alertingrule.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.alerts.enabled -}}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: rancher-cis-pod-monitor
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  podMetricsEndpoints:
+  - port: cismetrics
+{{- end }}
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-aks-1.0.yaml
new file mode 100644
index 000000000..1ac866253
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-aks-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: aks-1.0
+spec:
+  clusterProvider: aks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-cis-1.5.yaml
new file mode 100644
index 000000000..39e8b834a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-cis-1.5.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.5
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-cis-1.6.yaml
new file mode 100644
index 000000000..93ba064f4
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-cis-1.6.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.6
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-eks-1.0.1.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-eks-1.0.1.yaml
new file mode 100644
index 000000000..d1ba9d295
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-eks-1.0.1.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: eks-1.0.1
+spec:
+  clusterProvider: eks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-gke-1.0.yaml
new file mode 100644
index 000000000..72122e8c5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-gke-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: gke-1.0
+spec:
+  clusterProvider: gke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-k3s-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..3ca9b6009
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-k3s-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-k3s-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..6d4253c6e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-k3s-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..b5627f966
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke-cis-1.5-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..95f80c0f0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke-cis-1.5-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..d75de8154
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..52428f4a7
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke2-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..3d83e9bd8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke2-cis-1.5-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke2-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..f66aa8f6e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke2-cis-1.5-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke2-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..3593bf371
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke2-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke2-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..522f846ae
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/benchmark-rke2-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/cis-roles.yaml
new file mode 100644
index 000000000..23c93dc65
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/cis-roles.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-admin
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-view
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs: ["get", "watch", "list"]
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/configmap.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/configmap.yaml
new file mode 100644
index 000000000..3de10e55e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/configmap.yaml
@@ -0,0 +1,18 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: default-clusterscanprofiles
+  namespace: {{ template "cis.namespace" . }}
+data:
+  # Default ClusterScanProfiles per cluster provider type
+  rke: |-
+    <1.16.0: rke-profile-permissive-1.5
+    >=1.16.0: rke-profile-permissive-1.6
+  rke2: |-
+    <1.20.5: rke2-cis-1.5-profile-permissive
+    >=1.20.5: rke2-cis-1.6-profile-permissive
+  eks: "eks-profile"
+  gke: "gke-profile"
+  aks: "aks-profile"
+  k3s: "k3s-cis-1.6-profile-permissive"
+  default: "cis-1.6-profile"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/deployment.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/deployment.yaml
new file mode 100644
index 000000000..ab0bb3e24
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/deployment.yaml
@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cis-operator
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    cis.cattle.io/operator: cis-operator
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  template:
+    metadata:
+      labels:
+        cis.cattle.io/operator: cis-operator
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      containers:
+      - name: cis-operator
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}'
+        imagePullPolicy: Always
+        ports:
+        - name: cismetrics
+          containerPort: {{ .Values.alerts.metricsPort }}
+        env:
+        - name: SECURITY_SCAN_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}
+        - name: SECURITY_SCAN_IMAGE_TAG
+          value: {{ .Values.image.securityScan.tag }}
+        - name: SONOBUOY_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}
+        - name: SONOBUOY_IMAGE_TAG
+          value: {{ .Values.image.sonobuoy.tag }}
+        - name: CIS_ALERTS_METRICS_PORT
+          value: '{{ .Values.alerts.metricsPort }}'
+        - name: CIS_ALERTS_SEVERITY
+          value: {{ .Values.alerts.severity }}
+        - name: CIS_ALERTS_ENABLED
+          value: {{ .Values.alerts.enabled | default "false" | quote }}
+        - name: CLUSTER_NAME
+          value: '{{ .Values.global.cattle.clusterName }}'
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/network_policy_allow_all.yaml
new file mode 100644
index 000000000..6ed5d645e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/patch_default_serviceaccount.yaml
new file mode 100644
index 000000000..e78a6bd08
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      restartPolicy: Never
+      containers:
+      - name: sa
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", {{ template "cis.namespace" . }}]
+
+  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/rbac.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/rbac.yaml
new file mode 100644
index 000000000..4ff88ea5f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/rbac.yaml
@@ -0,0 +1,43 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cis-operator-role
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cis-operator-installer
+subjects:
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-cis-1.5.yml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-cis-1.5.yml
new file mode 100644
index 000000000..d69ae9dd5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-cis-1.5.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.5-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.5
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-cis-1.6.yaml
new file mode 100644
index 000000000..8a8d8bf88
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-cis-1.6.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.6-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.6
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-k3s-cis-1.6-hardened.yml
new file mode 100644
index 000000000..095e977ab
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-k3s-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-k3s-cis-1.6-permissive.yml
new file mode 100644
index 000000000..3b22a80c8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-k3s-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke-1.5-hardened.yml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke-1.5-hardened.yml
new file mode 100644
index 000000000..4eabe158a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke-1.5-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.5
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.5-hardened
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke-1.5-permissive.yml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke-1.5-permissive.yml
new file mode 100644
index 000000000..1f78751d1
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke-1.5-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.5
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke-1.6-hardened.yaml
new file mode 100644
index 000000000..d38febd80
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke-1.6-permissive.yaml
new file mode 100644
index 000000000..d31b5b0d2
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke2-cis-1.5-hardened.yml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke2-cis-1.5-hardened.yml
new file mode 100644
index 000000000..83eb3131e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke2-cis-1.5-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.5-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.5-hardened
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke2-cis-1.5-permissive.yml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke2-cis-1.5-permissive.yml
new file mode 100644
index 000000000..40dc44bdf
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke2-cis-1.5-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.5-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke2-cis-1.6-hardened.yml
new file mode 100644
index 000000000..c7ac7f949
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke2-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke2-cis-1.6-permissive.yml
new file mode 100644
index 000000000..96ca1345a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofile-rke2-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofileaks.yml
new file mode 100644
index 000000000..ea7b25b40
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofileaks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: aks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: aks-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofileeks.yml
new file mode 100644
index 000000000..3b4e34437
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofileeks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: eks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: eks-1.0.1
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofilegke.yml
new file mode 100644
index 000000000..2ddd0686f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/scanprofilegke.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: gke-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: gke-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/serviceaccount.yaml
new file mode 100644
index 000000000..ec48ec622
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/serviceaccount.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  name: cis-operator-serviceaccount
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-serviceaccount
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..562295791
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/templates/validate-install-crd.yaml
@@ -0,0 +1,17 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc3/values.yaml b/charts/rancher-cis-benchmark/2.0.5-rc3/values.yaml
new file mode 100644
index 000000000..91e812a90
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc3/values.yaml
@@ -0,0 +1,49 @@
+# Default values for rancher-cis-benchmark.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  cisoperator:
+    repository: rancher/cis-operator
+    tag: v1.0.9
+  securityScan:
+    repository: rancher/security-scan
+    tag: v0.2.8-rc2
+  sonobuoy:
+    repository: rancher/mirrored-sonobuoy-sonobuoy
+    tag: v0.56.7
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+affinity: {}
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    clusterName: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+
+alerts:
+  enabled: false
+  severity: warning
+  metricsPort: 8080
diff --git a/index.yaml b/index.yaml
index dee4eb894..d5b089311 100755
--- a/index.yaml
+++ b/index.yaml
@@ -2476,6 +2476,32 @@ entries:
     - assets/rancher-backup-crd/rancher-backup-crd-1.0.200.tgz
     version: 1.0.200
   rancher-cis-benchmark:
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: CIS Benchmark
+      catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.25.0-0'
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+      catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0'
+      catalog.cattle.io/release-name: rancher-cis-benchmark
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/ui-component: rancher-cis-benchmark
+    apiVersion: v1
+    appVersion: v2.0.5-rc3
+    created: "2022-07-07T17:21:12.504141377+05:30"
+    description: The cis-operator enables running CIS benchmark security scans on
+      a kubernetes cluster
+    digest: 03bf519b288547ee055ac0be116fa44cf0cdcada4cc5881fc7c19e8bce1fa76f
+    icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+    keywords:
+    - security
+    name: rancher-cis-benchmark
+    urls:
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.5-rc3.tgz
+    version: 2.0.5-rc3
   - annotations:
       catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
       catalog.cattle.io/certified: rancher
@@ -2739,6 +2765,20 @@ entries:
     - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz
     version: 1.0.100
   rancher-cis-benchmark-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+    apiVersion: v1
+    created: "2022-07-07T17:21:12.505844459+05:30"
+    description: Installs the CRDs for rancher-cis-benchmark.
+    digest: 870254aaa154073b4115af1e0e406e99185f9fd2bc0176ab000ac41b457a7bf8
+    name: rancher-cis-benchmark-crd
+    type: application
+    urls:
+    - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-2.0.5-rc3.tgz
+    version: 2.0.5-rc3
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"

From 35a9cdcba87ffa4b2ebdcc9a7faac70e50c0184a Mon Sep 17 00:00:00 2001
From: Prachi Damle <prachi@rancher.com>
Date: Tue, 28 Jun 2022 11:19:04 -0700
Subject: [PATCH 09/10] Update fleet charts for v0.3.10-rc1

update release.yaml with fleet v0.3.10-rc1

Bump version to 100.0.4
---
 packages/fleet/fleet-agent/package.yaml | 4 ++--
 packages/fleet/fleet-crd/package.yaml   | 4 ++--
 packages/fleet/fleet/package.yaml       | 4 ++--
 packages/fleet/gitjob/package.yaml      | 2 +-
 release.yaml                            | 7 +++++++
 5 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/packages/fleet/fleet-agent/package.yaml b/packages/fleet/fleet-agent/package.yaml
index cb8e21586..4b71b90d4 100644
--- a/packages/fleet/fleet-agent/package.yaml
+++ b/packages/fleet/fleet-agent/package.yaml
@@ -1,2 +1,2 @@
-url: https://github.com/rancher/fleet/releases/download/v0.3.9/fleet-agent-0.3.9.tgz
-version: 100.0.3
+url: https://github.com/rancher/fleet/releases/download/v0.3.10-rc1/fleet-agent-0.3.10-rc1.tgz
+version: 100.0.4
diff --git a/packages/fleet/fleet-crd/package.yaml b/packages/fleet/fleet-crd/package.yaml
index af0a7b80b..2ba9b847d 100644
--- a/packages/fleet/fleet-crd/package.yaml
+++ b/packages/fleet/fleet-crd/package.yaml
@@ -1,2 +1,2 @@
-url: https://github.com/rancher/fleet/releases/download/v0.3.9/fleet-crd-0.3.9.tgz
-version: 100.0.3
+url: https://github.com/rancher/fleet/releases/download/v0.3.10-rc1/fleet-crd-0.3.10-rc1.tgz
+version: 100.0.4
diff --git a/packages/fleet/fleet/package.yaml b/packages/fleet/fleet/package.yaml
index 60c9ba437..9540f7834 100644
--- a/packages/fleet/fleet/package.yaml
+++ b/packages/fleet/fleet/package.yaml
@@ -1,2 +1,2 @@
-url: https://github.com/rancher/fleet/releases/download/v0.3.9/fleet-0.3.9.tgz
-version: 100.0.3
+url: https://github.com/rancher/fleet/releases/download/v0.3.10-rc1/fleet-0.3.10-rc1.tgz
+version: 100.0.4
diff --git a/packages/fleet/gitjob/package.yaml b/packages/fleet/gitjob/package.yaml
index 3e998727d..80b2e8adb 100644
--- a/packages/fleet/gitjob/package.yaml
+++ b/packages/fleet/gitjob/package.yaml
@@ -1,3 +1,3 @@
-url: https://github.com/rancher/fleet/releases/download/v0.3.9/fleet-0.3.9.tgz
+url: https://github.com/rancher/fleet/releases/download/v0.3.10-rc1/fleet-0.3.10-rc1.tgz
 subdirectory: charts/gitjob
 doNotRelease: true
\ No newline at end of file
diff --git a/release.yaml b/release.yaml
index c72cbe06f..8d7546410 100644
--- a/release.yaml
+++ b/release.yaml
@@ -32,3 +32,10 @@ rancher-gke-operator-crd:
 - 100.0.3+up1.1.4-rc2
 harvester-csi-driver:
 - 100.0.2+up0.1.14
+fleet:
+- 100.0.4+up0.3.10-rc1
+fleet-agent:
+- 100.0.4+up0.3.10-rc1
+fleet-crd:
+- 100.0.4+up0.3.10-rc1
+

From a610b3699a295287d0a5d3881a4783bff78b219f Mon Sep 17 00:00:00 2001
From: Prachi Damle <prachi@rancher.com>
Date: Wed, 29 Jun 2022 16:43:36 -0700
Subject: [PATCH 10/10] make charts

---
 .../fleet-agent-100.0.4+up0.3.10-rc1.tgz      |  Bin 0 -> 2747 bytes
 .../fleet-crd-100.0.4+up0.3.10-rc1.tgz        |  Bin 0 -> 22324 bytes
 assets/fleet/fleet-100.0.4+up0.3.10-rc1.tgz   |  Bin 0 -> 3452 bytes
 .../100.0.4+up0.3.10-rc1/Chart.yaml           |   13 +
 .../100.0.4+up0.3.10-rc1/README.md            |    3 +
 .../templates/_helpers.tpl                    |   22 +
 .../templates/configmap.yaml                  |   12 +
 .../templates/deployment.yaml                 |   37 +
 .../templates/network_policy_allow_all.yaml   |   15 +
 .../patch_default_serviceaccount.yaml         |   28 +
 .../100.0.4+up0.3.10-rc1/templates/rbac.yaml  |   25 +
 .../templates/secret.yaml                     |   10 +
 .../templates/serviceaccount.yaml             |    4 +
 .../templates/validate.yaml                   |   11 +
 .../100.0.4+up0.3.10-rc1/values.yaml          |   63 +
 .../fleet-crd/100.0.4+up0.3.10-rc1/Chart.yaml |   13 +
 .../100.0.4+up0.3.10-rc1/templates/crds.yaml  | 5353 +++++++++++++
 .../templates/gitjobs-crds.yaml               | 6882 +++++++++++++++++
 .../100.0.4+up0.3.10-rc1/values.yaml          |    1 +
 charts/fleet/100.0.4+up0.3.10-rc1/Chart.yaml  |   20 +
 .../charts/gitjob/.helmignore                 |   23 +
 .../charts/gitjob/Chart.yaml                  |    5 +
 .../charts/gitjob/templates/_helpers.tpl      |   22 +
 .../charts/gitjob/templates/clusterrole.yaml  |   38 +
 .../gitjob/templates/clusterrolebinding.yaml  |   12 +
 .../charts/gitjob/templates/deployment.yaml   |   45 +
 .../charts/gitjob/templates/service.yaml      |   12 +
 .../gitjob/templates/serviceaccount.yaml      |    4 +
 .../charts/gitjob/values.yaml                 |   26 +
 .../templates/_helpers.tpl                    |   22 +
 .../templates/configmap.yaml                  |   24 +
 .../templates/deployment.yaml                 |   49 +
 .../100.0.4+up0.3.10-rc1/templates/rbac.yaml  |  106 +
 .../templates/serviceaccount.yaml             |   10 +
 charts/fleet/100.0.4+up0.3.10-rc1/values.yaml |   60 +
 index.yaml                                    |   58 +
 36 files changed, 13028 insertions(+)
 create mode 100644 assets/fleet-agent/fleet-agent-100.0.4+up0.3.10-rc1.tgz
 create mode 100644 assets/fleet-crd/fleet-crd-100.0.4+up0.3.10-rc1.tgz
 create mode 100644 assets/fleet/fleet-100.0.4+up0.3.10-rc1.tgz
 create mode 100644 charts/fleet-agent/100.0.4+up0.3.10-rc1/Chart.yaml
 create mode 100644 charts/fleet-agent/100.0.4+up0.3.10-rc1/README.md
 create mode 100644 charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/_helpers.tpl
 create mode 100644 charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/configmap.yaml
 create mode 100644 charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/deployment.yaml
 create mode 100644 charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/network_policy_allow_all.yaml
 create mode 100644 charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/patch_default_serviceaccount.yaml
 create mode 100644 charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/rbac.yaml
 create mode 100644 charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/secret.yaml
 create mode 100644 charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/serviceaccount.yaml
 create mode 100644 charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/validate.yaml
 create mode 100644 charts/fleet-agent/100.0.4+up0.3.10-rc1/values.yaml
 create mode 100644 charts/fleet-crd/100.0.4+up0.3.10-rc1/Chart.yaml
 create mode 100644 charts/fleet-crd/100.0.4+up0.3.10-rc1/templates/crds.yaml
 create mode 100644 charts/fleet-crd/100.0.4+up0.3.10-rc1/templates/gitjobs-crds.yaml
 create mode 100644 charts/fleet-crd/100.0.4+up0.3.10-rc1/values.yaml
 create mode 100644 charts/fleet/100.0.4+up0.3.10-rc1/Chart.yaml
 create mode 100644 charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/.helmignore
 create mode 100644 charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/Chart.yaml
 create mode 100644 charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/_helpers.tpl
 create mode 100644 charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/clusterrole.yaml
 create mode 100644 charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/clusterrolebinding.yaml
 create mode 100644 charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/deployment.yaml
 create mode 100644 charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/service.yaml
 create mode 100644 charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/serviceaccount.yaml
 create mode 100644 charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/values.yaml
 create mode 100644 charts/fleet/100.0.4+up0.3.10-rc1/templates/_helpers.tpl
 create mode 100644 charts/fleet/100.0.4+up0.3.10-rc1/templates/configmap.yaml
 create mode 100644 charts/fleet/100.0.4+up0.3.10-rc1/templates/deployment.yaml
 create mode 100644 charts/fleet/100.0.4+up0.3.10-rc1/templates/rbac.yaml
 create mode 100644 charts/fleet/100.0.4+up0.3.10-rc1/templates/serviceaccount.yaml
 create mode 100644 charts/fleet/100.0.4+up0.3.10-rc1/values.yaml

diff --git a/assets/fleet-agent/fleet-agent-100.0.4+up0.3.10-rc1.tgz b/assets/fleet-agent/fleet-agent-100.0.4+up0.3.10-rc1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..36fc0fad3a9a9e83cd1a60bdf35c2fee22b3f952
GIT binary patch
literal 2747
zcmV;s3PklEiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI_PZ{s!+-@o-K1`3L8dy)LgqY!Wh<g#h8z3kp1+4gW~7YkY(
z+q_VuN>WZ;ufO|&q-0C767M6;ws)RC{2*t@A;p>b4Mk2kqKU{9h3TEoh%)hlWc<m4
zQorBtpBx>z?|#4E{_dalkDd&UhR3Ialfg;<^htj(8l9dzf&Rm)(M^RmL_O($a$oJi
z{Yi)jAq_E13Y`Q1DKUi0X`B*cIL1u&QdEXb7}5k35$Oz7C)<osiXwr~r~<=I7C|!9
zIY}`AUl{qtrx)5_)+r)&0-TBB*Us7;RmO~t)?A0TOi+2NJGm8dBpM^DMgp~UACR2=
zh)Odl5||GIlIQEc{dg1)`jJWp0Y#lEmK#_8trdqCM35;eIJ3<_1m7|9&s+mBaGes4
z0ZT3K%$Qs!y<Td~OULCbT9t^_XmpRusnk8EQLN|FU|Yj^rO%+>kNfe_Uy8h@*{3}J
zy8X`yFHk?c1K45zqtRf{w*QmSU~m7AK`bLvw3cs;C@k&g&{>nUVuiWX%t*CZn}4sq
zFaZpiCNQt9#^3;6&k*ur%vlOQTwQ{kfSDouqZp$SXi&r1tLLCm%~63WgkWOoIGR?K
z723cUL8E~gDhv+b;#ZR895*(Fz93FzmYf_NjjSzSyM}+bx=bJpD|Kx1Ic9(&l@uws
zwO(m<e)f?%#=!wRp8&^+0nBo<0A_$`AX*n0QZO^7+ikwSytXWwO$AaIFMz-;at=2_
z-U>KBi#KC9KdTQR<%Kp@8=Nw2lylmC9D$KH&iOjtOEN~T!AKyK+AmWRE^;ZFEl9x^
zvF%_1L?H-itQ=Ax6DweaCnPm-aKK%|NpJu#kurfXQ5)Tub%D>HRTEkDXSL8;ri>Vb
zTV`f~XMO&xKD2dcXp7&XQ_3rB|N9nP<;zVx>1rvJ!VtE8Zl#cJ4qjub(CEO&psQL{
zt#!ZPs|Kog6&%1T7g2ypH*4vPh^b#`W90JIE?i@~F9b)eVId1pNH|}(XAQSAVqBpe
zA(c!_111bALAW(Y-_4d9>u8y|B}lJ)SbMn@GpY%Z6t9tEYNP@p?1JFvhp1s9{R4Iq
zKr!cXky&BakPB;8m4gF#DJg<q08T2G)IL}?6`A(~2M2J4lZ|EGtXI8_bX2CgS7=nx
zv|to_R;x%mwU`t=Cm%pV*#wp=-|i*T#x4w73-*~Bx4O%LAbhFtmx3v5nA+d|3WNCM
zE9;>)15V(lH-XhGHT-{TU;#h`H@HY#V{yu5L31VNjG~I0Di?wYW*Fh@H>3dofXr<>
zR<rQpmxA!nl{(i_Lv#Q*nP6%Xcqy;b8PbAd5KOro`vvQvR^mAQDt(3%QgBn6)xy~+
zKyCiJ15C-_>V0?_#KS>+90U}{#WaBl;Trv)OPnK5p#MoA=>M4N_|IULb7D~U-p-Kc
zsB~=d2Y`Y*@ZX?+($4>mPfz#w?@?&EjDX^V353ua?OW=t_H7v`7a>HeRbUy}1mYik
zlHkq0O0PQ2eJz$NCd>rFFLW>bs0NU0T>l9-`k<g&zk}tn_jT|u4`equf^qKPP&qj7
zZJon+Sl4+?eHd64AH02WJy;qEw^H43NvMWY7MwbCT6)3~X-SRs7K5*QrGC{UyUNIg
ziCW`+Or-}8>j|*+n3X49!}7`zhZ|39i?{uFYi2st&}CfmIy7U&CIPRt^tspUo*s_6
z{eLROgiSM&KgedluKmB!sO|qxhNs7S|Nj_t!vsy>+&%9XByaA84T1~}p~Mgi*0#5$
zsv5ss5_lIm%(ir&0Lx`PVw4zrwJK{vUl1nCrIFujDO#MX)#0Wc>v=YkRSFp<;c{6?
zRfVgS2dk?+BzzC*w*O5g_z(_Yhy4%x!_&6?9}h-*`+p3o+dIi~-J1^r?-QPFb_4GB
z0y@XkZCF(Ktuw!jm~?ho?ihKyC3)VI1gMr=DO2mm5^soiHULm{Z>ik#LA4gLpk=;k
zAu9EMdG_Ms`qkO_#k!_MS>Gy|CAC6;2}4e=aMCO-%U=;QOV)bF>)od{uisyVr_1Gf
ztoH!z7*?x|M{~0ACPQAWl6Ivb)79$fy0`6zQ`Mw0%ZQ-$nQ&}Pt`^958TQ8STA?U%
zh1(?&x0!gYe7S^Q3Td#}n#<SgO;)&aU8GUXS&C<ADhpw@_qEEAHaAq3z(mRmdKa>d
z;T;GjC<+7Lz;-&b+3$)Q8)l9ZjQlsr_)g|`(C(ozu*N>r9U3=Mf)7x-o~P{6xz2l+
z%AeaU?dg%IJN^qaHr0KbOU}~8Tf(`#wVxk{26p2AlVLOd4+ls4_kWK=Q4}>WfBEE@
zn8r8XxGjJ+Ab9DkUb!{VfeFfR7P-}8Kg*i(^~G|zc1G1}j=1%X!}_2qoad6ZHq4or
zD%9mxw=2PRfnTq$7de)t&%KQMec^w8?iv4MQMdi)7QC(TNg0uekH{bH19sy7<F@?|
zhkN^f9BSMD*gpA<&3`Y)9hUBvM|FCK1OTm5L;&Foc^2zgZzknUm_RPIiI~uaaDM3j
z75P*VirefFMUDm|Z_Hr=u22_gib#<j!Wbt~VdRQag|6SV-)LqO_2l6FfTcpaAdL5N
z*6GdNiKn}=3qK)l5*mO%{1Cw3-V`rifYqQsIP8BHpCJ~dhfN(`6`WV2*cNTE)Dd}=
zD!@-+*+F;+p?l``N7EbFl5$w~XO!E|<<B80jLa;<bz|0F%NrCwhvh50RrqF;+o`Fx
zT}C22e9u_%=J&}3s#)Eg2y}8jb{4Q+1iMmzF2;M59h3A%P9~QuV<v%5J7u<~KPq*{
ze>EoQ!<_@%`Tn=xZ@>Q?j{5uf{}@z{{qCug!px*%zc~l7l>?mn_o-Ks<NdpW<vFFO
zUZkv)D!2vb5s;jHr(}_rNd4*8Pu+P#Een-mqi~LDTq_9LnB~Lt{yP(tiRs6wAB{_C
z`={I#tOjzAA_2hm{C&u*>0<mJOpTj3-%>NKc5ckJ(yzEYDi*I}=xP;o+rK{+_fQ^S
zSN?xI8n*5KWN^B-|Hq)#`@YH`?mZ6~E|=qzBNXWxTHM3#acReq&8<e-JYKRo+PcN=
zDm+i?(C-#&y}l*kj@aHUaDHa_D~q#6vBPhSr8IU9@;?b)y377QE#q&}F8d$!+xCAt
zI@-toN1>MecgB|cU;lmX5$x$xsN4SMgfmJEJ`4ibiT}6H{|tuv{l7<{<&sT6AZ&xf
z_u8#rE@46#hcBx$p08(2gS+XrzQ0p$`ymA;+--x+9gQzE5bes!+j*|8?q0&3YJBDO
zKtcT($ByxAx3PVB;&Y8=Ta&H<Nz(~t>Pm-=3Z|jFJm3zd`fF5&?gB_AwE@m<kS~C6
zE$d(?toQx7*XEvnf2#ZctBbQ|FD~MYK5!qq@ZV_b{MYbw|NiH3=-LoL374X}*;r^)
z+J5@Wi{AN7q=GWPAsT7(4&6`g4wSF<H;W9?IHPaA?A=lGRUG)vn1CyP=?ADp?fhJ`
z>q8h92Haa7)SY+LG~`N770EJUSV}lw#KGQm?P*VY+S4xjZvX%Q|NlSi4ch=l000@|
BTP*+p

literal 0
HcmV?d00001

diff --git a/assets/fleet-crd/fleet-crd-100.0.4+up0.3.10-rc1.tgz b/assets/fleet-crd/fleet-crd-100.0.4+up0.3.10-rc1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..3dc1024d604c6c055872b3eb4283f54b37bb9b60
GIT binary patch
literal 22324
zcmY(qW0W90*EQU>ZQHhO+qP|Erfu7{ZQJIw-92r6J=b%ucdai!Dyga@RVO^zXCM4X
z2o!*S;hPeG+E7A?!B|3;O~#Xx)reV*!9<zWQcIbWO<qlnO;+8;%FxclQ$^99SHjfB
z7T~g5*LjPhfna0y3pJ{TzSFUG=}BgG>URuB{YAV@Yw2gc>$oo-+YGQsK?Q>mq74G6
z=Jx#eC)oHKUBVa$Ad>2Yk7Jt%QKA4*{MfAJM0?LK)%(HaEK1+kA+$61nEj*4RQm6)
z!`S6sdi@@rkLM$Py|1HAb^fm-`)`lOXLW!7$MeqA+ON0!QT1I>dR^oNkVzrt$L-0T
zHaPxkkpR>5B^l^+RQ~Q?1!<Nk6YHi^O>(crar{F%mW-%8uartOktaH=d~E2F1C6-_
zH_cl2H`w^&YeDFok+1TKpNFE;KEulSuLXCgnja{|MB0AVAJ#L=LZ=5t4@=+A6b&ML
zXwmZ2IZkS~kqJ?`1+crl2JJ7&l|o~erKkJ!^cp$#U+?$#wW+mwdSx%mks;{yNbNO#
z{@Oh_z9yKNj;Ok{(6s3K9)zh>$E!Y6Op3Cn(1@w>v&}P+xqdH%bnF_A?HR)fBx)!+
z==?=aWRdt(5p<E^>yg4x_$z<Ayk76`kB(x$Z<u!Tt9IY)pTB{nQ@d^n0c764k7E6K
zx4!*fM|Um0;Q_zpUAWOjSx_lsMG$|>JXD$JrIg4c>i>BwCl5vhf!+M9eI=4lKOTm!
zm&%$5oca82?fv?^sfC;U#{a%M<o{QN|A!;uZ%Y@?VJA0orF>9&I{n=){p`TuquHuo
zJ?8CuyDYQkx!2!?6!Nv<>bv6T{$K6x0WCZ)2YM#s^3~)=k)W$Ih8f9J625QSw2dT3
z!=}Dec5-*<qBDp0<>?8NKCTkiAMJkKN~Q&6VsEonMd#r>x>PB4V6}eKB5c|vGS&XR
zh@$NWpz81+)^54uqnFitmP#KevYJ{+{&Ys^54i>M)~;lph@zFm9YQ{c^(2VR2;GXs
zBC6_4x^xYwn&|Vr(COO@yx)`^G%Smg2TX{fISr-K!<zRl$#l@us<OLYLg%w>$DUNV
zXgrI<!>RY{%gk@(B;|8bCXH$&^;1?I5#R5<U!&hWG`p{}-yc0#$M4^-yQ$E6C^jR{
zb#fK#n{i9CJY7bXeCD<1XHh3U{eD{Agw8q1Q-4>-cV>@JCc9K<R;5)3y&PNTK6D@<
za~n)6*ee}go+&0$EGMp&zLZtYi^To;-ZHl9opVTsPcA(a@?Q^rrPxWiA2;67i%CWQ
zT~WAA8r7=M(~!wk90)q|_&U~Z|Cz13VAT(y!kUA;{!F|;A5*j#rLNGV=~c!-;d%Kh
z3)3h7$J-GqDD^4G{Yggh*|RIN<DLEw8tyz0BXIrNj-TLeql+`1+sU5{Jz`Uc4%hL!
z+nljs;#}V_34OASIls<OXy-bQBxuk%l|M>!hFeh2wpb7tn+u`Zwebd>)K9vqmZEwR
zJY3{1cLJ07*w?z;aM%3mnok*f6jnyp^T6AtMtQg&l(6yMFY#gn_TgoT#Q<vPXmAhZ
ziz8nDP)6?F*$f|#GVAy1N6cuNuIz+z%A?oB=5Z=_9Jv8x|5|aa;cN4}eVgW{RGw)F
zBS*X3oGqABYPML_T~ryEX!t5uHF)~w8g@Rjwwb<uJsFLvG@{e`lV}Ontl`kUgsi7m
zuU(X9iPp*DeJk#E*=&#gJjq?dRO9Jb&*rE@V~ssJ>|*-I0<)Lwx>}-Ig`E9)GiSi)
z0a1$0#^#V+0IprbOqub0>|Xz65q&4Gzkm-chCOIIS`i%jMT7B7(vK0_l}!Isu+*~O
zc$n33P$5nD7;JZ9ZUo}$B<qskyNBuGM?$tWJ2yFz$nxpKRu_l(ZeC9F$sl$e-OeSb
z=KBPesi<aHu9Rf&)f>j?Mh!BeOiwj1p3KG1wdN$5MJ4&A2unU|g!%3#Xl*Oc!K9kY
z*u;@fh(5ryEYSBSR%3XXr9+q?(+5Le)jw)J?SR7mk9AKM-IY42*LHhhgO=zQLwiI*
zhT-Q#819N7?z(-|a)?W=DC;l6ad?PP*p?Vxd341PhiVa*65`0a#z9kdB@lM3!pcC!
zfTwN|RXXw(6^a+ejQAs-V7x6zo>yR$B)%A&(nKo|Bu1S9B30B<5<_g!7h*#~H2@Mw
z!4DHLr#)0{UI>i-xT8+%E{3hGq824)I{y1d_=hQ*G2MZH4ug))-=kYr6t~ro6t~ep
zyFZEWZajxc2dWE+DOCX@IwHpKAvvR(aP4~%UfSji=?>b{MIxj(lE0Ftt?-YRA$(^o
zB*zj{@oC)7jOKDgVhE-meaBU7AYd9W4V<&pV5JAJDX(h5{E)!Yp_ThxM^T*mHQ-)p
z&QJ)@m)QIiL~Gyu(2f(t7)U2+;YZuc3{k?EDZklCMEkb7_9cWkhG!*I8I3@W9<O4S
za~zga4#Qt4<^s2J9>e=k1Ubuy;T_zQo^)EUWH<vmja_9OLB`>$`mcDJ%wgX8z{Uu-
zaHm<`<9r6T?_{VAdOX`zItzQ&!#YLW|KO}Ryt%^4c>ZSPP+dh#k6<N`PfLu(2|248
zoCjLc4<~@gj~95rtA-%oaT1xNykEgsX`JbjqW1Y5faAWWMO+eSQM3jl1CswkwYJbn
zKhQ?LmB%>j)-m)rgjViO7Z0yfe0f&Y%mVEF25DrW*R97{ux*X%hZ?)`+wN6Z_s!)y
zal_m~n{e51PhtYfw^Bn*g?JZg*QjdfnN>dR_{*`{YUE9{fP;D?R$pAGJy2ffunh0^
zSAQ&mRx%kMSy$%GGZiMgzw39>mD4iMQLekpaggu(5Ps~u+q#j=E7PreC(?eW*!YX_
zn@cgr;#Dz4#%_{(@*`P2ZShL7#%^JXX!yNJOGN*D>eL~O!is0RMx7fojYRZGr~*$p
zmG3h<nNzXei6>RY8U*)>5SgoU`VO%vQ)SPMwD)!rEk|?lvg;xFRe?pUjD3vQpdt?h
zWaV;}3tox#?eWc!2=Nj_R4U^>Ww^um^(~oxKV2Ws7c0!eFtj2H?r=cH=%^3VRvDW{
z3(HIsTiz@$+{77PP&ju0LGp6DC{rWoK%ymyQ-BGk%BpamlZ^^>;T#h_>z;fXM4^r?
zpz3HLSfy$?U^g2t;{fO-8kgOLUYYPr*v{H10+h7LxKi0*ZAdYM6jYdlN9;cIRFRuY
zbc*z+Czt2M!I$t6&qYNWB)&xZYm+!x6ESk2V|40gHHY72$puhNFAFGvMrQYvRt9#Z
za_Y*_%%&IEmk$5bVg)BA6&W_HZ%MZS({=jJ4clq@4j9&*m%0&X#^u(?FCZ6*QHcKI
zHf9;npo|TMiOn@gRs&<K<3cg^fRMOiV3wFyA_Ejzx3w=b1LjrCiGungFk8ncMkw<z
zA&k5_H=v~Xv)ANkQOu+daTV>fSO=IuhW3Cc(G%yibmQ=MP~40uz7p%`{v~6t?!_)+
zulB(rW3Oe4ku$tJV^ywbHr+zH_Ypx>B-g*jxHnCMw4o^#D8t;nG&eC?f2)EZ3i-c$
z?hby!aLkjU712lLv8Jl)@%<NngfyYQhsR^V0&GDgRgu5%Rrj%Syz1_gQ9rA6T8-Ap
z>ebUlr}e;t3LmXUN#x`|?Jz2Rg|Zjrez+t0tBOh$4fo5_6>n8!_4Hda+Or$8@l830
z4pkZ(VP%)TVV%kJ{N;vzg1AZU<z4IKy<4~V{hzAPs6Nz?bt}6b{b!hLynyJ!s1`|5
zb!K0xWOCT6oc>%0US`%mg6=}HS0|KGZ^cDLSj>8vykqD4P9n(_wk<AwP6;>a<!(=X
zE^hPo;Qy}<Akpl8&wlslWIua*SoyZYN`6iaQl}g{KUL_Zdd#5POvf{wtY2h4_kOuH
zJUeG5G#+QsHc<;h(jO_^wF@@3wAjHR$cl%S6ab#<D&$j!TziOJGg7gz>bT844f*=}
z@_6PMVv|cA(`qG;KLeB(FY_Pwc1NHY*fe5<uFNt`z?BV!WtJ&80nr39ur>w&Ef$hO
z@`IWQLNd<2roWqS(4s4&PD)o&S@6<)s}XyU(tI}&SQ&sS!}mo>02qQFuo|-L0j+j2
zVLESE>$Y>Ubyn)+lT{{)!#q|Kkf}=8QcKt%mDMD7(%;lr9KpfYrJ$OW<hxc8G}?A7
z<&*W*wR)@90xj1t;n~LM*4creRp})&KVoQ>L%CuZB!L;=63(Uo85{@tQ}wNb@ks(&
zL#BDD3<(Y@I7;EL6bV6;u^*jRvHPUt&m<vt*EbF<3G7<#iGiC^0ifo-8C%vq{xK<@
zQq7T5&OI}UiQz}fnD%hG8i&x1{YsaqH;J$XV;WANT!Hjr8m>7bQ?_{@G>ITpz9fvJ
zTw%xi_bNrEK3pKIiI+-lJWi}+EqnfVa11`FGEKVCIEr+MMhIog5q#UkP1TI^z3EKx
zz`cZyiUwX_p;sR<nEc&^Tj<d$q+XB7GuiIsCL)X6yq7Rz+8(u%E4m9~roe}K6H}5o
zW1<HcX+6x5%0RM2`V?QwO6|E8pR#M>9y@xnH*lfjTx`DvGl<a~=rTCxV~chG7QUT5
z(;gKbL1yQ;+Pq>Zu@2?Bl460iklHn7DIgP=IF7|1=Ng21#Bk`86Qa!aO62<A)NdNG
zI=prIv<DELyu{$F#BjMzikt(kk|C<)V<QcKxI8O<Flo@h8rIObX146+xs>g@uqk%W
z1^W`tCqAM+GMk9U;sEYs>%z(x(fX^L!UP-pEgjJWdA@3ZSB=Mx7P)}E?|+li+U#&O
z&&WPiQqwH?60I8f&>s)Et)?qvk2;;|cumb>e*vSKJ=-6qbZuBSw`&!8A+7T3sjU1)
zr-d=c=~R1v3fKD#!+))cFlbIqWV+nCCI(aEsc^@15ylAF%w#QMNYaivW>P4%!(+t4
z=z|MoqZtX3OH-1Ix%8Q{#~P0B;zFy*7=-R9pdJ^G8WQC*0*Ns{BHmfn@@aRRZR>yC
z$aXcQorDwXlV}2@lhM7(sEBPIYrEX^C|&fl@o6_-&DI;PR^>BKr@h8IDp%(OaHD^(
zw3V&SEOS-%4_WFMmjRrT)*D=-)hKgKq$m1$s&BH?QI0#3g55M+?z)JlQS@GTynzKR
z;$R!7#oi3iY$tShJ|a||c?+D?tG_PFvNh4B`suXCXy=FqzDMqMKDmwknkWM|Qteld
z-)s=cb96-DT_{(POYi0f9z9{kvzSUr{Ws*n#(oICY7U*dmye&{jg`~BAzUAGLXF#x
zzjQ`O5>C-2c?}>xu&m@45cVE1Mg<bE6j7G;esjk>to8WPb?9~#MvzK%Mc4FP7K0n=
z(0QRf!0?(+9ysl!ma`}K$o&x0qKt`-D|)ApQ7i*>(l2nuwAvZJxLR_4jq3olHbTT5
zeCJc5t=nI@dB3I7FDSk?3!_A-vQkId^mpzmrS8&Iut$&9IJME%bo837Oy4`QhHGFN
zpQxJ>1sbeS>-GLTK8~pKL_ELoSepxbcD^@tJKzhIj=StJ47v?2J}GNifNBQJ7*MIy
zdY;B5ER$)vyFVqsb@;P?rK7@Hm3IeJjC@g;MOap4ZKU428801I_XI0!QNf`PR}(p8
zS!|ulv8;0E_ulHTO(~}?LGs==3ukaccyDX?bsJ)k*R6yr)m)}W1?f?qqVfTNcH;qo
zb}P+Uqbtl&|4aN_a?)t9wC(25O7m8E^YYXgXi@%lg!7FJ{#V8|Do=gbykM?5Qe@IQ
zhchbZvw``^mecKVOi<&J5%94KXJj0YmtAhp26tQ$u3f826~p}TVR+_7aM;Oe8v)MH
zTF>QR;&|67KVvBo??|6r`tVg--YR!CM2#o4=c2eeYTBFIC;H7mxYiHP>-(6eN5vXx
zwei999hhOjyB@*I{#WI8?k(Ycv$5HxNeLy4|4Hp^SKCImk!E6Yq4)<<<;j|_%+gRW
z4^T_i)q>SAkM0YhEX`V!yiv-sHjwqJxioL;`E(HEyO<^zY_Hfn9_c3jpcVJ_y=YF%
zzT8$-|GN?nA4{m<lg3`v-ks9jc=wn+zl`6JluW$ou5-x=xx(8hnG{2+B~?Ru>~DKJ
zx-IiA@Oc}>%R)cb*7-(!O=i|ZzXJ7(d|ffhVeU}l&#?YWBP+Uu=pl%DtbvKRmAxex
zxbxZb*}qVfs^^(t&UXt~eQqjEqKKyQO&Ji4+b%HTiS>UhVbcamC8+wHV?VC>%Av3k
zmy+H7sI0`NRR#>{h#0~B&K}C@PJ761ye8gT`<={Y*FN^l5UpSa0Ecc0M&OX;XC~n7
zY671Qh#QDc*6T;E%{4*J!Q}Toz$W+STjtb%ytBoE$s19d)Q8WMQGTa3I&j)(0xz_y
zQdh5q%|bZeWkNphBLwwjQeK03AyWw=CqVLT%om1$HA!zF8!_w{fvK0)u~5RKUgr<x
z>h>#&nGm=I1%C*a2U~QzbB$W5%*g;24J5<G^n}Rc4noW67ZnV|Zm5`L(17c<KOliC
zU^EJX$=lU|pXaFR2rE6^N<9U7<>9$eM}!#T9x%vlM=pa%9-Yk@pmW$-{FPeC%({~c
zc*s<=r<&XYm84{9lFQFUJb>X;d4ZHvci?wk(PYmU#aYAutv-}zPVf|GNHWl*y4U&e
z_YBP3UzBGH2dYvXA|$$A6RlNW8}U|<V+}au{Z8aX4$VxJER}E1GbodXA+^gEt}=@|
z9^U-8(JW>$iLntAk7@cEDJ+jwr_9$gA9(OE(J0t`#mDXKy%#za=|-3hm*;1ZqpD_Q
z2S-UmHARP1tdEm!OT7DQ0e=P9@c0?)EM#7iXq9=_C+pS|%~l_g(W7HsCM8o!?&Hbd
z?XM>%Rv(Gcr)NFTbEu(e;TovmTZ|4xOPqmQ?0REbGnTtiLrF8Y8LHd4VC-Q6+Jc9n
z!+TKO@#${l+Z1CdEVo!b!FVYRu_k36WVq+)FY=#UCzfx+z5X04rUh)VO>L&e)R>M%
z)EKVr?jERF_J~e-;l&+yz-1x~bPw+q@N0Zc<BybGD-iB-w^h823Q31nq{T5!L;Fse
zfuo1ruOiUHP=5|dbM-C)@|uX9FrhMT?CMr8;I0zcT_A(heWYD=E0J~$jzBk=^cU=G
zPHTYb^EAcp|6xX*?5LU!_Awj9zvvK%&TfS%a`pG>bRROF^QfnB+WCWe-T-OMhMh-)
z^maVOl%C98$7QS|O)teFbWk8d3=*>#1y{)=%u^J+1hv?lb~j+zV8DCrz3Me4*6Yk^
z(VLW(Z{z+CP`hi|n;*{g7qTaJ*I|yNmcpf8_2WNVxTY`gm*w+6FUxRi-c;V!p}I2I
z&Il7vlH{gJaAV;4Fw$M@a&PX~v>fT_R^P71Z)#J)Z5)CVRylhjS~pxviIiHL_wbOk
z<mOW^Nn3&9a|<g8NzG8Wd$lNR#<?-JbUy02qSD?M0S`y7VgU02+0{nVDjI-y)9{2c
z(1;#gqx=}n955FE#46j=Ll;wEgtDQ88twm`W`C8&zL`lYV23yBKvW{mzCRP#@kj7~
zpit#;`pp`InIJIapo^*AFDvQ1DwlY^duI{6iw*hh{-SHMdTxs)T0CKgGH#Q{c;>l&
zDs5=+n*Q1GlvJoY5A$=3vT&XSn6>~$2HC^b7#Iq)EkE+?hrbkRV_$h`%*zJYr`T`G
zz6OhR+k_3!PgmxOdO6svYuC3T!^$%eXx^r~H<omNH{4bJ9{_}9D*bF@S-<C0PTti;
z%sx?bjcL7_7MQ!-VeVyeyCTw!N-OKg9pd@@ZV+4DL#V?FdjF`>YLqTJd`Ud%zb_yC
zg>(xpz$g~yT@-%qI5LFB&jC12Q-cUB*R~-jX8q-}vXx8K@O$6EH=;SgM?bx2_=cm>
z2tAXmV7}>3=$jf`edBMo)oOeG9qmXc&2<Ir;3@%plb0$i546dr5H#@7dki>VYV4Q<
zOD!uCEyihc@q(p{hjpb%>=GAK<xG}K$~hAkx#6F~bw)in**POmZ0{=uyd}8j$=W9h
zqX05s>M^VgHQ;ClK*<8zTvd$Z5a{w|iv+N!#yO*EtFJOpb$9dx_EWB~H78}9k6~OW
zgd{KwcO6!%EU%ru8_%k02LL>v7J^4y5(x=*K*%4$xVWa$z>p$tLQAy{#Uju{P@Mka
zh3(_1>lHnB!c9p9R~KCN9iq40^nG@4DCdg6fvl)l<+MdWo?r&@0J0kyt@u15!J_~X
zBo*;n8j$6)7f7v*%>*`0V92xly2Lm#LfePxB3U(oAS;SXk}?T}b)U-aJSI}{px=x>
zD#|<X9ySt}Wt7NeVCFzjdIj6DMFFPJ%MLO3Kx#QViO`@5X*>943X)#A;f3p<FlL-O
z^IpzoO0Zwq>2W&6`4)ht^svG(Ylz<WR3U)q1P_+(Sx-jCvYHBe@PIg(ww{UxIEYc=
zTFk|6;-_|$bJ?uT+;Z<OV#hEQSX;iH+H%R(JR>xf+wmRd8(EIc+-lD@nRYBSOIu^2
z;-bQ8YOtjlf!o>bpdW0ffv_`26@ac-Svr>(Rq^u(Dgc|9ucV+=q<u_-G!SHP4J8Lj
z92OdxO5(@qpk(iLjVn<s45-If^9hA)r|xew>85*szaTmeUvvyTji75m!|>ar))&{$
zq_U$<HY9hN#8xm}bg7Z7WCK$mZ9iVy+N?Hhn$Y)}q4)z*cCPpn;|e-I>s?YdulRk`
z^L4=o8ViT)zUM3Xy)ieNPc@cFcu86!6Q3ti*?diVi<VYaQuG>D(Jwd2zdU}`Y*Wo=
zhXeT5@|L&yhD7m~$g4**hLvbt*{4Uowe)W0;Mt^W?^cwgRSCph!Y^XzO%}Sju7Q>f
zbRk5L<NC4@;$tlHdUC(335{y9&)u+3bUZ$$wqU_(JD9OnT)@Z^d^&z|v;}lW@)GJ-
zXST0<{FxjKv*f{pJ=m7=n8@EwAZ)qP4PfPn1$&(drGS#hP1`>%6ukeLWkrEMx;??n
zmg8q>AsAbg9Cm^)H$s9B5#j=1Hq{@(y*8!_RAG(%K&-k_VGwnnmVh!^h2UYTr2w5s
zy|ug`C+KQ+J$RS=V*&drRfA@t1|z(oeANLZ5TeB#`8p-fE-P?!mG-6F(!^4lYj&BL
z#wRYXIYE{0Sx*xo?luQ(HK+C2r~M7HHoEqg$$IV02?mpejJHkmjb;LNzaHdA!Va@2
zG~AL#rSks2%hT)I$2HgPoiaMx_CZrx-4*0PQ5x3=Ur`yE!YTs5%j+bXeNplb$(CJ7
zpn0B<UzD?K;6NsH_kmsp(T-(&Tmpl$>tiTV+E_Teb3DO}QvtF}ZSO1tFb_Hr+(a@o
zeuet;V5n0I!O@5S598(dd?ju2?+T4}!V=HJ`HL^}pH|`hh3~^^#NyA^V1r_-lhw|<
zh9egE_Uq(UC4ou7xhsgP^Z$oESiNh99vLlDd!EdW(5(bF70b2Q7G$%R)r{6?(bvZ7
z-F&&!?RSQ0jmcP)KaIS#J!2cxA#!WmcRH&3Z`?R`H-fQZ<G6Inx#{!G_pC1EdjYEq
zno(S;42D^)t@&6p;8w5)eSbdgs{n%8q#>oVQ}Jz=xH@a*_~mcdf_g?3W(?t1p~M<~
z51P;{r39~C2tWeS_W~oi<V?}6&9XsqG+s@7%J3JC{JsU^p7E~gle&0etrLhme<=pi
zks}WPF+b792|y32$5tmtGdRn#gO<=<&-x12R`16dT5@p^G%v?#l%3Zh8^u`wqKH2{
z*6xfrZ0iT0iZsqq)sVz_m~zvPLCD=|7xzXR08Hv<#1Vk|4E`L3E&3ac?24lL7mTod
zADpvH<M${xD}}@sy`O<W8$D3~IeS+V?A`doQKI1zqwyIQI=SOXsY^=LS#_f;O6A>`
zX?E5M^XiU<P|5C#?Xa;|ZFsrO6y+HjZshJ;sZb-Pd`)&H=7l4FV*MS&*qVhT0VZ~M
zzvRe>F@f=+fJt0^d{i{9ePTUgRA5xJi4BQyA?@+6C<zIou{8-Fp%Jk^rT=Bo<{;e$
zvbVAMz|<2-UzQ}fmQ7a4ZbybzHTTO|PG4>3zCOAjOCBAZXRw(*nZZH{OsPAoAU0$I
zf1&YT)I=Q+S%X}iIjcHA$iNvld8#kol6^;VO;v?($y6vN=O>+j9fq0$lN2xvTD<&g
zL_@bH_YIx`51<j=d2?0`3M7<h9X)<^mD}rt%mI~r>hcOO;-hwUj{VwV;7Qk@>Ak?k
zChU#ubYG9x?q$F)|Na9=K!dMugv*DfG<H)#t;U^fP1x8vZ6}S}xVE)!SiIxwZLg1g
zj^5lmx#mdO`S|U@TkwVINH51!8EDYe?R#?_0}Iek2{f-yHR<z2$-kREKQHdmm)4pN
zx$-wic{=DLnAaX@K030lJj$ali@u5u8exi8C#P)-s`u`V;IxUzO|j%kHt!!tzTM#-
z*|4(SO!PmgG;}9(DGa%Nqh-8-(xxw}{VH*;bjwDGYhdoKfOY3u-QL!lCN<sKXF`qR
zlvNJi-+*IDVUM+^00pK8I_yIOdyfIkPNQyjS^m>z7n@HEPwGiAF6=2XP_uEklkB0k
zZMjO9Mos<de9NW+<=GwG<c?g<2bb==QtB=eez<UJ6gz^rl5G4Bi-47ze5<Wov;K(W
zgBn%RkEd18k2h0UQZMr5IHz{{h{^>~JEs=%6^+?fF@btS#l+!#L=_|>B|ct33f2U$
z4Sb8Z1b9R}GYu^6AyQi%bapfMx;Npv=e&-7l_c{fR{L(nuKf>r0N_59t-z;e>jfGy
zX3jaAOhWY<@N8jT0arVXoVMThRDb3vTc!t}Sw!nSEANo04E0Ln{g~(zo4CV@c3IMP
zWbyFc;RguRR0c8s1fG>iv$LAo<BOG&am@u=N&B?{Tq~&zd@7)d8oj^b-KAu{9KM5L
z&D<^qqY>1c=F5Gl^gkG4c~o#edapA69}IC_cs*ZJ%Ef^ffVx01A32IyaeC#`*UaCe
zRIF9$pk=mEI$*f-^?4touSzvmv;k!&Hoe}^N5WpA>fEz><kMVw*R(C}J%X%S8RBSO
zL(g~(jKzcYp|LqT$-P;6b!CRnWfK}Kn$Wy%-13KA34$Rm>$H^m;>Ir79Cfm`^B31l
z=4P+p*Hi@Y@~m8$N}(SL^Dv88%jKlO$9uDC-Yfu$heTlb37$tA^4^2oDLqfBc;f;c
z{Q!)%O>!HrF&g`m3cN8qHvE}dy{g-kFk)l?JEc)P5t?=0uVJ$vyXqPrjwlTtzjMsK
zJW9O;VkE2pVkFqqf64Ge<)MSGMwEJpK2gL-l=@R9BgMOP3K!eW)%zUtYatBl*;n$G
zHRz^Fzpk~94fc)eNx08e($8gL@O}4De9hTsL!O;^=TfY^(#Lr9?U93(MeB*)BO%-i
z<dh?9_N_l>lXCvj|6vexZVoetlTKCH+3%*G`U)RcMudN7Ce=6b>jEd5A^kUF_c&m@
zPVC9`LM%-;cM=URRCy6JD|6*lg|;bEaJ7+W4s|uA!RZRk$>fG%%PtH$&6rNk23Q4+
z`ptZh8mo3PFecfx&)Ze((PY*h?a!7vF8Vi#@ZY1mH|AP>;!A})`q`X6dr&&yM+xmy
zq|;D&^r-mS(O<8^$7^+dQx<eM&HUw=!y;Zgt<xzfA2YKnZ7p{%x{`n|7(X_vgmis0
zZNOIkfgoxQ5iSI`hnj}Ck05<Pl`ju0sDvX2Oj}9?&p}r9raqu8CQn8oENe(lkvq#f
z3}6K^i56zU>KZhCy2isesy2rd66?S`OodQf`_jdHD{bRm#FCoG9XJxz{wbZD1o0rt
zh&<4ONAwRXwg8s$$|hSL<IOAx3QcUH*8GJQS1nFOa)r&>!cZNbW4Ket1U>I#U6**X
zb$4sb`QM~B8HLf8A%@APPf5c(p1o{NtdQuP{YSc23ib8rZY!uI8jcaD?A==(zgKAP
zOHeceu@qFb1Kjg$1-OYOWCBHcyzs^1$Bf#?lxsQ<)@A>AUL9SiFLRxJm2;|7pY7Ir
zWV2iTsx~qW@!Z8sIes#-fawVl-2n`u-CnST!4)rH4ukgV{K4xSlO3lcBbyUHj9im+
zWYq2M<#a~&q+69i;2J_`>K#-1ysM@Y78tqVuBDFK8Kwu$bXqAsZJ?9<R-z&nW;enM
z|27_)&oHKjF3eJVRsr^X2%nh;7nc5Img2w23tE^R;PR2VHj?7U-a6R2edw1bPpe#r
zb3CGZupxh|cx&iB-mPvoAH`&-bUYV`&yIKV<G?6X|I&I~jagz9SlK8q32vj+)QWuy
zH63>}blXI9=h%0U(8!BZhmR`-o48((HH$F)mGR4*@<EMKJ0kS~nH$OTKSl((w<I8U
z!+FQoyXYXW?tN@=xzC^RFYQjITi4G%(M9AHA;;wJCsS@=Z>D-fAb633JLG)Hq2(bx
zT$A*xtKP5+(a{>~b?0h(mU0W~iiz=FLoMgzP{BDs_h{)wt4dtDZTZ_fxLfvX-OYVD
zeZCQ<MV`egA;f&$W#KDpmCAki=CbKR2F`lhhectisyM#g<{BlU$TZIRH)-8&EQb@H
z3abz(T2u~f9@7l;x0LB8md|_kP2uUR+iu8=&BLXuKRCDN$ME^tRtmiSu6*2b#%?T0
zi<k2{B}8JLE|uM$qs_lEy^Szz>B+DwR3Pn}GlMS0<6e&04i)>+;ipf%{nLyzJGWOJ
z!kfR!=`<GRSW6P~YUFJn2t6QC=~6^zV!KJN+*GH{@G2Yg=xS*aHQOVp&d%jl6b?qy
z=6@x<Fp7{Uq0Zj0{OVP!tQn3%k3p(CN8Ih?er3<d&D_6SL>poB{=6F%9cm=$czKw;
z5et-}{>Quu)=M^{^h<;MwD(j`>P1VHw~2omy1V}&VflaGjh^qO((7M;zMs?kd%vdk
zcD-FM$NIl+^6PzmF7N7hzg-_y_I^L&^ZTK9yZnvLuA^a5-tE4OzPLS<1CatlSv<Xu
zIJ%T8D&S$HpUfPMsHgWg6aDKu3HtXv!Jd#^l{(mVJUI2S_X_NHVJ~|o+s{OMs`32k
zjcbp`S~v7AU&%SwK)Ua*8zHk!_0#mZ%>w&O@4uOuv-DaZdJhP$mbKl2U#~}xrIopc
zgE*>jn=dzf{vR)2Xv|~1tL=8)haVRY{N$~*_Puff!qx2uOln!xsLeu+qCM=V7nr-)
zH7YG`mk{vOf?e+McJ2DDXVKyAmvo;ERP1V%K3Am*t?XWIS@gCG7MYP9)g|Tr{gEk5
z_A?{wD1OeN;3_TF?nO@&Xz8pJv^A$w$vz0xXu#-DpN_t??#AruTTaY=;S0JES%tn>
z>CBf#w0JM9=8{xQeEUbLjW@PMv_hm2*BU<brHk+d`D8)NB$Zq3PeF`u4m27qCYCoy
z93{3X%)<*wr3H024|Z=!LFX?DxVc{>1qW2+G4k-|0nEG#xcJ+Oizp=6Zgl+90GszT
zlSO8@O8yT7PO3!yfcLkGf$;+)=k_aQ(Yekp(wG?mRJPJ%m)S;)z57yQMatRrB}JbU
zyd<Vg?P(EF#Rtz}KqT(~To6Epev5z%m9?4CcBwf(WtlJ9&hg;Q&GMEU8br+LM$u?~
z6pShw`A<!Z#6Q6DsF7Xfxl7GJcG}q-gNyeU)UinbOoj!p?g2>kA99k_7vTMr9m~C3
zIH-G~E_CnHk}=n&d<@<5yhg8Sj*p@8?FX9Dl)<!F%^qFSras^8Suq#MBS-OM7HsA;
z%+)3tUZ@HRMg*Rtykh`0$RyzF{HOsWQoABi<b<pHsd?QOdS<9R*?tJ?pK~73*4J31
z2BERrmYo1iZhg~F*0&C`ri&BdwslQJ2!rqiGGrgD5WEQ>IGB%%N19b0PTe$`#z?cC
z4OJZjQ%vozuhZ;!^!ef_RP*@KH+0LzV1WLkaLOU~04%^(TrCFDcCY~WLd+UTdK@52
z<8Ckt^dihr^88b=^Drr0O2NVMH=lQK=m2Wgg|E7Mwm$e?igwb@q`Cwn1;zyZLBL2f
zBpNx92K5C`@saCYq;18}(VCmrq8YBN6sJX$Uz<uCYC*KWMxc-H$?D<$v>!n={*Xfg
zm&_re{H5k7#Y?xGIgccKM*twv{?+uMXe~*eB7|c5E8ICfPIV(<XPJBRmD=@=(B*<^
zrGh)57uU<SlCRWY7h7;ip5U3guaGa?<Ig#Zg9F}Q-nqiOp5obkyhq+WVt3_z6DAz`
zsO>=fNAADG==$^FehL{P+-o6iY=bWujfJjt2f!EV?2LB8x-i}|O0le1N5|EsbjqCG
zZ=n7dTzTlc@+JuQ>jc-j-z{ok)$8#x2M8G7A4HR=nl(9*M-{0D=VF$;mZA{dGj1h9
z)JIE3^v`LCldg3m7K1k_QWo-9iq1$GZsAQ3=2~&8YyTuMK@9`c3>~a1N>KHHHbJ#3
z4Xqk5K_#oK!`!FT4;!P}0x?15BmB&)8UQ1xy#2i(uV&Z)H5m9W(+&|)Wt}%xZn!GO
z3xT#(d)(w@p8QF5*GUa@TiONW@IQN*os?7olw3Kcg*j169V>po`eMT`gs54gb`1s%
z-O>|gN*-?q9zwM8qCPJ5%F_2Dt~?Oa;v+EWHEq`|nq5vuH}<CgM-NjL78a#X+EB(`
z-ys!Op;qKJdswmfJJF?fAYOo}^>p(h+jOs+?9B_CGn!nq6@I5tp0QW4x;TztJ1%vx
z5o|9XUd*;p)1Kjh95t%?+XEpqn%9meVfE6Hi$(i7xPy_o90^yT0t7%#I$5AM#Hatc
z8p(_I&Z}`tM?|5(c&-!4?;F-$uzAzD`)uf%HPSbQnh$kXsOxaG6z|R!bg0!=@0RLZ
zR9V|STm=BVo9NIiy@dS-7MB2ikXE27;qi;u+}M300qrz*);#@f28F|A(hO-s0{Ok7
zy0VRE*fJ!_(b`X^FopM*w#bNQmCJurk<lUeVM+&$0>~Q?^HKBJiOv6*hLMXR)-WlL
zzVpHgMQ&-y63O3+P`o`f&?5^rP5LFDhpt$Z=j3JDohg5rYlfVur!>(Ne<r7%HVyPs
zs^&#RT9|*6HtxO~OsS{eL-JK`(SwO7A;}&j?p}7nojl*Xsxa<;8^oodX`q~;#s3KV
z(Sr)lV<hrGY`l{J<{1Olx6V2^R81~jNY<VJ!+%1gL*>J*#)C1H(&PT_byot{pP^<@
zYM0QtqRQ1X($}zdFjuQ8wRpzQ=q@_=nB2(q!H^wM%@#9-s|ya#MXPiy1dXQqn9>`l
zS%`lqlvBm2CPb#IkTS(_D$*!G8Ohf;-?<?uu9briL7Jvb$7<Flnh4r!<UQJtN`2k+
ztzPxTK0C%K*oZ4LLGq}?+aKA8z)~{(`v#shoLyaMQiDiHAiRLKh(K;wlW6SL5QNEx
z<$!o_lv(X`>~<c=<mFbB4wG-}*6{`EUxfIV6Z0O8AAE4M0}rS!A3Ua8sUCqLSZt}&
z>c}D0m|Dg{Pw}Ibl-}aW?e^uj9)(AjiV(l<xXgn+f#KmN*6e}`-wwqcffC=LeMDL@
zj9x+KDv9xegK<hDcRZBJdPn{YYf9YkJ^;SlvpfpV6JG(QjVEyOP2I+=!3eHJ?upb0
z{t?qdWmkc^ierk;%t9%>(s?V<(GN?Sv#sM$z_~PK{o)`yLAuwI<^@|)bd5Ycxe@&!
z%a@j;tzk_-S?w17heiFagE|IrGbH^AEUtQm@kCWhQdKp`v7|~5D!q+Vj~P}1=R1SS
z6LUn=tLQ|vN5i<qmcS@Y{Y@VuU`<r${6~}J#|BLkA1him;Mzj5mV5v?+hlM?f=>au
z6hR+jIjn|;`(mPz`%IX4whWe^zA%|}0KpY_0D*O<h||yf6sv$E2(5q<Nbf`$6L0_l
zr=QOO6hRE}mIdP(nJbJVn2!wTB!5uVzg(BgtkDa$HJ4EtI!4ucF8+__oByf!K^Dj|
zhbrNyS1l;Am$ENdG6~vy3=f16a=`jbT7KHcI)TaHMl|LUAE(4*Wmn;oe8{Z4EXS;(
zSMgh!$(&im0`l&C<t|DVZZNrxKE*wsX*QyXeb*^O{hV{6P`vzFl&upj&-32XC)gZR
z5X6Qop{lKdYr;hy5Qts}MIE-I-3uUnv@bkRpB0*uD+`x&sTnK>;xhdg;_2WJLcWc!
za9oJA_VX|ms5w=RaLQvBJFEk1LREmy!d$`f%N-B(sCKi>H$j8<pi&+sLnRGQ?gOYg
zO?N@bRsLV{(vmA!0ol#Xz>F5<#V0z9`jPkFoUysmrK(mNaKU(0BC?x?3{cXFi*6);
z3DPrKume>f0gjP3%V$NC`$qXeO!j|jFvvSzt#(mbbhFyf1HQA(MemC6vf9{zS!%)s
zTVi*D7wdxf+i#QjWl)ZxygLR~r{{i-{W}1!le(ZMesCQ19Q!O-=^Wb==6^FBv{3_v
zv9RQ-$me}PX5yJInw*$O@>L9ga<|CG9m#8i3yN}AR)AcZIt$A9UA;#!R(a74L1DUH
z%tyuf5_454Kf{<-fOXU-UYd2Z?09XTTE#iaDhAY7F05;KHvbrd)pi$%)%NGVmzuIO
zTDS=*hz7;6`Ivloj6-8!@M#6Y;Pw9`><7c(hu6maiv)8M3GMHk8GIBL-TpQ_Q*2Af
zZi1)tE*&m4`GUT%=vZy|^`L?O2pkfd(ehprnbGo05S7v5oy}ym(E~)iFD<)yRsJIn
zupP10#&rM}i@L(%6ItB>^v_+OOf4J4Pg4U#5L*n1JA%xv@e4VE&<Z$$^o$k%8>SpS
zp$8BYF$Aa1On+$o;2c57*P61+F;~^scCh`J1<De6GMLUuc0qu_TtLzXk(6>EToX#=
z?!V3o<nEUwbGXKZ%?rA!yW~KrWfB%WBlnS<m!)^^6b<^vCFq_u5rI+goqMKUzK$!r
zf$|nQa4wNokI3BF_om;i-GkHR75>6tqkAl#nJBqJV0kTuE9e{We4(Y!EiLe3C`!|A
zV+Uw;v;sG~l%`zkG8lorAUo6Yr}9-TE#QLjYW&vf7&JghDM-1NI2B}Sc3}r9M*^54
zZ&A*Tqza6Uff!qoquuTosIJ#OD@wUuTIdEl*yN*saWznseiqA1xn{_#N$_Sk5Y2-(
z%lrc&J)G7d#TM|`p{y<m@^?)a(KQ)Iu0}y!5<f{vecU)Nu^3e@^k+*ME*QdWb|F97
zL^o6FdA8)iM3kIh2a<RtJL*iFV_s2|c(nuK($v~l!PxA*kM_#a>Ie>?N?<)Gj4+vP
zTYyp}u?DP=IF8h*kPt&1|5+;{OjP1&{@41b<3bYcB`Mcp7<6$-S{=&L?u(88WHovD
z>AbL5^QyV{{X)>O+x<u#CZD+d!&}sU5%K>@hrwH&#pt>HTe9<0uEjmdiaS>afpf!t
z+HrREK!A2T^Hx#Xeb?nje7umKRIRcY?Y6oBsZV)vC$H<$f^VO#2<<kmLijP1)!7b+
znvWpuHgDX|lJ^q>{*0LD7mAoY%y)5$m^@I5m_GD&6!D*@;k61lfWwF&|2O;zWA;F_
zJCvVYXiS%QyCK1%vLTpsNs5wS&U56p7e5z8w-?L3xm@MLXGF-5?bt30=dpS_hPd}B
zW1GuG(`7G7tg8DiLUKS4gC@Xhj<YapicWZd+YfvcJy8iGn!Nd@lH;V(T+CVY9z^Y;
zU#Lt)8Asr@NXB}MH-_YAv^`VZ4<kzL1NH77l6oT4XNDa$^l6!C(R^6IXbw2#Qz(b(
zF9A8p>Tm+_dLT>Y`h-a?jA<mPv1*QKg0-2dP62I2WH?GjHTyyJwGe?iZ3u*DdF8;_
z>X0O%uFqp23Y*#%2x^&c^CZ8U`Ua;z7J=Y@{gs72==crm^LO%C%`j&6_ap;#=hQ<I
zy+?_rRyJJ#DZnP4V+=MmBW%4Hio9r*aw>ipYq`;7;9yZ+o{(r50i@~2{Rq{XhF)#Z
z44czxZ`lQMDR;nmVC)2}7!fc&&Hp&>$CqsQ=tH`fhdPRnvkh~_I=;GHpZu%2ILHP)
z!6?opFVP8%wX`6jGcq%N_$o9vNbLqC5Ma;Hb%&S!r5aQAdv{WJFkxCHI*b8RZgy3N
zi<GgSe|8E%rg-5AW(u;{%v`i!1jkbd5$eTKNCY3X>n2=to^)uP(<jy!Nz}7Q)tRW9
zj0P~S_k2c6E@Mg=p0!|ioYl}|Mw6v8&_T&UVKAZX(ZS(SXtXi-U_pu9Mv5Ad0LDl_
zDo5<Qf!?YIU%lli=$Lkiyz@qR(d4w7Gx?K*!lVd9a~9!$42geo_&ZuftKlp4g%m3B
zPI%rkP-P;GsHj+G)qa-^l7y>at{LBvnTDd>@hfBQ$~UPPnsmxRTSNt*a>hrejioOD
zA*Wd?0)k<V{DL>CdcFK~l~De1pt^i6K3FYigAbB7Mw=C7d#6b3OJhYG<|T9Y=cwrM
z^TbC}B%H|b2Ar+HZ)sWuQ0YIy)N|?reN*k0hWjq)*{eSQAbvs%+b^2v!@<&|kc;r-
z%YCcw%9o{KLe?6Ph9#)oCU*o4);DC7yfKVW)n)`p_MUez$}6~l&h;Xl9AW!a9fRm%
z##ADw>k*`80vYvT?n#U*<uOP0*d;0drG__YLuH1KSyoi@+?{btsa@igr_DLi7p&Af
z2CFs*R38&#F~k}jMRQIG%O9WrmOKzinCyAg#HFh(uJen5q#g<0@GRHR$|+suW%`~D
zb=XIUY88P>J??3$ne0W&n)Etl1ZA5xu5|nUPK3`aR))0JUce4=LD%r-wAv{LDvume
zRFxmTW2*0%d~~2*1Er#w%NnKb-kf2eGoHzsrE#U&Va$U3TQAV{eW10pk=;1ml8nix
z{vB&%Gw0_l0m{b1f|dM-)jJDrS`CPFs*^2(s%Pvmv6e~Gf}LD`$my4u5e9h5OSV4(
zG@=ST+ZNJ^bI%@>*(pcxuU~IYuE|XGZAXzjrd(Zm;?Omk11y6O5}SpwKR$MGmknX+
z-rMY}3_F~E2oeFRjl~qR=%8&&&7%_E5UBO;MyoY$g&ILCK2JSN$a#*~FthYdM=xGC
z;W_F(bN}HD?j{$BV{EvmL!c0Jv}GZfvu#FLsJtg}29dwD6m1Nj>vnl4sl+W|T?*E-
zETB{BG36^ZzZ5cezDn>Pn}$R`)j7^vC+0V(!kvt+gemlIFDm2DTKAr@tZG^rx<mwJ
z{Ik`42Dk;Fv4wR}0Iqm3>`|fzOO&@HG&kzBSo7nk@tJFSZYkAyfS)wiLAki9K}L0{
z4&P^wmh@}wG>H8nYXFDoeykc&C1<Cjai8P{4O>r!K5`A#`Iw-B?@C#xO}QIq?N4r+
zQqzudB|$$p4iPY^Myz}_D1EG88R`kzSkBXmUqFTWv3NR6NqAOMItV>DQpx(z#Laf(
z7T*TmBxoJQH{)MEGA~@D7OmknmCbWxV<lT(oZ4AY7X7FFQxzJJD)4>6Hbz)+KnjJK
zm*EAMk{5evy*a9=cBqwFv|k$uoeUe8X4?Kv=rpKVWv%t34U#jPpx`=qk0*b}I%1CK
zLLO+@n(5s0!TFc>EU2<%!VW|GsaM`_wBMa^ej9VY(Vkmf1K~!Bzku_hHLKWw*_OM*
z9InZ(__o(u!XGYpQ$1Ms%kU*`l@Ks5G*;y&(Dj?G2i{+Pj0#%+xb}Rn`ui3%80N9#
z;e+zDopH*e%25=5Y}O{LzzcCGmIKK+!br))hLv#%pmqk);0Go-Gxfk1Md%K&Pz%vO
zbrM}(tRm9|u~j<BLMdA0oEb<Zg?og-C`j?k4;VY`F5r(=3;FN2!vu*V=TprNAS`<*
zTqI8lg-EOh_YEP3l2cyrj0sp-JkX36w;O81M-XunzHUXR7J8IfCBbD8-O!-yXr1-J
z`7Uil5G4VH-DMrsrh56&MriOkyhsN0wpT04TG==Aix66c5Fu+Z&?>gy0mnaSD}Y~F
zxp&P@0HefTBV}=J3zeoyF}J1u<<vGBUveQUDQRv!E;;y&W8*#-&Z7<@!x42s8;d69
zadm{S%m;d?&BNf>)p+vTR*Q!UN<T<QxLqpAql<jiu}Y73MYG`IH6->aC+3qvO)%#i
zVl9ztG?P<m@QDdd_?_dZ>tI4POOV{J`1z}aLF(0T@|VMfz<rM;ByR#zmPq7tjP~g2
z+fL9ReI2E33z!e-Ep130MEAjCHVORZ(D~+(MNH~N)Rl1)C^^d}3Rt}fj0t)yZQKxe
zfNpLyEk``ZXXDu$Izt6v6-*T#FINk~0{P?AQNaUmz(cn^ejF_bF}If+<hqcAceOZt
zJZ;FM;1jOcPcHOFl<?9rOYH@ncVfwJZlI34L@|aZqO1a(0&IQ^u--d#9o}DQy)nk^
zQ-6POmND*aiiBKR<o-rwD}OZ64{f@0r~MRO6&yr+a^9;y#~O{c&6qTLP_*bTt;Jp5
zL9U1Q*Or-v6L>k1t!n?wWEQ{aGR$e9D|+=%Xd~+i(pGYw;w*%&d|lDQ!g+@nVCxMU
z`y@I}<c}H+5u1PfGmv)NE<MA;PL#k<C1v{0&5^6{HqL&%1rV80`hTa(6{4jvPUCAD
za2eGU9XopRcBep-0ZlFw^@I6xIrOWcoMl!O!Rcu47*SqGB>)e57-?m%hHQhBvZKg{
z9tS>#j;dF{+z^0xFXT9GF`vURN-QyN$gd7gSy~<pc^`N!{%XZOv>g$aH%TMY@A@tW
zSM<O=YZ7(x1({?((h%;-j;nzE`H(8N45(Eqol5Tdp2)ax{A~L{65%>zCbvA*L22Cr
z2K+B**HVL^1>jARJ#j=AVHZkby+L5D(n^BpRpser?fBnDJ7x_4b34_7?g+{}rjDuw
zr}>hYHux>3V?xZ`JP2f0LS!kCp%!gDSbS~4*%Oqgw63+<wQgjTX$?ZVR4J&-W39Nn
zSAsfbTd<@(wVnek&#~71kp+XUXJEe%sx0J>9D@sgKj<9J;fCiz!(<BqH&JF3q51F0
z)?+?p+Rz<+zJqC+@*ngbZ5Nq-UV_uM&S%>5=vn3HaHg^xo&Hd4jwK(+n(;MvR7pJ&
z+<6XNdGN&;YVG-H<5QkYXsLgjh^r7A<9}-SKf#$&Us*n<9&IbiFD%c*e!V;l<NND~
z@X&g=+@1We=Mx}^Q=q?OAF8bAJv_hhhkv}cdAd3dGrGMLSqq|TQbJQA=_}`JUz@00
zDH_rL+n1>CRG(Wd$o}>o={jnDdt)+JEBjIYiF74C-8O?d@+qrSny-K_jy%;*oXw@m
zrtYB8rwDIX;YnS7Uc%_<YJdGGFci$t?@|774(G1@ewe(FSLe?JFEhJt;0trt>wWvU
zJABtZy~v#IWFF|{`*wDEe|x$Z;u!OCqc<L2fAgVb(f-3d*qw8i9Vo@;Qy=pk8H1MZ
zXE}`bxY2|Brhi}aMkt>eQJl$I)&ApJY&x;@wu)XX*GKL4k+E%l&sf=T7?E2*DIJOA
zjyRc+FpbOXIX{%iou$c2f-*ic6VExTx7+poSey8tQ_-~S#F(M~9b2d=mFiS4)|2Hs
zT{f=t7~OK&aYxC+oClg)PB7#936u1~NMg&$SovOhjtds%yCH&R|6%b#qIdkRU)sk+
zavB>}M@O_4Q>STky!L0=<c|qM(s@t3H(pgb^sT3`WmW!$*{L!|HKHL*?@PBcU|5Ui
z)_NvE#iWb)9#6ty6Zbl1_}Pi;lK|^6ZD(-QDZaF;*;rwA9-T(J!DV4S72{W)?cg7o
zdX}Sd3asoY-til&G8>!?m(CD2el`y>!xEmt6GU5bMlDwZ+0gC7P!<3%Pj5vs`nqy!
zi(r)Vu#Fh#IS}+!Nf-|J08ddL{Z8GQi`fkN`y^KLUJUow8PWnsg3Z()U1Vx)8FqJk
z`tuk#7J_MS#1$JU@e}9w(k-I+bNs#nc^6;AE~Q#?1rifr(O*JKhEVOQ-x&Mvr9{T%
zFWK%VkN_dir%~IqP3DiJ)2BkN+?|bZ$TRy2WMq=jS97!SShW9NBWD>D#}+JL+!nVG
zf(N$%f#9$>!GnA7#oaBizygayaF@kBxD(uMu>iqCf(3_=kh~@L-dFGEo2sdrIaS?f
z&P-1q`TDf}u#K2OCfYqO>pF4_TXclyJpH<d4iQHI$%-IZZ_kA+>gc7u2Qppc$4!2C
z*7Yb=p{TL;?{m~AlNIn+LuYNNOHUbNhq#pf10I=$W@k^KZJpY~xA_xnZKig>yz)@F
zCdA6LQfY<Y8`S5;jl~IV?Dc)Z@9xqq24`qx#%oNThERXgy(fKS9R{E^%vK6Kha=)l
zHzooT@lK>hBH+|q+FMWuVZGhH;7Jo7_>FWz{3Gr_;>8h$gxs%Q3~GzDo2KFNL?4J5
zlrm&@=Ucm9dQc}KaXQ8*%J*YFU%uLbQmw)|fn4iTW;&{M>P+Gj?Ec*`tp+xSaHJ27
zf&*>uWsa|=%uGOYuVLM$v?q@9PSAY=MyADC(EuD}Cnn)ZNSY;GAu=*CB`aN_8;bM*
zcv^wm#zR)zBCvx!nf2<uIkVFFX4=P!tV8jWa`^Y<{^za6=xI}`hg?`+OQcb9wGV<c
zll&bph$$5j3O+w7K*oXIjjl{tOTRLyR`n4D!SarcE^CV3brf~16^^ttNRHgw9TGKr
zf1CRRn=z+Cza+cC^nibNjW<>e4SVg{LGdcm3x3cSf4|_OE=(8LLw#2Geu}5o`N-;&
zYiZ+RNcGnup<a`zhh;Z=*k(ZUq%}K8y*JzxGbwfq!_`IQrjpi(y*kZN;me*k-2|Zl
z1X8l~i%UlQz48<2esm=_YLn{+4Z67iuThc0rIj;dCm8EZ5&pszCxtk!wboP<T_^jh
zj>#Nll1b`urIj92r@gGVPGc3rC{t%85zDGhE6{r}<l3^aN`$cqqp`{&^tkf52BHj~
zuCsC^eYCbCA?CQ!a#cqvp#hc#K=iNSRhUGV%WlTM>tHIqLkInp?SCV09+Z#h$M4IZ
zn$3i^mhStbKAo)$2ZX0T0u4pHT#tOLJaM5MG*5POU-34jsh7ay&+Ok?%|A??u%@kQ
zPf9fYdh$E`>vvn#Vy@hz4LoN?Yl7AH?qW&}P7c(XG2bLRe$r?X)hZc5rdKnhgW?tA
z?(0<rDl)huEt4IFULDyxxu}N*y%J$9rMGdhFP5Ns+=jGuVz^7#X#>$JSc0w{;e$$0
zsE{j=Br2$7(Sbc+|Mi1hd~cI8@47W(-0~w)Z@tyy@;uTVZ({!^`%v|v*7{TUb*9|<
zkM;JKxS?F+)T;RbJD6Oqa(z>Lsz*zAmdVLbwuJnhFOZb(sJ@e7V{-qZOcV@6dxcF!
z&RkCR%X1U06m-LR%fF+@C3y9QY3dvp9()&KV0O^>oiTwTWk_(r@Kc8ybOxFx4ii14
zz#vd)Y^Reqm%YxRTrDG^NGVpW9B^qcmL`Co+ai`GMx5(NuvQn{B$Cd>a|!2!KfK7|
zO?<HjRc|^zmS{)UguZ4w9el0iwzU)f-U2C66Bk1hnr(|~T15x*1$atR0q>5F^w{LZ
za-f)b=S6LAE}R`v1&v*3WaAW$#@~w*ZyN;sA8g^;(XiUdS`$Ec`f+To(A|Nv*@6FH
z&3>_rB+?2dm#-4OVU}qt<mA`p1lHn(6a%WrFteIi_zKaL>-@&^kW`@r=Y0f_91ePt
zI##GP)n(CH;79uJcr*900FO%x)QCaw1ng$C0}DLt-21k+e1cIk=4@WXdK;tP@Q#>&
zAL9RxM0d;Lb;@QP{tK3ukIVubh96nL9@{7N$SewGv8*&!`sFYp)P!iQV{mZ-fEeiM
z;mJ~=xHwiCbYWnQ<RXtxU1g3M`UmA<S?FdftYiRWUNTwnqf0ywqUJvE9?sA^qYJRj
zWZ3s^#J(l$2T!J#Q@zM&QOgs2%342siwDCLf5i5(S)}pVo^R1C;Ha0z8cd(cvJ(z<
zL4;EDr3L+)$n#ij2fbxKwA_j@a0fT1h8_#|;ZLW=N{(B9QHROa=I?O+$bqT9ErGkp
zjmMNpdzk5TB7afl`mj7C%9Q@Q@mYN<7+Rvv#{uH3_PaN9HG6;|msV`i%C`KvX=hg>
zoVQE8z>F_X<yj|FdaVe4IP=u0LsMKPo;;PAj}R-yp+WR{o2<fQv-`9**`pb-R1k?w
z7L(tcup4tSDvey)=m>+Dl&}%$vC?@s$gtisnILf<)Q>u%y<^Xe&$_t`^2|W<@7#4L
zz2akWxg$yx48(lmHz2wlD2Bd=w~2ZI>12H0wY`VO;?nkna}Q7QdMaT2^O-aY%2w3C
zifR?TBq)*nEW=zt50Io2KakMHx)M8Z&wi(jXIo%<m0V<qI%`?_@E@xn<=f^WV5ng2
zYnrDRJ)+gek)r6o7g*M&Y3I!>wGVhgGXu9`%lz<^fpDkY{c0%_s*LuLbb&j~XS-nx
zT8@Af^^#wHC}#W%D?-}Oz1C4cD6upb*ROSrb*Nc7B%Z|*v1?SNwHk{f#VP~MPu0<-
z<8ZBousxn5OVaqn_oFxdX(JE!niS;CV6>p+eB)ZW)9!~o<0cdGMPdx+G6IW@3XgX3
zgL}13@h$;F=l2|6M&}gi{!8Jvu0!)2_Fl*Co^6`Ins`0Lc^hg-tyQ)AnO{C=9a^@F
zBz`Lq2|sKDRIfq|seSslj%8}%ABdG};*CPILv*WIK9J0qp!fM7ht>Nc#GGZ}D&G0h
z2$j*CJ8GDunpL}|cNL50l;w-OSmjmOmeqHOz8pHK9UV@6?x_`3*+kX1>ar#q^+FX@
zYeM{*daVMp*ltMMk3L|QDHkC{p~&`XixDQ|>L#tki=@bgfyy?d%8yZ}lc?E+E<%q_
z7kG1BMf#kkRClBX*qq_*`i84iO(<W4OgqMopqxBKS-OIpWYMC?P{p)fgR4|)v#ZP)
zu?~W0qovDRYEw1lW)Wvpd#`o;|L1R4pgYpzO`Xh9zStnRDcUT8sFzu2;+c4}Nc^ug
zDMaZHH+!$xZZeH3OM5Rz3;?fEO?<_o8*nY$klJWIVh_pQs|y`KgHRKXb>%%$raQs~
z{Cq}jyodKa{PLU>VX6e9&rXvyE+8p_IbGYP^@)PN;DX=T0tVC(Z$s;4ZJjIGuZMkf
zjRWh$E|uK$(1e6sQDAQRl+~NZ5?p$y$P2-KkCQIr&!nbhV6qLqSv#W{V$fp1Y9XtF
z2Rl^xL1zJT&?V<tXLoP=;k|7}6Bp+FpjW%o2Cnzz?@v>}(o1~dd`QH)r%Z;ni8N$w
zaQBN>LVqU%Nmdq}C^a=VYX$ZNPC534ga(O~J$OBPxIAIt+|#)D;4^Yk7M)M1z?ufh
z9ydi!P&szvTZ;;8cR(V}EcDvSd#Ak$N&jsy;V=jx78mtt@>EMvHBmfCZv9(`G@=L~
zDIjHvDj<b{d>!BsOGeA-0;|;QZN<~C<+~1e3BLXvUB3B@oaH*;S)}~oZ41UfUtjJe
zM#l;XLJDCR7&#@RnA~azD?wr#GNXgFMGqr3dT2shfh>c_;WItKsTP9+aI|)^a-{`)
z?#g*M_JLMExRU<_S;x-(HLH$Y5xc53Yz#nNIq!Lxefz$O|IK3?k58%wCdNvbN1cGG
ziE9W?EZT-})Yu2bj!9DH1fvC8$r^mDiT}80S2;~jHH0W04jgTDxmLy<T|nyQOF$X(
zDB>Os<X4QiN_r=XB_Q=mQcX3np%uj*tfHDYWkxSwfz2l%g>RdUc(2MGiByQXTFv@V
z5n@E4pHJ@)kBvV1tS2m{YdhCfA`j&P@*UZ4z=T-ov+JX+tOLj|Ao=%S#I0TKumz+_
zYX{(7LS0J*g)qW!qH1-MNQ8kbn;(iG45S19(Lh9U#=^64Hx$DmFSvNse8(*}HXvBE
zg^~JCwzBAY*XunmLaT&9xlej8e;yjU^^|wn*mx~*mF+7jGIa>(Gs-Wd+QnTwLWtv@
zPmKIMmi~R@JNq>sc2<lM({FRE%63v09Bo^4C#t(H6Z$L=F$!aR0-f^I#SxLTVMH=d
z191QjG7SRj_l+Ne1wc>Xlx9-cW&!=Ezr?1{m~&>pXi@G2_@6KN(c3h{Nr^IIc!YQe
zg8YCcR0Za~!4)BpS3h7VlokgmIA;R*Pm~T4;<!)_rt{Ocs@ndSKmdl>Fb(&4YOw)Q
z4lU?^34~sL*h}7zPS(G*@Cic!J<(DbQC;<D+&2r^qm40FR~${pyCULMm@BN)NG0rF
z8^HgJ2_47P-Gi{#hD5K>HU4k{Oq52Jht~dhJdDxXr+j%knYkmVG~CtW^hEf`Tds4s
zw@Y~s>=m%Mp>`Yp{Qfa2EOdBS=vAp*ru$GV-*Sa;jCz@vcm8%PA$fuB(eK%Gk|Equ
zzfFF}Cp1)x7IL^M6KL$x2Ue?azVwP5aaH#r19zqm(j3gV(>`TCd8~cJBHE(u&$1Hg
z%|vR~OS@RN#w5%2ZL@`J6AM;8*1yJZ<>e!fSZtAx$Te!RJ|r4-dOEz}LCnj$`Zdb!
zD1hO8rF~g2s~l!(s9Qcmi`gdg?XS5SJWvq)7hmnCOQD0+<!UoSQmr?IzPgyf)MkR~
z=hHMXf@~a3QGYVW?}Ce9l%hwjhJ9iy<l(Y+h#)o?x>yE*2{kGiN+e!LRr|LGFN&1t
zMAv`$18wG$|M-I$1s{Sxh&}hG@PFhFIKt+y69SN@^k`~5lR*9j^Vl4CpTU7)rm)br
z<|b$QZpBhQfZxKUeC-e!La?Pp-b~qPjgF#6#AJBdY?Bil_Uep-;3^ACof%(M?30so
z25t;wb)8J^?H&A?l&=wGZ5FV=ui#9?h#p%diHWc=e{RYJD-^g!aF62qGxs=G@bCDX
z5BN>3u9Ih5t3~A+$;Y%U6RnU++{I@GrORHee1P9NW_HmMlG}CG#Y!(nKi=g%laqH%
z$33`0tP>rn;rVg4sTwgCwDC)aT1e2RjwUFPX6(Dv6n8HfMt8#KU%LbLo+AdPqa(*j
z6?@lsef;Y8B`FFgS7Q}hb|`870{TaCEnYMR+`;>mKvIEks`gg20UxroRlX(gj>$RX
z5!u~i?$I9vZg3u-upM`+R=FC}ALqg4gIeA)(8z`YM5q#01YYK#G?N!GGzD;hX&wng
zf+kQ=fku6B-Y12&ZCC!+v}9BSRtXESjqqcCkIu`GQ%~F5vu+Gi;dFjXREJ-oJ_dG3
z<C)s}IDNWeVZhuh3@YCqqG|0Ci1moSisx0Z4|zjcHX*(C6@4IbU<9hS?#e;lHR~8^
z`$Z7HA6s2m;&K{wUw<k<`F?EjTHA_~thd;ZO4d7?j)jAY2b-R0(s!6_A?l6`R8mw1
zlH>T)Vb&?7DQh!M`PCTQ+hX=K`@E#XgrEWD<g)bU#e^>0N3K|+in6B07|Ul`A{_X$
zu1>y$YHC>kz8?3=S+-c+FBjmSoKuVb`HCz~rCA^aua;x0Qz$M`9Z>Ou2&M3XclQvG
z?>_WW!zIF`V3z>dry};dWcor-cgK0`9bQJ`RVU$u3P)yXF%4_W;J{_}jk$48gPq}%
zIJIldoOSK|Y3#NeWP`Df+cO#e(1((dcx9F>P$cslSO%aC0x2K)Ef$^@t6<F0s=+x!
zH+HcX94)rLok*2;+YGxSvtI_`ilYY;xVe<!#VXY0((sUXr$v6dw~}!$5I-ojpr_mD
z$M25_6`(Xx_V`Gx3t{_b#2)-Lvo){*X&Js2@n)K#vm>C>43;J<uKJ8f!ocB)zlR4r
zz4-aWeNZRiu-=x#uM@DqEqu!ghe`#!Fx1E1`_sk9Um_<;|JnH5HJVRod@FCfAQxG7
zf0iZnz*!p93uI)h@!<O&B3WiTe4dIUfS%!y_r@f~6Pw=!KQVG&kXR3~UEsd=_Yp~|
znSI2F0y5s5U+_X05g*&18waM$5w+G5t4rO)dPIIAjSk*L-~~`~Pkft}so5$}(to2a
z+)g)K=iXgzez}fCU(sH7pM$h$R%`*8^bP(I?wRqdsJgU;W&Xvpfuu+FKxH(ErDL!j
zv@9i6t;P)?B9|jTq4`6cJX!T}TfXkc#0SRoQVi9lCfQdzr+)8O<j#~99Vz&^ObwVy
zQs?@qW~01Fhwfk-JHiuhUtIq(By9-X(s&);%~ms~Voy*_%V_@1?k{>ETAe~Ayf&g!
z*oFSw1nn1MszI?v+hUihVDq?#4*|hxN_>mHbZi&Sl?Fdqo!L+EElHkBAhn<<f{6xg
zijRKMv$^#!h2RX=g_z9+T4Mk7GD-(I!Wv5G8Jn3CV+<tH4Q;GC9m~Xpr93<<+QpT~
zAU^!n*CnS3afuuT5<|#ij5D?FyzH3+0Vfu+Gs#@Iroct^;1#~FZEyQJyxKa#MtAbg
zr&jz2ja=nLdkEo_^^4F}o}0njr~~iBo9Kl7ma+C{ERtl)=Ywp`ckZ~ljv<Fc_2|i)
zHD+29?*RB#uQvlLdeF`7u~>G8I|%y7rGI3YW{P@BB$QHIe-o&WptF*xQ$sVtvQ{v-
zWm}OJ%C}e>G6NI_D!-8OF}$xQYi@oK&)-5e8}|&s0~g}f1PeWPokRZZ_&C!uds1(y
zye24(<3Ct4_<B>;Bo#%yn~*cvTB+0uBWZMEEQ;f#vV?Hy(>y2%J<aXq+TS24@k!95
zh2xr{ox&edp)<0D1Fs>oVwMJUCM`v_2I0g(A8t4!rSL2isyZ9Q$IT;XqtLU_WhTYn
zvFGDP<oxyT5ZM{tEunP2#3&t{;2WSOKk&>$2t)}!`<FZ<Q~xCoJXuD6$pcXrf;@o7
zR_S^7b4qNHcy<1w2Y~(tWw)zWO&9VG?zSq#AsG>zvWu9lUYd3ASXP}yc!nT9D9muT
zkQWXGBvi}Y!>Xr3bxVQO2Nf({`q}JDc_Mpz5jKQF{wCF9{fE3|Y=%dcTJgDQ6iX)|
zaMJ@uIn?s*!U~~IQhE_73`QCnXy7zinM&L9m32W)BFTv4MsJ|5uP8Fj3e_Ytk_1-i
za`h1fkN0nbBTq7=GylqVe-6Gkli5>9^3YDtRb2*X8D}lDON@%c)(Q0$zOHR)dH}dk
z)p*dofly(2V0y;EI@SG9)^chi4WQkMt87r{LN)=lpIlqYn?*Y1b@hq<=8(rT6=Y#>
zR%Gkde@$!ZrrQK_yP|!_C^n9-H6keMvGj5DMM|Mnru^NPP>gomGGRRa^HyPg$hrF6
zMCa>WoK-wM=P1EV-!8aVyE`lWxEqVQ!DLEloQ+^<R~0ms@w@NR{8^6)`EqOY@Ti!m
zMOrFpf69DcDW;@&^?XxNq~6*eor$0~Z-IxB)k>|5qE>bAti>09b2D&8bN~KzIpl-(
Xc*ykqp+zLf{qrX(4IhaP3+aCVvOj~)

literal 0
HcmV?d00001

diff --git a/assets/fleet/fleet-100.0.4+up0.3.10-rc1.tgz b/assets/fleet/fleet-100.0.4+up0.3.10-rc1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..e938c4916ead4e27e0ad3b71a3ed7cb2d3222139
GIT binary patch
literal 3452
zcmV-?4TJI@iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH;Na@#nP^P5l6C)ZVWa~4I(vYcbhrq1Wd?4>S~aoL&K+uGVn
zL1arp3;`Sfl;ZX1p8X0RqDYFe9NCd?XVgDr6KFJ=KzE}XXmG?3b?0J2qz-S%lzsCR
zAc~@B(C^#7Q54nxc6+C1-*o%E)3ffNJBS9~MBUy=bovcMUxS%C<Vq9yP4wu#>M!?C
z0)%s+iKc?9H~>h9CQOXOglNq$q@qJ|E!vbTO&E*8ic33@>7S-VCzHk&2}(^z6w??a
z;mHJLBN~3rP|_)KO;`*qEpu!&B2H+UBEJ`flPRi<Bp8D$Y&%BPt<pGcY$8+)jPm?*
zV{L|VO0{YiSjTh9Q!!V~*iy`BimE-H$ruurD~(cxmWLABtV>unA>BqA5*ZSOZSyLA
zoCA{4pHV6*cnq^%K(efOjKY(!8?|N94N}aIr^pkEDh}F^2%b`HvBp%3OohnFkYO4C
zIO=1nKZ#)gATbk)Y9Vi97*U3CrxSJ(V+>TsBc-SkNi#?9d&3s|KsXtrgf{${>K`)&
zM8kDL7zQ*kSQD)?6?Z(L&<lYTCZ$lT4ijUcI&OH>Y#fx|dA5ARZWM)4*#EaYE4}M;
ztIKZ=oc*5>mZSPw3&0lpe{ynmTDSkF{lUTh?*r(Rj4`g60<W=7LjwR!#xcxFY6xK4
zUFM8k3PzLL7~YQF3w<e3A=g1b#>n;Ct+d+~Z>JuP;CmsLwiYCgsnXIeWS}PqSw3Vm
zfuFA4ff(76|IUXfIcijJe)$#@${9+S=1Rj5L7|2TN(_$R&1W*r7_RIXx`Hqf(|FMD
zpBTG*ZJYme^)7~1YdbeM1>}iHF$Jq@OQtT)znHzZBVahvfYVIh0@Xkj5T)`drl2QO
z)hT^=cWqD<9dk@!cnbvP$QaykG3Rh`9<E;J;(Ylw=aA-}f2AemV;Bhu6EO!d(#XNi
zn*ucvIZN&QN(}@iNTePj(M|v^CYan%{+4T$GrP)nPp6jtUnZz0DB)J*FehAt7C;yi
z^I{D1Oz_%33Q!p)baZP5j7nf+h)jh69djY^!Zo}qHF;+dVi*yo&~$5N^l$3#kV*0R
z){k*;<R0C8$DPi%xk71{q}TuPZAO%u3z@!-zs)6k9e-<H^tB<Ci0PDo!i-3wF$G4I
zHglPZDWP0}kU%paX(~}ERG=qB!<;e(TxiG@I>9hK2V7h_4!XUw(5!k<=hbmHTK#+0
z3%djR(Cr;}|J^*ja*u=KP|cF#&<|V4L_$~)4295U6f&cJNAO{SQ20nCR)z@1ze^<A
zcOX2qTv;N;Oe`_oWT3<pDEGdEce<Q1yS~@^n;Xfsge{&E9xG7ybVm3w(2<jJOVi4>
ztxj=7a%N?w=H^+-?^k@aTDIxAl~5~VX==O`@6Up!)ADenm@#o{@YWa$;e+Yl%BZqL
z1xL$4&e$y!<Lx*)2C82u<B5&vc&SKcbWNwWDiw3Cv_vv3{6$NZa!XiEgbuys^sk{X
zk*NK{(3;U0ro=Q205YN{%4zSIi6LR$o7c=*U;sBp-?^dlN^<Mf{RrNR6umy#iOEE2
zj0zod<DeUiD;%vX;!R;<j8~V6M0JePw8uG3vBO1*ZG{XI^WL4{=qNBn*S18+815E^
z;ybS~rVccr#-Ny?7YvO`!5<|4l2eHli}w0Y&<zKF3_O;NTi|bh4+7`vns@cyZVV<~
z2!a%c`FLpq?87^pA&Vh8c#}*2PvbOWM5F3_oFL0g@S?LPa|O4>|Iwgd^Z)vTv;M*V
z+Xvj;wT(Tc9HHe*#7A#lKl;V@wgv6QA~1+_1mVvvRB%RS8NW6fm!erFDc2)t{j2J<
zb|QdGVe!yf@q;{F`#-q5>%0v9;-dBHvSN&Xv33}HV@;h6@2wG1$ALi^qVYpqammaW
z+cX#Qh6$1y({3Ce<C!HBOmk+OFSBe2g=LDt%Z}%7ImouMZB1l}xO=BI+@P_^<y{J6
z?XAlg`?jV4M<YzkTJT<6`~FR_$P7JWVOwv0$q8%KN2ZYt<?XWLp=#P!yCfw_&n>eD
zcsi)tf9JAHN%n-B0o&~V*;%({|4)0-A^zVBRJItq!42hU3>Q`iejr&eMNLwoNnGq5
z`W;}wwG@n@43^bSa$@+^x|?_Q7ofG;324R8y1Rp=tlhKTgs@oL-7Qy&6@_rMk+4|A
zjToAY7mL>Mdhe^91kXo9<Jy)3R4A2Ven+7oP^xKcadGY%3<rJW39PldIA3GA7CF~C
zY``c}*b)!7Vp!4Ig1cB0RErSDwD*MoEgN`L`71C(TUlZapk=0T6S}FZV!NPc6TYjh
zws4VAD~9GKuDaT!h*UTAQy^5^Rin*KjjLEC3ag==<8UIx%@rm{n<Q+#zC7JyswesI
zr>l3D5=ZoNwP~$#v1r+5i)HLnxBo5#HbLLhEdX2We{XP7_y14(z23q8?*q#ApJbWp
z6pO%jg(N&=6;K%_vE8NcLB16;dr0Va;k>w#ENf^E#j@ZVmU=Y6Dl|4z0a!9(z*G^+
zQ5G$Y4?A0tY5UiCfBwUp>&x?tH${ziy1$oV8kY(IMig0kg`;YzFTW&u5*N&`>_&lG
zi=x~<<YKYL(0_gSaQX4_>c{{2Yn>xwydT#7`Y{CF|M-B`e&4d(ei<f|irf(cy!eu}
zzvzP2)_t%Gf2~@RF)S7@iXJz}XoaEj$wF(5VuL48G`BmyJS|I+?W&=t+H~99r|M|8
z+qQ7Mq|I=KtW<t?2fyS(W0jiS%i1ylo(nECl$M3k!SEVORGIR&!`e(*p`6hK&yz&t
zZjIYG>a`8PJD@yadAcbQ4dGYdl&8owyn^-ZhcY==4O;w_Oj$F=uTZB|d5_9w;s)L-
z!TL7#%G(Bw+?5eFGPe)=Utj;_kR(ri4!rgJw_88|?RO97zx#pm`ful+<a#0`{f8CK
z@aC0rnJdf4&<6^F;X}LvnKPG@LNfYiDRQ?#-}VV8tLzth(xF5y6Z9A_UK(>gLpdxJ
ztkJ1u*z8Ki9;wt?7HhY%kKWV~XX@0BL|wq*C>A>{4<WX3YS#PkTb@!d&w8m~NO?;6
z*p;s^YE?C6f_A$d>@Fw&=?FhaTm(b!S}ouIp56k0b)nqspytC*m}o1FuGw{E_1fIB
za?*Ks7hbtct*{i+?KDP@RiY*VyHBWg<?-uJ;MbbDM@sGk-nd=F`5ULnnV<*Rr9J6c
zndz^maiv~%p1~50hiKt*FQ)&5Q1}0;>)g|Lf?NE*sCQEL{|3F&!~V}+pmG1drkxKk
z{A;#rcUmQ#f9}Eg9e~sSO3L?>-v-&H|K0WTzo_3m=>I<8-YW*(us5h)0JtdB)TPbI
zoWmzER4^n8QxM#Qc7QW9F;eBS!K_C1xnKMM7Mk?`sc!>pJOA&lt^cPdQFPG%eSn+t
zO-cI2MWJPWzE#~o<Bb-4QzKW~&NXGK()4tf+|=Js&h~F24Y!hQ``p5PfUVGE|DQS=
zc$@uS&;LE^pB(o8_X3Cf-$VZIA^-RH3-{aq($Uc)!hx;+e-u^ie=j;YIqd)K1)lVD
z#D@$1Bm|&#7UI%NT0^3fiA$%coQk;W7oWsXxm2Fwc*NJ(Gm~bTo5^J&-9XNG|1VaL
zV=O<-4U@a{=Z|=w@C{aHdS6Vme$KwJ6OXA{Yb70}iOzjRt?Smy)^p460Uierw*Njq
zV3%cJ+x~CASGWJ&!P#N|cQ5cY&YPVWwY|hV<r%YIU{>eJ#tLmXQC|DlP3;63){l_k
z_vhQ*um4YT8(@q6_fC8Ly8qW59Q?n%z>fL<OGW&mtbgxPw06t(FSV{_`8Q=Dmz2Kg
z8h|kyJ}v!=uB4Uor;TH^F)!WMyTtTXDT#i~CM{X4<&>|oBuhox(#e|=${RDn9irc;
zw*yhB+HFi6xy@tZ>(|GmawP+{T+4vXS2N(A>lyIiD;nD`X~4FN8t|~Y7Iix77dCbv
z)Npa5nM%XujRsjc<n90e%-eq|xPSfkruC6W!Q1@*-XL1v|37^Hb1!gT&eryIKNC{>
zMRjR^CR%6hSCQ9HgAl{&Q3@>*!D9Guak*4tBFCsNJ)%Xex)YVv|GCHOw+0W=|3_wn
zZqxs${{6>ZH|ieF|MmjA<!pL0@Z8KF;L*^e|KSAL)O{G@N&48P|EKHs|9hv0{lC4y
z5nK|jQM&VOH|a2+ActX2SxWgBGLqboF{&^)avwodd1e=WP!nVf#!L)d%uo6F7$h>H
z=?v{B2}|XKr@;|$9J{X}{vop;q`(yBR8Qbv{usiKoZZ^5A7+jv$j~0oV;F?rU4OjR
z!hQhtLQJQE!_ODjkW#4v6Kr?vuVX(5hyRcr`@1Zdj63FM`KV^Rvm!Jk$xWWw?_aCn
zWvJ#^@G=~do8V=rr{;el={R`#zrhjwOe7V#g16tjQGtoWK4GGRkfumF4qb{*K{!*1
eNU`(Wb9;aT9N+-=!T$vS0RR6A%p`jNWB>rnjoGgN

literal 0
HcmV?d00001

diff --git a/charts/fleet-agent/100.0.4+up0.3.10-rc1/Chart.yaml b/charts/fleet-agent/100.0.4+up0.3.10-rc1/Chart.yaml
new file mode 100644
index 000000000..173dbfb83
--- /dev/null
+++ b/charts/fleet-agent/100.0.4+up0.3.10-rc1/Chart.yaml
@@ -0,0 +1,13 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-fleet-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/release-name: fleet-agent
+apiVersion: v2
+appVersion: 0.3.10-rc1
+description: Fleet Manager Agent - GitOps at Scale
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet-agent
+version: 100.0.4+up0.3.10-rc1
diff --git a/charts/fleet-agent/100.0.4+up0.3.10-rc1/README.md b/charts/fleet-agent/100.0.4+up0.3.10-rc1/README.md
new file mode 100644
index 000000000..0f3446a38
--- /dev/null
+++ b/charts/fleet-agent/100.0.4+up0.3.10-rc1/README.md
@@ -0,0 +1,3 @@
+Standalone Fleet users use this chart for agent-based registration [docs/agent-initiated.md](/docs/agent-initiated.md).
+Fleet in Rancher does not use this chart, but creates the agent deployments programmatically.
+
diff --git a/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/_helpers.tpl b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/_helpers.tpl
new file mode 100644
index 000000000..6cd96c3ac
--- /dev/null
+++ b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/configmap.yaml b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/configmap.yaml
new file mode 100644
index 000000000..ce61a8756
--- /dev/null
+++ b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/configmap.yaml
@@ -0,0 +1,12 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: fleet-agent
+data:
+  config: |-
+    {
+      {{ if .Values.labels }}
+      "labels":{{toJson .Values.labels}},
+      {{ end }}
+      "clientID":"{{.Values.clientID}}"
+    }
diff --git a/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/deployment.yaml b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/deployment.yaml
new file mode 100644
index 000000000..1bf359ef7
--- /dev/null
+++ b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/deployment.yaml
@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fleet-agent
+spec:
+  selector:
+    matchLabels:
+      app: fleet-agent
+  template:
+    metadata:
+      labels:
+        app: fleet-agent
+    spec:
+      containers:
+      - env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: '{{ template "system_default_registry" . }}{{.Values.image.repository}}:{{.Values.image.tag}}'
+        name: fleet-agent
+        command:
+        - fleetagent
+        {{- if .Values.debug }}
+        - --debug
+        - --debug-level
+        - {{ quote .Values.debugLevel }}
+        {{- end }}
+      serviceAccountName: fleet-agent
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.fleetAgent.nodeSelector }}
+{{ toYaml .Values.fleetAgent.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.fleetAgent.tolerations }}
+{{ toYaml .Values.fleetAgent.tolerations | indent 8 }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/network_policy_allow_all.yaml b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/network_policy_allow_all.yaml
new file mode 100644
index 000000000..a72109a06
--- /dev/null
+++ b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ .Values.internal.systemNamespace }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
diff --git a/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/patch_default_serviceaccount.yaml b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/patch_default_serviceaccount.yaml
new file mode 100644
index 000000000..aad4eea41
--- /dev/null
+++ b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,28 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-fleet-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    spec:
+      serviceAccountName: fleet-agent
+      restartPolicy: Never
+      containers:
+      - name: sa
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", {{ .Values.internal.systemNamespace }}]
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.kubectl.nodeSelector }}
+{{ toYaml .Values.kubectl.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.kubectl.tolerations }}
+{{ toYaml .Values.kubectl.tolerations | indent 8 }}
+{{- end }}
+  backoffLimit: 1
diff --git a/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/rbac.yaml b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/rbac.yaml
new file mode 100644
index 000000000..805949bf2
--- /dev/null
+++ b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/rbac.yaml
@@ -0,0 +1,25 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-agent-system-fleet-agent-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-agent-system-fleet-agent-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-agent-system-fleet-agent-role
+subjects:
+- kind: ServiceAccount
+  name: fleet-agent
+  namespace: {{.Release.Namespace}}
diff --git a/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/secret.yaml b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/secret.yaml
new file mode 100644
index 000000000..471588204
--- /dev/null
+++ b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/secret.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+data:
+  systemRegistrationNamespace: "{{b64enc .Values.systemRegistrationNamespace}}"
+  clusterNamespace: "{{b64enc .Values.clusterNamespace}}"
+  token: "{{b64enc .Values.token}}"
+  apiServerURL: "{{b64enc .Values.apiServerURL}}"
+  apiServerCA: "{{b64enc .Values.apiServerCA}}"
+kind: Secret
+metadata:
+  name: fleet-agent-bootstrap
diff --git a/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/serviceaccount.yaml b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/serviceaccount.yaml
new file mode 100644
index 000000000..73e27f0be
--- /dev/null
+++ b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-agent
diff --git a/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/validate.yaml b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/validate.yaml
new file mode 100644
index 000000000..d53ff1c50
--- /dev/null
+++ b/charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/validate.yaml
@@ -0,0 +1,11 @@
+{{if ne .Release.Namespace .Values.internal.systemNamespace }}
+{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.systemNamespace) }}
+{{end}}
+
+{{if ne .Release.Name .Values.internal.managedReleaseName }}
+{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.managedReleaseName) }}
+{{end}}
+
+{{if not .Values.apiServerURL }}
+{{ fail "apiServerURL is required to be set, and most likely also apiServerCA" }}
+{{end}}
diff --git a/charts/fleet-agent/100.0.4+up0.3.10-rc1/values.yaml b/charts/fleet-agent/100.0.4+up0.3.10-rc1/values.yaml
new file mode 100644
index 000000000..140c2b6cc
--- /dev/null
+++ b/charts/fleet-agent/100.0.4+up0.3.10-rc1/values.yaml
@@ -0,0 +1,63 @@
+image:
+  os: "windows,linux"
+  repository: rancher/fleet-agent
+  tag: v0.3.10-rc1
+
+# The public URL of the Kubernetes API server running the Fleet Manager must be set here
+# Example: https://example.com:6443
+apiServerURL: ""
+
+# The the pem encoded value of the CA of the Kubernetes API server running the Fleet Manager.
+# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
+apiServerCA: ""
+
+# The cluster registration value
+token: ""
+
+# Labels to add to the cluster upon registration only. They are not added after the fact.
+#labels:
+#  foo: bar
+
+# The client ID of the cluster to associate with
+clientID: ""
+
+# The namespace of the cluster we are register with
+clusterNamespace: ""
+
+# The namespace containing the clusters registration secrets
+systemRegistrationNamespace: fleet-clusters-system
+
+# Please do not change the below setting unless you really know what you are doing
+internal:
+  systemNamespace: fleet-system
+  managedReleaseName: fleet-agent
+
+# The nodeSelector and tolerations for the agent deployment
+fleetAgent:
+  ## Node labels for pod assignment
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+  ## List of node taints to tolerate (requires Kubernetes >= 1.6)
+  tolerations: []
+kubectl:
+  ## Node labels for pod assignment
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+  ## List of node taints to tolerate (requires Kubernetes >= 1.6)
+  tolerations:
+  - key: node.cloudprovider.kubernetes.io/uninitialized
+    operator: "Equal"
+    value: "true"
+    effect: NoSchedule
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.21.5
+
+debug: false
+debugLevel: 0
diff --git a/charts/fleet-crd/100.0.4+up0.3.10-rc1/Chart.yaml b/charts/fleet-crd/100.0.4+up0.3.10-rc1/Chart.yaml
new file mode 100644
index 000000000..054bd91ad
--- /dev/null
+++ b/charts/fleet-crd/100.0.4+up0.3.10-rc1/Chart.yaml
@@ -0,0 +1,13 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-fleet-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/release-name: fleet-crd
+apiVersion: v2
+appVersion: 0.3.10-rc1
+description: Fleet Manager CustomResourceDefinitions
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet-crd
+version: 100.0.4+up0.3.10-rc1
diff --git a/charts/fleet-crd/100.0.4+up0.3.10-rc1/templates/crds.yaml b/charts/fleet-crd/100.0.4+up0.3.10-rc1/templates/crds.yaml
new file mode 100644
index 000000000..b15a8037e
--- /dev/null
+++ b/charts/fleet-crd/100.0.4+up0.3.10-rc1/templates/crds.yaml
@@ -0,0 +1,5353 @@
+{{- if .Capabilities.APIVersions.Has "apiextensions.k8s.io/v1" -}}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: bundles.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: Bundle
+    plural: bundles
+    singular: bundle
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.display.readyClusters
+      name: BundleDeployments-Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              defaultNamespace:
+                nullable: true
+                type: string
+              dependsOn:
+                items:
+                  properties:
+                    name:
+                      nullable: true
+                      type: string
+                    selector:
+                      nullable: true
+                      properties:
+                        matchExpressions:
+                          items:
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              values:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                      type: object
+                  type: object
+                nullable: true
+                type: array
+              diff:
+                nullable: true
+                properties:
+                  comparePatches:
+                    items:
+                      properties:
+                        apiVersion:
+                          nullable: true
+                          type: string
+                        jsonPointers:
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                        kind:
+                          nullable: true
+                          type: string
+                        name:
+                          nullable: true
+                          type: string
+                        namespace:
+                          nullable: true
+                          type: string
+                        operations:
+                          items:
+                            properties:
+                              op:
+                                nullable: true
+                                type: string
+                              path:
+                                nullable: true
+                                type: string
+                              value:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    nullable: true
+                    type: array
+                type: object
+              forceSyncGeneration:
+                type: integer
+              helm:
+                nullable: true
+                properties:
+                  chart:
+                    nullable: true
+                    type: string
+                  force:
+                    type: boolean
+                  maxHistory:
+                    type: integer
+                  releaseName:
+                    nullable: true
+                    type: string
+                  repo:
+                    nullable: true
+                    type: string
+                  takeOwnership:
+                    type: boolean
+                  timeoutSeconds:
+                    type: integer
+                  values:
+                    nullable: true
+                    type: object
+                    x-kubernetes-preserve-unknown-fields: true
+                  valuesFiles:
+                    items:
+                      nullable: true
+                      type: string
+                    nullable: true
+                    type: array
+                  valuesFrom:
+                    items:
+                      properties:
+                        configMapKeyRef:
+                          nullable: true
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                          type: object
+                        secretKeyRef:
+                          nullable: true
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                          type: object
+                      type: object
+                    nullable: true
+                    type: array
+                  version:
+                    nullable: true
+                    type: string
+                type: object
+              kustomize:
+                nullable: true
+                properties:
+                  dir:
+                    nullable: true
+                    type: string
+                type: object
+              namespace:
+                nullable: true
+                type: string
+              paused:
+                type: boolean
+              resources:
+                items:
+                  properties:
+                    content:
+                      nullable: true
+                      type: string
+                    encoding:
+                      nullable: true
+                      type: string
+                    name:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              rolloutStrategy:
+                nullable: true
+                properties:
+                  autoPartitionSize:
+                    nullable: true
+                    type: string
+                  maxUnavailable:
+                    nullable: true
+                    type: string
+                  maxUnavailablePartitions:
+                    nullable: true
+                    type: string
+                  partitions:
+                    items:
+                      properties:
+                        clusterGroup:
+                          nullable: true
+                          type: string
+                        clusterGroupSelector:
+                          nullable: true
+                          properties:
+                            matchExpressions:
+                              items:
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  operator:
+                                    nullable: true
+                                    type: string
+                                  values:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                type: object
+                              nullable: true
+                              type: array
+                            matchLabels:
+                              additionalProperties:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: object
+                          type: object
+                        clusterName:
+                          nullable: true
+                          type: string
+                        clusterSelector:
+                          nullable: true
+                          properties:
+                            matchExpressions:
+                              items:
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  operator:
+                                    nullable: true
+                                    type: string
+                                  values:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                type: object
+                              nullable: true
+                              type: array
+                            matchLabels:
+                              additionalProperties:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: object
+                          type: object
+                        maxUnavailable:
+                          nullable: true
+                          type: string
+                        name:
+                          nullable: true
+                          type: string
+                      type: object
+                    nullable: true
+                    type: array
+                type: object
+              serviceAccount:
+                nullable: true
+                type: string
+              targetRestrictions:
+                items:
+                  properties:
+                    clusterGroup:
+                      nullable: true
+                      type: string
+                    clusterGroupSelector:
+                      nullable: true
+                      properties:
+                        matchExpressions:
+                          items:
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              values:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                      type: object
+                    clusterName:
+                      nullable: true
+                      type: string
+                    clusterSelector:
+                      nullable: true
+                      properties:
+                        matchExpressions:
+                          items:
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              values:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                      type: object
+                    name:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              targets:
+                items:
+                  properties:
+                    clusterGroup:
+                      nullable: true
+                      type: string
+                    clusterGroupSelector:
+                      nullable: true
+                      properties:
+                        matchExpressions:
+                          items:
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              values:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                      type: object
+                    clusterName:
+                      nullable: true
+                      type: string
+                    clusterSelector:
+                      nullable: true
+                      properties:
+                        matchExpressions:
+                          items:
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              values:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                      type: object
+                    defaultNamespace:
+                      nullable: true
+                      type: string
+                    diff:
+                      nullable: true
+                      properties:
+                        comparePatches:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              jsonPointers:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              kind:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              operations:
+                                items:
+                                  properties:
+                                    op:
+                                      nullable: true
+                                      type: string
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    forceSyncGeneration:
+                      type: integer
+                    helm:
+                      nullable: true
+                      properties:
+                        chart:
+                          nullable: true
+                          type: string
+                        force:
+                          type: boolean
+                        maxHistory:
+                          type: integer
+                        releaseName:
+                          nullable: true
+                          type: string
+                        repo:
+                          nullable: true
+                          type: string
+                        takeOwnership:
+                          type: boolean
+                        timeoutSeconds:
+                          type: integer
+                        values:
+                          nullable: true
+                          type: object
+                          x-kubernetes-preserve-unknown-fields: true
+                        valuesFiles:
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                        valuesFrom:
+                          items:
+                            properties:
+                              configMapKeyRef:
+                                nullable: true
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              secretKeyRef:
+                                nullable: true
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                            type: object
+                          nullable: true
+                          type: array
+                        version:
+                          nullable: true
+                          type: string
+                      type: object
+                    kustomize:
+                      nullable: true
+                      properties:
+                        dir:
+                          nullable: true
+                          type: string
+                      type: object
+                    name:
+                      nullable: true
+                      type: string
+                    namespace:
+                      nullable: true
+                      type: string
+                    serviceAccount:
+                      nullable: true
+                      type: string
+                    yaml:
+                      nullable: true
+                      properties:
+                        overlays:
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                      type: object
+                  type: object
+                nullable: true
+                type: array
+              yaml:
+                nullable: true
+                properties:
+                  overlays:
+                    items:
+                      nullable: true
+                      type: string
+                    nullable: true
+                    type: array
+                type: object
+            type: object
+          status:
+            properties:
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              display:
+                properties:
+                  readyClusters:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                type: object
+              maxNew:
+                type: integer
+              maxUnavailable:
+                type: integer
+              maxUnavailablePartitions:
+                type: integer
+              newlyCreated:
+                type: integer
+              observedGeneration:
+                type: integer
+              partitions:
+                items:
+                  properties:
+                    count:
+                      type: integer
+                    maxUnavailable:
+                      type: integer
+                    name:
+                      nullable: true
+                      type: string
+                    summary:
+                      properties:
+                        desiredReady:
+                          type: integer
+                        errApplied:
+                          type: integer
+                        modified:
+                          type: integer
+                        nonReadyResources:
+                          items:
+                            properties:
+                              bundleState:
+                                nullable: true
+                                type: string
+                              message:
+                                nullable: true
+                                type: string
+                              modifiedStatus:
+                                items:
+                                  properties:
+                                    apiVersion:
+                                      nullable: true
+                                      type: string
+                                    delete:
+                                      type: boolean
+                                    kind:
+                                      nullable: true
+                                      type: string
+                                    missing:
+                                      type: boolean
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    namespace:
+                                      nullable: true
+                                      type: string
+                                    patch:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              name:
+                                nullable: true
+                                type: string
+                              nonReadyStatus:
+                                items:
+                                  properties:
+                                    apiVersion:
+                                      nullable: true
+                                      type: string
+                                    kind:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    namespace:
+                                      nullable: true
+                                      type: string
+                                    summary:
+                                      properties:
+                                        error:
+                                          type: boolean
+                                        message:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        state:
+                                          nullable: true
+                                          type: string
+                                        transitioning:
+                                          type: boolean
+                                      type: object
+                                    uid:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                        notReady:
+                          type: integer
+                        outOfSync:
+                          type: integer
+                        pending:
+                          type: integer
+                        ready:
+                          type: integer
+                        waitApplied:
+                          type: integer
+                      type: object
+                    unavailable:
+                      type: integer
+                  type: object
+                nullable: true
+                type: array
+              resourceKey:
+                items:
+                  properties:
+                    apiVersion:
+                      nullable: true
+                      type: string
+                    kind:
+                      nullable: true
+                      type: string
+                    name:
+                      nullable: true
+                      type: string
+                    namespace:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              summary:
+                properties:
+                  desiredReady:
+                    type: integer
+                  errApplied:
+                    type: integer
+                  modified:
+                    type: integer
+                  nonReadyResources:
+                    items:
+                      properties:
+                        bundleState:
+                          nullable: true
+                          type: string
+                        message:
+                          nullable: true
+                          type: string
+                        modifiedStatus:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              delete:
+                                type: boolean
+                              kind:
+                                nullable: true
+                                type: string
+                              missing:
+                                type: boolean
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              patch:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        name:
+                          nullable: true
+                          type: string
+                        nonReadyStatus:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              kind:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              summary:
+                                properties:
+                                  error:
+                                    type: boolean
+                                  message:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  state:
+                                    nullable: true
+                                    type: string
+                                  transitioning:
+                                    type: boolean
+                                type: object
+                              uid:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    nullable: true
+                    type: array
+                  notReady:
+                    type: integer
+                  outOfSync:
+                    type: integer
+                  pending:
+                    type: integer
+                  ready:
+                    type: integer
+                  waitApplied:
+                    type: integer
+                type: object
+              unavailable:
+                type: integer
+              unavailablePartitions:
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: bundledeployments.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: BundleDeployment
+    plural: bundledeployments
+    singular: bundledeployment
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.display.deployed
+      name: Deployed
+      type: string
+    - jsonPath: .status.display.monitored
+      name: Monitored
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              dependsOn:
+                items:
+                  properties:
+                    name:
+                      nullable: true
+                      type: string
+                    selector:
+                      nullable: true
+                      properties:
+                        matchExpressions:
+                          items:
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              values:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                      type: object
+                  type: object
+                nullable: true
+                type: array
+              deploymentID:
+                nullable: true
+                type: string
+              options:
+                properties:
+                  defaultNamespace:
+                    nullable: true
+                    type: string
+                  diff:
+                    nullable: true
+                    properties:
+                      comparePatches:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            jsonPointers:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                            kind:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            operations:
+                              items:
+                                properties:
+                                  op:
+                                    nullable: true
+                                    type: string
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  value:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  forceSyncGeneration:
+                    type: integer
+                  helm:
+                    nullable: true
+                    properties:
+                      chart:
+                        nullable: true
+                        type: string
+                      force:
+                        type: boolean
+                      maxHistory:
+                        type: integer
+                      releaseName:
+                        nullable: true
+                        type: string
+                      repo:
+                        nullable: true
+                        type: string
+                      takeOwnership:
+                        type: boolean
+                      timeoutSeconds:
+                        type: integer
+                      values:
+                        nullable: true
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      valuesFiles:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                      valuesFrom:
+                        items:
+                          properties:
+                            configMapKeyRef:
+                              nullable: true
+                              properties:
+                                key:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            secretKeyRef:
+                              nullable: true
+                              properties:
+                                key:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                              type: object
+                          type: object
+                        nullable: true
+                        type: array
+                      version:
+                        nullable: true
+                        type: string
+                    type: object
+                  kustomize:
+                    nullable: true
+                    properties:
+                      dir:
+                        nullable: true
+                        type: string
+                    type: object
+                  namespace:
+                    nullable: true
+                    type: string
+                  serviceAccount:
+                    nullable: true
+                    type: string
+                  yaml:
+                    nullable: true
+                    properties:
+                      overlays:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                    type: object
+                type: object
+              stagedDeploymentID:
+                nullable: true
+                type: string
+              stagedOptions:
+                properties:
+                  defaultNamespace:
+                    nullable: true
+                    type: string
+                  diff:
+                    nullable: true
+                    properties:
+                      comparePatches:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            jsonPointers:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                            kind:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            operations:
+                              items:
+                                properties:
+                                  op:
+                                    nullable: true
+                                    type: string
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  value:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  forceSyncGeneration:
+                    type: integer
+                  helm:
+                    nullable: true
+                    properties:
+                      chart:
+                        nullable: true
+                        type: string
+                      force:
+                        type: boolean
+                      maxHistory:
+                        type: integer
+                      releaseName:
+                        nullable: true
+                        type: string
+                      repo:
+                        nullable: true
+                        type: string
+                      takeOwnership:
+                        type: boolean
+                      timeoutSeconds:
+                        type: integer
+                      values:
+                        nullable: true
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      valuesFiles:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                      valuesFrom:
+                        items:
+                          properties:
+                            configMapKeyRef:
+                              nullable: true
+                              properties:
+                                key:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            secretKeyRef:
+                              nullable: true
+                              properties:
+                                key:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                              type: object
+                          type: object
+                        nullable: true
+                        type: array
+                      version:
+                        nullable: true
+                        type: string
+                    type: object
+                  kustomize:
+                    nullable: true
+                    properties:
+                      dir:
+                        nullable: true
+                        type: string
+                    type: object
+                  namespace:
+                    nullable: true
+                    type: string
+                  serviceAccount:
+                    nullable: true
+                    type: string
+                  yaml:
+                    nullable: true
+                    properties:
+                      overlays:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                    type: object
+                type: object
+            type: object
+          status:
+            properties:
+              appliedDeploymentID:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              display:
+                properties:
+                  deployed:
+                    nullable: true
+                    type: string
+                  monitored:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                type: object
+              modifiedStatus:
+                items:
+                  properties:
+                    apiVersion:
+                      nullable: true
+                      type: string
+                    delete:
+                      type: boolean
+                    kind:
+                      nullable: true
+                      type: string
+                    missing:
+                      type: boolean
+                    name:
+                      nullable: true
+                      type: string
+                    namespace:
+                      nullable: true
+                      type: string
+                    patch:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              nonModified:
+                type: boolean
+              nonReadyStatus:
+                items:
+                  properties:
+                    apiVersion:
+                      nullable: true
+                      type: string
+                    kind:
+                      nullable: true
+                      type: string
+                    name:
+                      nullable: true
+                      type: string
+                    namespace:
+                      nullable: true
+                      type: string
+                    summary:
+                      properties:
+                        error:
+                          type: boolean
+                        message:
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                        state:
+                          nullable: true
+                          type: string
+                        transitioning:
+                          type: boolean
+                      type: object
+                    uid:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              ready:
+                type: boolean
+              release:
+                nullable: true
+                type: string
+              syncGeneration:
+                nullable: true
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: bundlenamespacemappings.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: BundleNamespaceMapping
+    plural: bundlenamespacemappings
+    singular: bundlenamespacemapping
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          bundleSelector:
+            nullable: true
+            properties:
+              matchExpressions:
+                items:
+                  properties:
+                    key:
+                      nullable: true
+                      type: string
+                    operator:
+                      nullable: true
+                      type: string
+                    values:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                  type: object
+                nullable: true
+                type: array
+              matchLabels:
+                additionalProperties:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: object
+            type: object
+          namespaceSelector:
+            nullable: true
+            properties:
+              matchExpressions:
+                items:
+                  properties:
+                    key:
+                      nullable: true
+                      type: string
+                    operator:
+                      nullable: true
+                      type: string
+                    values:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                  type: object
+                nullable: true
+                type: array
+              matchLabels:
+                additionalProperties:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clustergroups.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    categories:
+    - fleet
+    kind: ClusterGroup
+    plural: clustergroups
+    singular: clustergroup
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.display.readyClusters
+      name: Clusters-Ready
+      type: string
+    - jsonPath: .status.display.readyBundles
+      name: Bundles-Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              selector:
+                nullable: true
+                properties:
+                  matchExpressions:
+                    items:
+                      properties:
+                        key:
+                          nullable: true
+                          type: string
+                        operator:
+                          nullable: true
+                          type: string
+                        values:
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                      type: object
+                    nullable: true
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      nullable: true
+                      type: string
+                    nullable: true
+                    type: object
+                type: object
+            type: object
+          status:
+            properties:
+              clusterCount:
+                type: integer
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              display:
+                properties:
+                  readyBundles:
+                    nullable: true
+                    type: string
+                  readyClusters:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                type: object
+              nonReadyClusterCount:
+                type: integer
+              nonReadyClusters:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+              resourceCounts:
+                properties:
+                  desiredReady:
+                    type: integer
+                  missing:
+                    type: integer
+                  modified:
+                    type: integer
+                  notReady:
+                    type: integer
+                  orphaned:
+                    type: integer
+                  ready:
+                    type: integer
+                  unknown:
+                    type: integer
+                  waitApplied:
+                    type: integer
+                type: object
+              summary:
+                properties:
+                  desiredReady:
+                    type: integer
+                  errApplied:
+                    type: integer
+                  modified:
+                    type: integer
+                  nonReadyResources:
+                    items:
+                      properties:
+                        bundleState:
+                          nullable: true
+                          type: string
+                        message:
+                          nullable: true
+                          type: string
+                        modifiedStatus:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              delete:
+                                type: boolean
+                              kind:
+                                nullable: true
+                                type: string
+                              missing:
+                                type: boolean
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              patch:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        name:
+                          nullable: true
+                          type: string
+                        nonReadyStatus:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              kind:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              summary:
+                                properties:
+                                  error:
+                                    type: boolean
+                                  message:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  state:
+                                    nullable: true
+                                    type: string
+                                  transitioning:
+                                    type: boolean
+                                type: object
+                              uid:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    nullable: true
+                    type: array
+                  notReady:
+                    type: integer
+                  outOfSync:
+                    type: integer
+                  pending:
+                    type: integer
+                  ready:
+                    type: integer
+                  waitApplied:
+                    type: integer
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusters.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: Cluster
+    plural: clusters
+    singular: cluster
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.display.readyBundles
+      name: Bundles-Ready
+      type: string
+    - jsonPath: .status.display.readyNodes
+      name: Nodes-Ready
+      type: string
+    - jsonPath: .status.display.sampleNode
+      name: Sample-Node
+      type: string
+    - jsonPath: .status.agent.lastSeen
+      name: Last-Seen
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              agentEnvVars:
+                items:
+                  properties:
+                    name:
+                      nullable: true
+                      type: string
+                    value:
+                      nullable: true
+                      type: string
+                    valueFrom:
+                      nullable: true
+                      properties:
+                        configMapKeyRef:
+                          nullable: true
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            optional:
+                              nullable: true
+                              type: boolean
+                          type: object
+                        fieldRef:
+                          nullable: true
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            fieldPath:
+                              nullable: true
+                              type: string
+                          type: object
+                        resourceFieldRef:
+                          nullable: true
+                          properties:
+                            containerName:
+                              nullable: true
+                              type: string
+                            divisor:
+                              nullable: true
+                              type: string
+                            resource:
+                              nullable: true
+                              type: string
+                          type: object
+                        secretKeyRef:
+                          nullable: true
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            optional:
+                              nullable: true
+                              type: boolean
+                          type: object
+                      type: object
+                  type: object
+                nullable: true
+                type: array
+              agentNamespace:
+                nullable: true
+                type: string
+              clientID:
+                nullable: true
+                type: string
+              kubeConfigSecret:
+                nullable: true
+                type: string
+              paused:
+                type: boolean
+              redeployAgentGeneration:
+                type: integer
+            type: object
+          status:
+            properties:
+              agent:
+                properties:
+                  lastSeen:
+                    nullable: true
+                    type: string
+                  namespace:
+                    nullable: true
+                    type: string
+                  nonReadyNodeNames:
+                    items:
+                      nullable: true
+                      type: string
+                    nullable: true
+                    type: array
+                  nonReadyNodes:
+                    type: integer
+                  readyNodeNames:
+                    items:
+                      nullable: true
+                      type: string
+                    nullable: true
+                    type: array
+                  readyNodes:
+                    type: integer
+                type: object
+              agentDeployedGeneration:
+                nullable: true
+                type: integer
+              agentEnvVarsHash:
+                nullable: true
+                type: string
+              agentMigrated:
+                type: boolean
+              agentNamespaceMigrated:
+                type: boolean
+              cattleNamespaceMigrated:
+                type: boolean
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              desiredReadyGitRepos:
+                type: integer
+              display:
+                properties:
+                  readyBundles:
+                    nullable: true
+                    type: string
+                  readyNodes:
+                    nullable: true
+                    type: string
+                  sampleNode:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                type: object
+              namespace:
+                nullable: true
+                type: string
+              readyGitRepos:
+                type: integer
+              resourceCounts:
+                properties:
+                  desiredReady:
+                    type: integer
+                  missing:
+                    type: integer
+                  modified:
+                    type: integer
+                  notReady:
+                    type: integer
+                  orphaned:
+                    type: integer
+                  ready:
+                    type: integer
+                  unknown:
+                    type: integer
+                  waitApplied:
+                    type: integer
+                type: object
+              summary:
+                properties:
+                  desiredReady:
+                    type: integer
+                  errApplied:
+                    type: integer
+                  modified:
+                    type: integer
+                  nonReadyResources:
+                    items:
+                      properties:
+                        bundleState:
+                          nullable: true
+                          type: string
+                        message:
+                          nullable: true
+                          type: string
+                        modifiedStatus:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              delete:
+                                type: boolean
+                              kind:
+                                nullable: true
+                                type: string
+                              missing:
+                                type: boolean
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              patch:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        name:
+                          nullable: true
+                          type: string
+                        nonReadyStatus:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              kind:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              summary:
+                                properties:
+                                  error:
+                                    type: boolean
+                                  message:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  state:
+                                    nullable: true
+                                    type: string
+                                  transitioning:
+                                    type: boolean
+                                type: object
+                              uid:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    nullable: true
+                    type: array
+                  notReady:
+                    type: integer
+                  outOfSync:
+                    type: integer
+                  pending:
+                    type: integer
+                  ready:
+                    type: integer
+                  waitApplied:
+                    type: integer
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterregistrationtokens.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: ClusterRegistrationToken
+    plural: clusterregistrationtokens
+    singular: clusterregistrationtoken
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.secretName
+      name: Secret-Name
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              ttl:
+                nullable: true
+                type: string
+            type: object
+          status:
+            properties:
+              expires:
+                nullable: true
+                type: string
+              secretName:
+                nullable: true
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gitrepos.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    categories:
+    - fleet
+    kind: GitRepo
+    plural: gitrepos
+    singular: gitrepo
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.repo
+      name: Repo
+      type: string
+    - jsonPath: .status.commit
+      name: Commit
+      type: string
+    - jsonPath: .status.display.readyBundleDeployments
+      name: BundleDeployments-Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              branch:
+                nullable: true
+                type: string
+              caBundle:
+                nullable: true
+                type: string
+              clientSecretName:
+                nullable: true
+                type: string
+              forceSyncGeneration:
+                type: integer
+              helmSecretName:
+                nullable: true
+                type: string
+              imageScanCommit:
+                properties:
+                  authorEmail:
+                    nullable: true
+                    type: string
+                  authorName:
+                    nullable: true
+                    type: string
+                  messageTemplate:
+                    nullable: true
+                    type: string
+                type: object
+              imageScanInterval:
+                nullable: true
+                type: string
+              insecureSkipTLSVerify:
+                type: boolean
+              paths:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+              paused:
+                type: boolean
+              pollingInterval:
+                nullable: true
+                type: string
+              repo:
+                nullable: true
+                type: string
+              revision:
+                nullable: true
+                type: string
+              serviceAccount:
+                nullable: true
+                type: string
+              targetNamespace:
+                nullable: true
+                type: string
+              targets:
+                items:
+                  properties:
+                    clusterGroup:
+                      nullable: true
+                      type: string
+                    clusterGroupSelector:
+                      nullable: true
+                      properties:
+                        matchExpressions:
+                          items:
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              values:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                      type: object
+                    clusterName:
+                      nullable: true
+                      type: string
+                    clusterSelector:
+                      nullable: true
+                      properties:
+                        matchExpressions:
+                          items:
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              values:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                      type: object
+                    name:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+            type: object
+          status:
+            properties:
+              commit:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              desiredReadyClusters:
+                type: integer
+              display:
+                properties:
+                  error:
+                    type: boolean
+                  message:
+                    nullable: true
+                    type: string
+                  readyBundleDeployments:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                type: object
+              gitJobStatus:
+                nullable: true
+                type: string
+              lastSyncedImageScanTime:
+                nullable: true
+                type: string
+              observedGeneration:
+                type: integer
+              readyClusters:
+                type: integer
+              resourceCounts:
+                properties:
+                  desiredReady:
+                    type: integer
+                  missing:
+                    type: integer
+                  modified:
+                    type: integer
+                  notReady:
+                    type: integer
+                  orphaned:
+                    type: integer
+                  ready:
+                    type: integer
+                  unknown:
+                    type: integer
+                  waitApplied:
+                    type: integer
+                type: object
+              resourceErrors:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+              resources:
+                items:
+                  properties:
+                    apiVersion:
+                      nullable: true
+                      type: string
+                    error:
+                      type: boolean
+                    id:
+                      nullable: true
+                      type: string
+                    incompleteState:
+                      type: boolean
+                    kind:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    name:
+                      nullable: true
+                      type: string
+                    namespace:
+                      nullable: true
+                      type: string
+                    perClusterState:
+                      items:
+                        properties:
+                          clusterId:
+                            nullable: true
+                            type: string
+                          error:
+                            type: boolean
+                          message:
+                            nullable: true
+                            type: string
+                          patch:
+                            nullable: true
+                            type: object
+                            x-kubernetes-preserve-unknown-fields: true
+                          state:
+                            nullable: true
+                            type: string
+                          transitioning:
+                            type: boolean
+                        type: object
+                      nullable: true
+                      type: array
+                    state:
+                      nullable: true
+                      type: string
+                    transitioning:
+                      type: boolean
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              summary:
+                properties:
+                  desiredReady:
+                    type: integer
+                  errApplied:
+                    type: integer
+                  modified:
+                    type: integer
+                  nonReadyResources:
+                    items:
+                      properties:
+                        bundleState:
+                          nullable: true
+                          type: string
+                        message:
+                          nullable: true
+                          type: string
+                        modifiedStatus:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              delete:
+                                type: boolean
+                              kind:
+                                nullable: true
+                                type: string
+                              missing:
+                                type: boolean
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              patch:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        name:
+                          nullable: true
+                          type: string
+                        nonReadyStatus:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              kind:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              summary:
+                                properties:
+                                  error:
+                                    type: boolean
+                                  message:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  state:
+                                    nullable: true
+                                    type: string
+                                  transitioning:
+                                    type: boolean
+                                type: object
+                              uid:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    nullable: true
+                    type: array
+                  notReady:
+                    type: integer
+                  outOfSync:
+                    type: integer
+                  pending:
+                    type: integer
+                  ready:
+                    type: integer
+                  waitApplied:
+                    type: integer
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterregistrations.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: ClusterRegistration
+    plural: clusterregistrations
+    singular: clusterregistration
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.clusterName
+      name: Cluster-Name
+      type: string
+    - jsonPath: .spec.clusterLabels
+      name: Labels
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              clientID:
+                nullable: true
+                type: string
+              clientRandom:
+                nullable: true
+                type: string
+              clusterLabels:
+                additionalProperties:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: object
+            type: object
+          status:
+            properties:
+              clusterName:
+                nullable: true
+                type: string
+              granted:
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gitreporestrictions.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: GitRepoRestriction
+    plural: gitreporestrictions
+    singular: gitreporestriction
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .defaultServiceAccount
+      name: Default-ServiceAccount
+      type: string
+    - jsonPath: .allowedServiceAccounts
+      name: Allowed-ServiceAccounts
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          allowedClientSecretNames:
+            items:
+              nullable: true
+              type: string
+            nullable: true
+            type: array
+          allowedRepoPatterns:
+            items:
+              nullable: true
+              type: string
+            nullable: true
+            type: array
+          allowedServiceAccounts:
+            items:
+              nullable: true
+              type: string
+            nullable: true
+            type: array
+          defaultClientSecretName:
+            nullable: true
+            type: string
+          defaultServiceAccount:
+            nullable: true
+            type: string
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: contents.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: Content
+    plural: contents
+    singular: content
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          content:
+            nullable: true
+            type: string
+        type: object
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: imagescans.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    categories:
+    - fleet
+    kind: ImageScan
+    plural: imagescans
+    singular: imagescan
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.image
+      name: Repository
+      type: string
+    - jsonPath: .status.latestTag
+      name: Latest
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              gitrepoName:
+                nullable: true
+                type: string
+              image:
+                nullable: true
+                type: string
+              interval:
+                nullable: true
+                type: string
+              policy:
+                properties:
+                  alphabetical:
+                    nullable: true
+                    properties:
+                      order:
+                        nullable: true
+                        type: string
+                    type: object
+                  semver:
+                    nullable: true
+                    properties:
+                      range:
+                        nullable: true
+                        type: string
+                    type: object
+                type: object
+              secretRef:
+                nullable: true
+                properties:
+                  name:
+                    nullable: true
+                    type: string
+                type: object
+              suspend:
+                type: boolean
+              tagName:
+                nullable: true
+                type: string
+            type: object
+          status:
+            properties:
+              canonicalImageName:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              lastScanTime:
+                nullable: true
+                type: string
+              latestDigest:
+                nullable: true
+                type: string
+              latestImage:
+                nullable: true
+                type: string
+              latestTag:
+                nullable: true
+                type: string
+              observedGeneration:
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+{{- else -}}
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: bundles.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.display.readyClusters
+    name: BundleDeployments-Ready
+    type: string
+  - JSONPath: .status.conditions[?(@.type=="Ready")].message
+    name: Status
+    type: string
+  group: fleet.cattle.io
+  names:
+    kind: Bundle
+    plural: bundles
+    singular: bundle
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            defaultNamespace:
+              nullable: true
+              type: string
+            dependsOn:
+              items:
+                properties:
+                  name:
+                    nullable: true
+                    type: string
+                  selector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                type: object
+              nullable: true
+              type: array
+            diff:
+              nullable: true
+              properties:
+                comparePatches:
+                  items:
+                    properties:
+                      apiVersion:
+                        nullable: true
+                        type: string
+                      jsonPointers:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                      kind:
+                        nullable: true
+                        type: string
+                      name:
+                        nullable: true
+                        type: string
+                      namespace:
+                        nullable: true
+                        type: string
+                      operations:
+                        items:
+                          properties:
+                            op:
+                              nullable: true
+                              type: string
+                            path:
+                              nullable: true
+                              type: string
+                            value:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  nullable: true
+                  type: array
+              type: object
+            forceSyncGeneration:
+              type: integer
+            helm:
+              nullable: true
+              properties:
+                chart:
+                  nullable: true
+                  type: string
+                force:
+                  type: boolean
+                maxHistory:
+                  type: integer
+                releaseName:
+                  nullable: true
+                  type: string
+                repo:
+                  nullable: true
+                  type: string
+                takeOwnership:
+                  type: boolean
+                timeoutSeconds:
+                  type: integer
+                values:
+                  nullable: true
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+                valuesFiles:
+                  items:
+                    nullable: true
+                    type: string
+                  nullable: true
+                  type: array
+                valuesFrom:
+                  items:
+                    properties:
+                      configMapKeyRef:
+                        nullable: true
+                        properties:
+                          key:
+                            nullable: true
+                            type: string
+                          name:
+                            nullable: true
+                            type: string
+                          namespace:
+                            nullable: true
+                            type: string
+                        type: object
+                      secretKeyRef:
+                        nullable: true
+                        properties:
+                          key:
+                            nullable: true
+                            type: string
+                          name:
+                            nullable: true
+                            type: string
+                          namespace:
+                            nullable: true
+                            type: string
+                        type: object
+                    type: object
+                  nullable: true
+                  type: array
+                version:
+                  nullable: true
+                  type: string
+              type: object
+            kustomize:
+              nullable: true
+              properties:
+                dir:
+                  nullable: true
+                  type: string
+              type: object
+            namespace:
+              nullable: true
+              type: string
+            paused:
+              type: boolean
+            resources:
+              items:
+                properties:
+                  content:
+                    nullable: true
+                    type: string
+                  encoding:
+                    nullable: true
+                    type: string
+                  name:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            rolloutStrategy:
+              nullable: true
+              properties:
+                autoPartitionSize:
+                  nullable: true
+                  type: string
+                maxUnavailable:
+                  nullable: true
+                  type: string
+                maxUnavailablePartitions:
+                  nullable: true
+                  type: string
+                partitions:
+                  items:
+                    properties:
+                      clusterGroup:
+                        nullable: true
+                        type: string
+                      clusterGroupSelector:
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            items:
+                              properties:
+                                key:
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  nullable: true
+                                  type: string
+                                values:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                        type: object
+                      clusterName:
+                        nullable: true
+                        type: string
+                      clusterSelector:
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            items:
+                              properties:
+                                key:
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  nullable: true
+                                  type: string
+                                values:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                        type: object
+                      maxUnavailable:
+                        nullable: true
+                        type: string
+                      name:
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+              type: object
+            serviceAccount:
+              nullable: true
+              type: string
+            targetRestrictions:
+              items:
+                properties:
+                  clusterGroup:
+                    nullable: true
+                    type: string
+                  clusterGroupSelector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                  clusterName:
+                    nullable: true
+                    type: string
+                  clusterSelector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                  name:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            targets:
+              items:
+                properties:
+                  clusterGroup:
+                    nullable: true
+                    type: string
+                  clusterGroupSelector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                  clusterName:
+                    nullable: true
+                    type: string
+                  clusterSelector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                  defaultNamespace:
+                    nullable: true
+                    type: string
+                  diff:
+                    nullable: true
+                    properties:
+                      comparePatches:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            jsonPointers:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                            kind:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            operations:
+                              items:
+                                properties:
+                                  op:
+                                    nullable: true
+                                    type: string
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  value:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  forceSyncGeneration:
+                    type: integer
+                  helm:
+                    nullable: true
+                    properties:
+                      chart:
+                        nullable: true
+                        type: string
+                      force:
+                        type: boolean
+                      maxHistory:
+                        type: integer
+                      releaseName:
+                        nullable: true
+                        type: string
+                      repo:
+                        nullable: true
+                        type: string
+                      takeOwnership:
+                        type: boolean
+                      timeoutSeconds:
+                        type: integer
+                      values:
+                        nullable: true
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      valuesFiles:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                      valuesFrom:
+                        items:
+                          properties:
+                            configMapKeyRef:
+                              nullable: true
+                              properties:
+                                key:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            secretKeyRef:
+                              nullable: true
+                              properties:
+                                key:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                              type: object
+                          type: object
+                        nullable: true
+                        type: array
+                      version:
+                        nullable: true
+                        type: string
+                    type: object
+                  kustomize:
+                    nullable: true
+                    properties:
+                      dir:
+                        nullable: true
+                        type: string
+                    type: object
+                  name:
+                    nullable: true
+                    type: string
+                  namespace:
+                    nullable: true
+                    type: string
+                  serviceAccount:
+                    nullable: true
+                    type: string
+                  yaml:
+                    nullable: true
+                    properties:
+                      overlays:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                    type: object
+                type: object
+              nullable: true
+              type: array
+            yaml:
+              nullable: true
+              properties:
+                overlays:
+                  items:
+                    nullable: true
+                    type: string
+                  nullable: true
+                  type: array
+              type: object
+          type: object
+        status:
+          properties:
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            display:
+              properties:
+                readyClusters:
+                  nullable: true
+                  type: string
+                state:
+                  nullable: true
+                  type: string
+              type: object
+            maxNew:
+              type: integer
+            maxUnavailable:
+              type: integer
+            maxUnavailablePartitions:
+              type: integer
+            newlyCreated:
+              type: integer
+            observedGeneration:
+              type: integer
+            partitions:
+              items:
+                properties:
+                  count:
+                    type: integer
+                  maxUnavailable:
+                    type: integer
+                  name:
+                    nullable: true
+                    type: string
+                  summary:
+                    properties:
+                      desiredReady:
+                        type: integer
+                      errApplied:
+                        type: integer
+                      modified:
+                        type: integer
+                      nonReadyResources:
+                        items:
+                          properties:
+                            bundleState:
+                              nullable: true
+                              type: string
+                            message:
+                              nullable: true
+                              type: string
+                            modifiedStatus:
+                              items:
+                                properties:
+                                  apiVersion:
+                                    nullable: true
+                                    type: string
+                                  delete:
+                                    type: boolean
+                                  kind:
+                                    nullable: true
+                                    type: string
+                                  missing:
+                                    type: boolean
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                  patch:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                            name:
+                              nullable: true
+                              type: string
+                            nonReadyStatus:
+                              items:
+                                properties:
+                                  apiVersion:
+                                    nullable: true
+                                    type: string
+                                  kind:
+                                    nullable: true
+                                    type: string
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                  summary:
+                                    properties:
+                                      error:
+                                        type: boolean
+                                      message:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      state:
+                                        nullable: true
+                                        type: string
+                                      transitioning:
+                                        type: boolean
+                                    type: object
+                                  uid:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      notReady:
+                        type: integer
+                      outOfSync:
+                        type: integer
+                      pending:
+                        type: integer
+                      ready:
+                        type: integer
+                      waitApplied:
+                        type: integer
+                    type: object
+                  unavailable:
+                    type: integer
+                type: object
+              nullable: true
+              type: array
+            resourceKey:
+              items:
+                properties:
+                  apiVersion:
+                    nullable: true
+                    type: string
+                  kind:
+                    nullable: true
+                    type: string
+                  name:
+                    nullable: true
+                    type: string
+                  namespace:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            summary:
+              properties:
+                desiredReady:
+                  type: integer
+                errApplied:
+                  type: integer
+                modified:
+                  type: integer
+                nonReadyResources:
+                  items:
+                    properties:
+                      bundleState:
+                        nullable: true
+                        type: string
+                      message:
+                        nullable: true
+                        type: string
+                      modifiedStatus:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            delete:
+                              type: boolean
+                            kind:
+                              nullable: true
+                              type: string
+                            missing:
+                              type: boolean
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            patch:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                      name:
+                        nullable: true
+                        type: string
+                      nonReadyStatus:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            kind:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            summary:
+                              properties:
+                                error:
+                                  type: boolean
+                                message:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                state:
+                                  nullable: true
+                                  type: string
+                                transitioning:
+                                  type: boolean
+                              type: object
+                            uid:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  nullable: true
+                  type: array
+                notReady:
+                  type: integer
+                outOfSync:
+                  type: integer
+                pending:
+                  type: integer
+                ready:
+                  type: integer
+                waitApplied:
+                  type: integer
+              type: object
+            unavailable:
+              type: integer
+            unavailablePartitions:
+              type: integer
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: bundledeployments.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.display.deployed
+    name: Deployed
+    type: string
+  - JSONPath: .status.display.monitored
+    name: Monitored
+    type: string
+  - JSONPath: .status.conditions[?(@.type=="Ready")].message
+    name: Status
+    type: string
+  group: fleet.cattle.io
+  names:
+    kind: BundleDeployment
+    plural: bundledeployments
+    singular: bundledeployment
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            dependsOn:
+              items:
+                properties:
+                  name:
+                    nullable: true
+                    type: string
+                  selector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                type: object
+              nullable: true
+              type: array
+            deploymentID:
+              nullable: true
+              type: string
+            options:
+              properties:
+                defaultNamespace:
+                  nullable: true
+                  type: string
+                diff:
+                  nullable: true
+                  properties:
+                    comparePatches:
+                      items:
+                        properties:
+                          apiVersion:
+                            nullable: true
+                            type: string
+                          jsonPointers:
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                          kind:
+                            nullable: true
+                            type: string
+                          name:
+                            nullable: true
+                            type: string
+                          namespace:
+                            nullable: true
+                            type: string
+                          operations:
+                            items:
+                              properties:
+                                op:
+                                  nullable: true
+                                  type: string
+                                path:
+                                  nullable: true
+                                  type: string
+                                value:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                  type: object
+                forceSyncGeneration:
+                  type: integer
+                helm:
+                  nullable: true
+                  properties:
+                    chart:
+                      nullable: true
+                      type: string
+                    force:
+                      type: boolean
+                    maxHistory:
+                      type: integer
+                    releaseName:
+                      nullable: true
+                      type: string
+                    repo:
+                      nullable: true
+                      type: string
+                    takeOwnership:
+                      type: boolean
+                    timeoutSeconds:
+                      type: integer
+                    values:
+                      nullable: true
+                      type: object
+                      x-kubernetes-preserve-unknown-fields: true
+                    valuesFiles:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                    valuesFrom:
+                      items:
+                        properties:
+                          configMapKeyRef:
+                            nullable: true
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                            type: object
+                          secretKeyRef:
+                            nullable: true
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                            type: object
+                        type: object
+                      nullable: true
+                      type: array
+                    version:
+                      nullable: true
+                      type: string
+                  type: object
+                kustomize:
+                  nullable: true
+                  properties:
+                    dir:
+                      nullable: true
+                      type: string
+                  type: object
+                namespace:
+                  nullable: true
+                  type: string
+                serviceAccount:
+                  nullable: true
+                  type: string
+                yaml:
+                  nullable: true
+                  properties:
+                    overlays:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                  type: object
+              type: object
+            stagedDeploymentID:
+              nullable: true
+              type: string
+            stagedOptions:
+              properties:
+                defaultNamespace:
+                  nullable: true
+                  type: string
+                diff:
+                  nullable: true
+                  properties:
+                    comparePatches:
+                      items:
+                        properties:
+                          apiVersion:
+                            nullable: true
+                            type: string
+                          jsonPointers:
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                          kind:
+                            nullable: true
+                            type: string
+                          name:
+                            nullable: true
+                            type: string
+                          namespace:
+                            nullable: true
+                            type: string
+                          operations:
+                            items:
+                              properties:
+                                op:
+                                  nullable: true
+                                  type: string
+                                path:
+                                  nullable: true
+                                  type: string
+                                value:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                  type: object
+                forceSyncGeneration:
+                  type: integer
+                helm:
+                  nullable: true
+                  properties:
+                    chart:
+                      nullable: true
+                      type: string
+                    force:
+                      type: boolean
+                    maxHistory:
+                      type: integer
+                    releaseName:
+                      nullable: true
+                      type: string
+                    repo:
+                      nullable: true
+                      type: string
+                    takeOwnership:
+                      type: boolean
+                    timeoutSeconds:
+                      type: integer
+                    values:
+                      nullable: true
+                      type: object
+                      x-kubernetes-preserve-unknown-fields: true
+                    valuesFiles:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                    valuesFrom:
+                      items:
+                        properties:
+                          configMapKeyRef:
+                            nullable: true
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                            type: object
+                          secretKeyRef:
+                            nullable: true
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                            type: object
+                        type: object
+                      nullable: true
+                      type: array
+                    version:
+                      nullable: true
+                      type: string
+                  type: object
+                kustomize:
+                  nullable: true
+                  properties:
+                    dir:
+                      nullable: true
+                      type: string
+                  type: object
+                namespace:
+                  nullable: true
+                  type: string
+                serviceAccount:
+                  nullable: true
+                  type: string
+                yaml:
+                  nullable: true
+                  properties:
+                    overlays:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                  type: object
+              type: object
+          type: object
+        status:
+          properties:
+            appliedDeploymentID:
+              nullable: true
+              type: string
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            display:
+              properties:
+                deployed:
+                  nullable: true
+                  type: string
+                monitored:
+                  nullable: true
+                  type: string
+                state:
+                  nullable: true
+                  type: string
+              type: object
+            modifiedStatus:
+              items:
+                properties:
+                  apiVersion:
+                    nullable: true
+                    type: string
+                  delete:
+                    type: boolean
+                  kind:
+                    nullable: true
+                    type: string
+                  missing:
+                    type: boolean
+                  name:
+                    nullable: true
+                    type: string
+                  namespace:
+                    nullable: true
+                    type: string
+                  patch:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            nonModified:
+              type: boolean
+            nonReadyStatus:
+              items:
+                properties:
+                  apiVersion:
+                    nullable: true
+                    type: string
+                  kind:
+                    nullable: true
+                    type: string
+                  name:
+                    nullable: true
+                    type: string
+                  namespace:
+                    nullable: true
+                    type: string
+                  summary:
+                    properties:
+                      error:
+                        type: boolean
+                      message:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                      state:
+                        nullable: true
+                        type: string
+                      transitioning:
+                        type: boolean
+                    type: object
+                  uid:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            ready:
+              type: boolean
+            release:
+              nullable: true
+              type: string
+            syncGeneration:
+              nullable: true
+              type: integer
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: bundlenamespacemappings.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: BundleNamespaceMapping
+    plural: bundlenamespacemappings
+    singular: bundlenamespacemapping
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        bundleSelector:
+          nullable: true
+          properties:
+            matchExpressions:
+              items:
+                properties:
+                  key:
+                    nullable: true
+                    type: string
+                  operator:
+                    nullable: true
+                    type: string
+                  values:
+                    items:
+                      nullable: true
+                      type: string
+                    nullable: true
+                    type: array
+                type: object
+              nullable: true
+              type: array
+            matchLabels:
+              additionalProperties:
+                nullable: true
+                type: string
+              nullable: true
+              type: object
+          type: object
+        namespaceSelector:
+          nullable: true
+          properties:
+            matchExpressions:
+              items:
+                properties:
+                  key:
+                    nullable: true
+                    type: string
+                  operator:
+                    nullable: true
+                    type: string
+                  values:
+                    items:
+                      nullable: true
+                      type: string
+                    nullable: true
+                    type: array
+                type: object
+              nullable: true
+              type: array
+            matchLabels:
+              additionalProperties:
+                nullable: true
+                type: string
+              nullable: true
+              type: object
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clustergroups.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.display.readyClusters
+    name: Clusters-Ready
+    type: string
+  - JSONPath: .status.display.readyBundles
+    name: Bundles-Ready
+    type: string
+  - JSONPath: .status.conditions[?(@.type=="Ready")].message
+    name: Status
+    type: string
+  group: fleet.cattle.io
+  names:
+    categories:
+    - fleet
+    kind: ClusterGroup
+    plural: clustergroups
+    singular: clustergroup
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            selector:
+              nullable: true
+              properties:
+                matchExpressions:
+                  items:
+                    properties:
+                      key:
+                        nullable: true
+                        type: string
+                      operator:
+                        nullable: true
+                        type: string
+                      values:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                    type: object
+                  nullable: true
+                  type: array
+                matchLabels:
+                  additionalProperties:
+                    nullable: true
+                    type: string
+                  nullable: true
+                  type: object
+              type: object
+          type: object
+        status:
+          properties:
+            clusterCount:
+              type: integer
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            display:
+              properties:
+                readyBundles:
+                  nullable: true
+                  type: string
+                readyClusters:
+                  nullable: true
+                  type: string
+                state:
+                  nullable: true
+                  type: string
+              type: object
+            nonReadyClusterCount:
+              type: integer
+            nonReadyClusters:
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+            resourceCounts:
+              properties:
+                desiredReady:
+                  type: integer
+                missing:
+                  type: integer
+                modified:
+                  type: integer
+                notReady:
+                  type: integer
+                orphaned:
+                  type: integer
+                ready:
+                  type: integer
+                unknown:
+                  type: integer
+                waitApplied:
+                  type: integer
+              type: object
+            summary:
+              properties:
+                desiredReady:
+                  type: integer
+                errApplied:
+                  type: integer
+                modified:
+                  type: integer
+                nonReadyResources:
+                  items:
+                    properties:
+                      bundleState:
+                        nullable: true
+                        type: string
+                      message:
+                        nullable: true
+                        type: string
+                      modifiedStatus:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            delete:
+                              type: boolean
+                            kind:
+                              nullable: true
+                              type: string
+                            missing:
+                              type: boolean
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            patch:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                      name:
+                        nullable: true
+                        type: string
+                      nonReadyStatus:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            kind:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            summary:
+                              properties:
+                                error:
+                                  type: boolean
+                                message:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                state:
+                                  nullable: true
+                                  type: string
+                                transitioning:
+                                  type: boolean
+                              type: object
+                            uid:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  nullable: true
+                  type: array
+                notReady:
+                  type: integer
+                outOfSync:
+                  type: integer
+                pending:
+                  type: integer
+                ready:
+                  type: integer
+                waitApplied:
+                  type: integer
+              type: object
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusters.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.display.readyBundles
+    name: Bundles-Ready
+    type: string
+  - JSONPath: .status.display.readyNodes
+    name: Nodes-Ready
+    type: string
+  - JSONPath: .status.display.sampleNode
+    name: Sample-Node
+    type: string
+  - JSONPath: .status.agent.lastSeen
+    name: Last-Seen
+    type: string
+  - JSONPath: .status.conditions[?(@.type=="Ready")].message
+    name: Status
+    type: string
+  group: fleet.cattle.io
+  names:
+    kind: Cluster
+    plural: clusters
+    singular: cluster
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            agentEnvVars:
+              items:
+                properties:
+                  name:
+                    nullable: true
+                    type: string
+                  value:
+                    nullable: true
+                    type: string
+                  valueFrom:
+                    nullable: true
+                    properties:
+                      configMapKeyRef:
+                        nullable: true
+                        properties:
+                          key:
+                            nullable: true
+                            type: string
+                          name:
+                            nullable: true
+                            type: string
+                          optional:
+                            nullable: true
+                            type: boolean
+                        type: object
+                      fieldRef:
+                        nullable: true
+                        properties:
+                          apiVersion:
+                            nullable: true
+                            type: string
+                          fieldPath:
+                            nullable: true
+                            type: string
+                        type: object
+                      resourceFieldRef:
+                        nullable: true
+                        properties:
+                          containerName:
+                            nullable: true
+                            type: string
+                          divisor:
+                            nullable: true
+                            type: string
+                          resource:
+                            nullable: true
+                            type: string
+                        type: object
+                      secretKeyRef:
+                        nullable: true
+                        properties:
+                          key:
+                            nullable: true
+                            type: string
+                          name:
+                            nullable: true
+                            type: string
+                          optional:
+                            nullable: true
+                            type: boolean
+                        type: object
+                    type: object
+                type: object
+              nullable: true
+              type: array
+            agentNamespace:
+              nullable: true
+              type: string
+            clientID:
+              nullable: true
+              type: string
+            kubeConfigSecret:
+              nullable: true
+              type: string
+            paused:
+              type: boolean
+            redeployAgentGeneration:
+              type: integer
+          type: object
+        status:
+          properties:
+            agent:
+              properties:
+                lastSeen:
+                  nullable: true
+                  type: string
+                namespace:
+                  nullable: true
+                  type: string
+                nonReadyNodeNames:
+                  items:
+                    nullable: true
+                    type: string
+                  nullable: true
+                  type: array
+                nonReadyNodes:
+                  type: integer
+                readyNodeNames:
+                  items:
+                    nullable: true
+                    type: string
+                  nullable: true
+                  type: array
+                readyNodes:
+                  type: integer
+              type: object
+            agentDeployedGeneration:
+              nullable: true
+              type: integer
+            agentEnvVarsHash:
+              nullable: true
+              type: string
+            agentMigrated:
+              type: boolean
+            agentNamespaceMigrated:
+              type: boolean
+            cattleNamespaceMigrated:
+              type: boolean
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            desiredReadyGitRepos:
+              type: integer
+            display:
+              properties:
+                readyBundles:
+                  nullable: true
+                  type: string
+                readyNodes:
+                  nullable: true
+                  type: string
+                sampleNode:
+                  nullable: true
+                  type: string
+                state:
+                  nullable: true
+                  type: string
+              type: object
+            namespace:
+              nullable: true
+              type: string
+            readyGitRepos:
+              type: integer
+            resourceCounts:
+              properties:
+                desiredReady:
+                  type: integer
+                missing:
+                  type: integer
+                modified:
+                  type: integer
+                notReady:
+                  type: integer
+                orphaned:
+                  type: integer
+                ready:
+                  type: integer
+                unknown:
+                  type: integer
+                waitApplied:
+                  type: integer
+              type: object
+            summary:
+              properties:
+                desiredReady:
+                  type: integer
+                errApplied:
+                  type: integer
+                modified:
+                  type: integer
+                nonReadyResources:
+                  items:
+                    properties:
+                      bundleState:
+                        nullable: true
+                        type: string
+                      message:
+                        nullable: true
+                        type: string
+                      modifiedStatus:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            delete:
+                              type: boolean
+                            kind:
+                              nullable: true
+                              type: string
+                            missing:
+                              type: boolean
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            patch:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                      name:
+                        nullable: true
+                        type: string
+                      nonReadyStatus:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            kind:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            summary:
+                              properties:
+                                error:
+                                  type: boolean
+                                message:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                state:
+                                  nullable: true
+                                  type: string
+                                transitioning:
+                                  type: boolean
+                              type: object
+                            uid:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  nullable: true
+                  type: array
+                notReady:
+                  type: integer
+                outOfSync:
+                  type: integer
+                pending:
+                  type: integer
+                ready:
+                  type: integer
+                waitApplied:
+                  type: integer
+              type: object
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterregistrationtokens.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.secretName
+    name: Secret-Name
+    type: string
+  group: fleet.cattle.io
+  names:
+    kind: ClusterRegistrationToken
+    plural: clusterregistrationtokens
+    singular: clusterregistrationtoken
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            ttl:
+              nullable: true
+              type: string
+          type: object
+        status:
+          properties:
+            expires:
+              nullable: true
+              type: string
+            secretName:
+              nullable: true
+              type: string
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: gitrepos.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.repo
+    name: Repo
+    type: string
+  - JSONPath: .status.commit
+    name: Commit
+    type: string
+  - JSONPath: .status.display.readyBundleDeployments
+    name: BundleDeployments-Ready
+    type: string
+  - JSONPath: .status.conditions[?(@.type=="Ready")].message
+    name: Status
+    type: string
+  group: fleet.cattle.io
+  names:
+    categories:
+    - fleet
+    kind: GitRepo
+    plural: gitrepos
+    singular: gitrepo
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            branch:
+              nullable: true
+              type: string
+            caBundle:
+              nullable: true
+              type: string
+            clientSecretName:
+              nullable: true
+              type: string
+            forceSyncGeneration:
+              type: integer
+            helmSecretName:
+              nullable: true
+              type: string
+            imageScanCommit:
+              properties:
+                authorEmail:
+                  nullable: true
+                  type: string
+                authorName:
+                  nullable: true
+                  type: string
+                messageTemplate:
+                  nullable: true
+                  type: string
+              type: object
+            imageScanInterval:
+              nullable: true
+              type: string
+            insecureSkipTLSVerify:
+              type: boolean
+            paths:
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+            paused:
+              type: boolean
+            pollingInterval:
+              nullable: true
+              type: string
+            repo:
+              nullable: true
+              type: string
+            revision:
+              nullable: true
+              type: string
+            serviceAccount:
+              nullable: true
+              type: string
+            targetNamespace:
+              nullable: true
+              type: string
+            targets:
+              items:
+                properties:
+                  clusterGroup:
+                    nullable: true
+                    type: string
+                  clusterGroupSelector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                  clusterName:
+                    nullable: true
+                    type: string
+                  clusterSelector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                  name:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+          type: object
+        status:
+          properties:
+            commit:
+              nullable: true
+              type: string
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            desiredReadyClusters:
+              type: integer
+            display:
+              properties:
+                error:
+                  type: boolean
+                message:
+                  nullable: true
+                  type: string
+                readyBundleDeployments:
+                  nullable: true
+                  type: string
+                state:
+                  nullable: true
+                  type: string
+              type: object
+            gitJobStatus:
+              nullable: true
+              type: string
+            lastSyncedImageScanTime:
+              nullable: true
+              type: string
+            observedGeneration:
+              type: integer
+            readyClusters:
+              type: integer
+            resourceCounts:
+              properties:
+                desiredReady:
+                  type: integer
+                missing:
+                  type: integer
+                modified:
+                  type: integer
+                notReady:
+                  type: integer
+                orphaned:
+                  type: integer
+                ready:
+                  type: integer
+                unknown:
+                  type: integer
+                waitApplied:
+                  type: integer
+              type: object
+            resourceErrors:
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+            resources:
+              items:
+                properties:
+                  apiVersion:
+                    nullable: true
+                    type: string
+                  error:
+                    type: boolean
+                  id:
+                    nullable: true
+                    type: string
+                  incompleteState:
+                    type: boolean
+                  kind:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  name:
+                    nullable: true
+                    type: string
+                  namespace:
+                    nullable: true
+                    type: string
+                  perClusterState:
+                    items:
+                      properties:
+                        clusterId:
+                          nullable: true
+                          type: string
+                        error:
+                          type: boolean
+                        message:
+                          nullable: true
+                          type: string
+                        patch:
+                          nullable: true
+                          type: object
+                          x-kubernetes-preserve-unknown-fields: true
+                        state:
+                          nullable: true
+                          type: string
+                        transitioning:
+                          type: boolean
+                      type: object
+                    nullable: true
+                    type: array
+                  state:
+                    nullable: true
+                    type: string
+                  transitioning:
+                    type: boolean
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            summary:
+              properties:
+                desiredReady:
+                  type: integer
+                errApplied:
+                  type: integer
+                modified:
+                  type: integer
+                nonReadyResources:
+                  items:
+                    properties:
+                      bundleState:
+                        nullable: true
+                        type: string
+                      message:
+                        nullable: true
+                        type: string
+                      modifiedStatus:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            delete:
+                              type: boolean
+                            kind:
+                              nullable: true
+                              type: string
+                            missing:
+                              type: boolean
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            patch:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                      name:
+                        nullable: true
+                        type: string
+                      nonReadyStatus:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            kind:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            summary:
+                              properties:
+                                error:
+                                  type: boolean
+                                message:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                state:
+                                  nullable: true
+                                  type: string
+                                transitioning:
+                                  type: boolean
+                              type: object
+                            uid:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  nullable: true
+                  type: array
+                notReady:
+                  type: integer
+                outOfSync:
+                  type: integer
+                pending:
+                  type: integer
+                ready:
+                  type: integer
+                waitApplied:
+                  type: integer
+              type: object
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterregistrations.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.clusterName
+    name: Cluster-Name
+    type: string
+  - JSONPath: .spec.clusterLabels
+    name: Labels
+    type: string
+  group: fleet.cattle.io
+  names:
+    kind: ClusterRegistration
+    plural: clusterregistrations
+    singular: clusterregistration
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            clientID:
+              nullable: true
+              type: string
+            clientRandom:
+              nullable: true
+              type: string
+            clusterLabels:
+              additionalProperties:
+                nullable: true
+                type: string
+              nullable: true
+              type: object
+          type: object
+        status:
+          properties:
+            clusterName:
+              nullable: true
+              type: string
+            granted:
+              type: boolean
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: gitreporestrictions.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .defaultServiceAccount
+    name: Default-ServiceAccount
+    type: string
+  - JSONPath: .allowedServiceAccounts
+    name: Allowed-ServiceAccounts
+    type: string
+  group: fleet.cattle.io
+  names:
+    kind: GitRepoRestriction
+    plural: gitreporestrictions
+    singular: gitreporestriction
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        allowedClientSecretNames:
+          items:
+            nullable: true
+            type: string
+          nullable: true
+          type: array
+        allowedRepoPatterns:
+          items:
+            nullable: true
+            type: string
+          nullable: true
+          type: array
+        allowedServiceAccounts:
+          items:
+            nullable: true
+            type: string
+          nullable: true
+          type: array
+        defaultClientSecretName:
+          nullable: true
+          type: string
+        defaultServiceAccount:
+          nullable: true
+          type: string
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: contents.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: Content
+    plural: contents
+    singular: content
+  preserveUnknownFields: false
+  scope: Cluster
+  validation:
+    openAPIV3Schema:
+      properties:
+        content:
+          nullable: true
+          type: string
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: imagescans.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.image
+    name: Repository
+    type: string
+  - JSONPath: .status.latestTag
+    name: Latest
+    type: string
+  group: fleet.cattle.io
+  names:
+    categories:
+    - fleet
+    kind: ImageScan
+    plural: imagescans
+    singular: imagescan
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            gitrepoName:
+              nullable: true
+              type: string
+            image:
+              nullable: true
+              type: string
+            interval:
+              nullable: true
+              type: string
+            policy:
+              properties:
+                alphabetical:
+                  nullable: true
+                  properties:
+                    order:
+                      nullable: true
+                      type: string
+                  type: object
+                semver:
+                  nullable: true
+                  properties:
+                    range:
+                      nullable: true
+                      type: string
+                  type: object
+              type: object
+            secretRef:
+              nullable: true
+              properties:
+                name:
+                  nullable: true
+                  type: string
+              type: object
+            suspend:
+              type: boolean
+            tagName:
+              nullable: true
+              type: string
+          type: object
+        status:
+          properties:
+            canonicalImageName:
+              nullable: true
+              type: string
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            lastScanTime:
+              nullable: true
+              type: string
+            latestDigest:
+              nullable: true
+              type: string
+            latestImage:
+              nullable: true
+              type: string
+            latestTag:
+              nullable: true
+              type: string
+            observedGeneration:
+              type: integer
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet-crd/100.0.4+up0.3.10-rc1/templates/gitjobs-crds.yaml b/charts/fleet-crd/100.0.4+up0.3.10-rc1/templates/gitjobs-crds.yaml
new file mode 100644
index 000000000..9e22d6a1c
--- /dev/null
+++ b/charts/fleet-crd/100.0.4+up0.3.10-rc1/templates/gitjobs-crds.yaml
@@ -0,0 +1,6882 @@
+{{- if .Capabilities.APIVersions.Has "apiextensions.k8s.io/v1" -}}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gitjobs.gitjob.cattle.io
+spec:
+  group: gitjob.cattle.io
+  names:
+    kind: GitJob
+    plural: gitjobs
+    singular: gitjob
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.git.repo
+      name: REPO
+      type: string
+    - jsonPath: .spec.git.branch
+      name: BRANCH
+      type: string
+    - jsonPath: .status.commit
+      name: COMMIT
+      type: string
+    - jsonPath: .status.jobStatus
+      name: JOBSTATUS
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              forceUpdateGeneration:
+                type: integer
+              git:
+                properties:
+                  branch:
+                    nullable: true
+                    type: string
+                  caBundle:
+                    nullable: true
+                    type: string
+                  clientSecretName:
+                    nullable: true
+                    type: string
+                  insecureSkipTLSVerify:
+                    type: boolean
+                  onTag:
+                    nullable: true
+                    type: string
+                  provider:
+                    nullable: true
+                    type: string
+                  repo:
+                    nullable: true
+                    type: string
+                  revision:
+                    nullable: true
+                    type: string
+                type: object
+              jobSpec:
+                properties:
+                  activeDeadlineSeconds:
+                    nullable: true
+                    type: integer
+                  backoffLimit:
+                    nullable: true
+                    type: integer
+                  completions:
+                    nullable: true
+                    type: integer
+                  manualSelector:
+                    nullable: true
+                    type: boolean
+                  parallelism:
+                    nullable: true
+                    type: integer
+                  selector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                  template:
+                    properties:
+                      metadata:
+                        properties:
+                          annotations:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          clusterName:
+                            nullable: true
+                            type: string
+                          creationTimestamp:
+                            nullable: true
+                            type: string
+                          deletionGracePeriodSeconds:
+                            nullable: true
+                            type: integer
+                          deletionTimestamp:
+                            nullable: true
+                            type: string
+                          finalizers:
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                          generateName:
+                            nullable: true
+                            type: string
+                          generation:
+                            type: integer
+                          labels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          managedFields:
+                            items:
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                fieldsType:
+                                  nullable: true
+                                  type: string
+                                fieldsV1:
+                                  nullable: true
+                                  type: object
+                                manager:
+                                  nullable: true
+                                  type: string
+                                operation:
+                                  nullable: true
+                                  type: string
+                                time:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          name:
+                            nullable: true
+                            type: string
+                          namespace:
+                            nullable: true
+                            type: string
+                          ownerReferences:
+                            items:
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                blockOwnerDeletion:
+                                  nullable: true
+                                  type: boolean
+                                controller:
+                                  nullable: true
+                                  type: boolean
+                                kind:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                uid:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          resourceVersion:
+                            nullable: true
+                            type: string
+                          selfLink:
+                            nullable: true
+                            type: string
+                          uid:
+                            nullable: true
+                            type: string
+                        type: object
+                      spec:
+                        properties:
+                          activeDeadlineSeconds:
+                            nullable: true
+                            type: integer
+                          affinity:
+                            nullable: true
+                            properties:
+                              nodeAffinity:
+                                nullable: true
+                                properties:
+                                  preferredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        preference:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchFields:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        weight:
+                                          type: integer
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  requiredDuringSchedulingIgnoredDuringExecution:
+                                    nullable: true
+                                    properties:
+                                      nodeSelectorTerms:
+                                        items:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchFields:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                type: object
+                              podAffinity:
+                                nullable: true
+                                properties:
+                                  preferredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        podAffinityTerm:
+                                          properties:
+                                            labelSelector:
+                                              nullable: true
+                                              properties:
+                                                matchExpressions:
+                                                  items:
+                                                    properties:
+                                                      key:
+                                                        nullable: true
+                                                        type: string
+                                                      operator:
+                                                        nullable: true
+                                                        type: string
+                                                      values:
+                                                        items:
+                                                          nullable: true
+                                                          type: string
+                                                        nullable: true
+                                                        type: array
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            namespaces:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                            topologyKey:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        weight:
+                                          type: integer
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  requiredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        labelSelector:
+                                          nullable: true
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                          type: object
+                                        namespaces:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        topologyKey:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                              podAntiAffinity:
+                                nullable: true
+                                properties:
+                                  preferredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        podAffinityTerm:
+                                          properties:
+                                            labelSelector:
+                                              nullable: true
+                                              properties:
+                                                matchExpressions:
+                                                  items:
+                                                    properties:
+                                                      key:
+                                                        nullable: true
+                                                        type: string
+                                                      operator:
+                                                        nullable: true
+                                                        type: string
+                                                      values:
+                                                        items:
+                                                          nullable: true
+                                                          type: string
+                                                        nullable: true
+                                                        type: array
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            namespaces:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                            topologyKey:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        weight:
+                                          type: integer
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  requiredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        labelSelector:
+                                          nullable: true
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                          type: object
+                                        namespaces:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        topologyKey:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                            type: object
+                          automountServiceAccountToken:
+                            nullable: true
+                            type: boolean
+                          containers:
+                            items:
+                              properties:
+                                args:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                command:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                env:
+                                  items:
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      value:
+                                        nullable: true
+                                        type: string
+                                      valueFrom:
+                                        nullable: true
+                                        properties:
+                                          configMapKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          fieldRef:
+                                            nullable: true
+                                            properties:
+                                              apiVersion:
+                                                nullable: true
+                                                type: string
+                                              fieldPath:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          resourceFieldRef:
+                                            nullable: true
+                                            properties:
+                                              containerName:
+                                                nullable: true
+                                                type: string
+                                              divisor:
+                                                nullable: true
+                                                type: string
+                                              resource:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          secretKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                envFrom:
+                                  items:
+                                    properties:
+                                      configMapRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                      prefix:
+                                        nullable: true
+                                        type: string
+                                      secretRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                image:
+                                  nullable: true
+                                  type: string
+                                imagePullPolicy:
+                                  nullable: true
+                                  type: string
+                                lifecycle:
+                                  nullable: true
+                                  properties:
+                                    postStart:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                    preStop:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                  type: object
+                                livenessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                name:
+                                  nullable: true
+                                  type: string
+                                ports:
+                                  items:
+                                    properties:
+                                      containerPort:
+                                        type: integer
+                                      hostIP:
+                                        nullable: true
+                                        type: string
+                                      hostPort:
+                                        type: integer
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      protocol:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                readinessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                resources:
+                                  properties:
+                                    limits:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                    requests:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                securityContext:
+                                  nullable: true
+                                  properties:
+                                    allowPrivilegeEscalation:
+                                      nullable: true
+                                      type: boolean
+                                    capabilities:
+                                      nullable: true
+                                      properties:
+                                        add:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        drop:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    privileged:
+                                      nullable: true
+                                      type: boolean
+                                    procMount:
+                                      nullable: true
+                                      type: string
+                                    readOnlyRootFilesystem:
+                                      nullable: true
+                                      type: boolean
+                                    runAsGroup:
+                                      nullable: true
+                                      type: integer
+                                    runAsNonRoot:
+                                      nullable: true
+                                      type: boolean
+                                    runAsUser:
+                                      nullable: true
+                                      type: integer
+                                    seLinuxOptions:
+                                      nullable: true
+                                      properties:
+                                        level:
+                                          nullable: true
+                                          type: string
+                                        role:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                        user:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    seccompProfile:
+                                      nullable: true
+                                      properties:
+                                        localhostProfile:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    windowsOptions:
+                                      nullable: true
+                                      properties:
+                                        gmsaCredentialSpec:
+                                          nullable: true
+                                          type: string
+                                        gmsaCredentialSpecName:
+                                          nullable: true
+                                          type: string
+                                        runAsUserName:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                  type: object
+                                startupProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                stdin:
+                                  type: boolean
+                                stdinOnce:
+                                  type: boolean
+                                terminationMessagePath:
+                                  nullable: true
+                                  type: string
+                                terminationMessagePolicy:
+                                  nullable: true
+                                  type: string
+                                tty:
+                                  type: boolean
+                                volumeDevices:
+                                  items:
+                                    properties:
+                                      devicePath:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                volumeMounts:
+                                  items:
+                                    properties:
+                                      mountPath:
+                                        nullable: true
+                                        type: string
+                                      mountPropagation:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      readOnly:
+                                        type: boolean
+                                      subPath:
+                                        nullable: true
+                                        type: string
+                                      subPathExpr:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                workingDir:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          dnsConfig:
+                            nullable: true
+                            properties:
+                              nameservers:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              options:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              searches:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          dnsPolicy:
+                            nullable: true
+                            type: string
+                          enableServiceLinks:
+                            nullable: true
+                            type: boolean
+                          ephemeralContainers:
+                            items:
+                              properties:
+                                args:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                command:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                env:
+                                  items:
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      value:
+                                        nullable: true
+                                        type: string
+                                      valueFrom:
+                                        nullable: true
+                                        properties:
+                                          configMapKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          fieldRef:
+                                            nullable: true
+                                            properties:
+                                              apiVersion:
+                                                nullable: true
+                                                type: string
+                                              fieldPath:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          resourceFieldRef:
+                                            nullable: true
+                                            properties:
+                                              containerName:
+                                                nullable: true
+                                                type: string
+                                              divisor:
+                                                nullable: true
+                                                type: string
+                                              resource:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          secretKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                envFrom:
+                                  items:
+                                    properties:
+                                      configMapRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                      prefix:
+                                        nullable: true
+                                        type: string
+                                      secretRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                image:
+                                  nullable: true
+                                  type: string
+                                imagePullPolicy:
+                                  nullable: true
+                                  type: string
+                                lifecycle:
+                                  nullable: true
+                                  properties:
+                                    postStart:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                    preStop:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                  type: object
+                                livenessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                name:
+                                  nullable: true
+                                  type: string
+                                ports:
+                                  items:
+                                    properties:
+                                      containerPort:
+                                        type: integer
+                                      hostIP:
+                                        nullable: true
+                                        type: string
+                                      hostPort:
+                                        type: integer
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      protocol:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                readinessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                resources:
+                                  properties:
+                                    limits:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                    requests:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                securityContext:
+                                  nullable: true
+                                  properties:
+                                    allowPrivilegeEscalation:
+                                      nullable: true
+                                      type: boolean
+                                    capabilities:
+                                      nullable: true
+                                      properties:
+                                        add:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        drop:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    privileged:
+                                      nullable: true
+                                      type: boolean
+                                    procMount:
+                                      nullable: true
+                                      type: string
+                                    readOnlyRootFilesystem:
+                                      nullable: true
+                                      type: boolean
+                                    runAsGroup:
+                                      nullable: true
+                                      type: integer
+                                    runAsNonRoot:
+                                      nullable: true
+                                      type: boolean
+                                    runAsUser:
+                                      nullable: true
+                                      type: integer
+                                    seLinuxOptions:
+                                      nullable: true
+                                      properties:
+                                        level:
+                                          nullable: true
+                                          type: string
+                                        role:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                        user:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    seccompProfile:
+                                      nullable: true
+                                      properties:
+                                        localhostProfile:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    windowsOptions:
+                                      nullable: true
+                                      properties:
+                                        gmsaCredentialSpec:
+                                          nullable: true
+                                          type: string
+                                        gmsaCredentialSpecName:
+                                          nullable: true
+                                          type: string
+                                        runAsUserName:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                  type: object
+                                startupProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                stdin:
+                                  type: boolean
+                                stdinOnce:
+                                  type: boolean
+                                targetContainerName:
+                                  nullable: true
+                                  type: string
+                                terminationMessagePath:
+                                  nullable: true
+                                  type: string
+                                terminationMessagePolicy:
+                                  nullable: true
+                                  type: string
+                                tty:
+                                  type: boolean
+                                volumeDevices:
+                                  items:
+                                    properties:
+                                      devicePath:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                volumeMounts:
+                                  items:
+                                    properties:
+                                      mountPath:
+                                        nullable: true
+                                        type: string
+                                      mountPropagation:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      readOnly:
+                                        type: boolean
+                                      subPath:
+                                        nullable: true
+                                        type: string
+                                      subPathExpr:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                workingDir:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          hostAliases:
+                            items:
+                              properties:
+                                hostnames:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                ip:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          hostIPC:
+                            type: boolean
+                          hostNetwork:
+                            type: boolean
+                          hostPID:
+                            type: boolean
+                          hostname:
+                            nullable: true
+                            type: string
+                          imagePullSecrets:
+                            items:
+                              properties:
+                                name:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          initContainers:
+                            items:
+                              properties:
+                                args:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                command:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                env:
+                                  items:
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      value:
+                                        nullable: true
+                                        type: string
+                                      valueFrom:
+                                        nullable: true
+                                        properties:
+                                          configMapKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          fieldRef:
+                                            nullable: true
+                                            properties:
+                                              apiVersion:
+                                                nullable: true
+                                                type: string
+                                              fieldPath:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          resourceFieldRef:
+                                            nullable: true
+                                            properties:
+                                              containerName:
+                                                nullable: true
+                                                type: string
+                                              divisor:
+                                                nullable: true
+                                                type: string
+                                              resource:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          secretKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                envFrom:
+                                  items:
+                                    properties:
+                                      configMapRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                      prefix:
+                                        nullable: true
+                                        type: string
+                                      secretRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                image:
+                                  nullable: true
+                                  type: string
+                                imagePullPolicy:
+                                  nullable: true
+                                  type: string
+                                lifecycle:
+                                  nullable: true
+                                  properties:
+                                    postStart:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                    preStop:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                  type: object
+                                livenessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                name:
+                                  nullable: true
+                                  type: string
+                                ports:
+                                  items:
+                                    properties:
+                                      containerPort:
+                                        type: integer
+                                      hostIP:
+                                        nullable: true
+                                        type: string
+                                      hostPort:
+                                        type: integer
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      protocol:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                readinessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                resources:
+                                  properties:
+                                    limits:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                    requests:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                securityContext:
+                                  nullable: true
+                                  properties:
+                                    allowPrivilegeEscalation:
+                                      nullable: true
+                                      type: boolean
+                                    capabilities:
+                                      nullable: true
+                                      properties:
+                                        add:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        drop:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    privileged:
+                                      nullable: true
+                                      type: boolean
+                                    procMount:
+                                      nullable: true
+                                      type: string
+                                    readOnlyRootFilesystem:
+                                      nullable: true
+                                      type: boolean
+                                    runAsGroup:
+                                      nullable: true
+                                      type: integer
+                                    runAsNonRoot:
+                                      nullable: true
+                                      type: boolean
+                                    runAsUser:
+                                      nullable: true
+                                      type: integer
+                                    seLinuxOptions:
+                                      nullable: true
+                                      properties:
+                                        level:
+                                          nullable: true
+                                          type: string
+                                        role:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                        user:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    seccompProfile:
+                                      nullable: true
+                                      properties:
+                                        localhostProfile:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    windowsOptions:
+                                      nullable: true
+                                      properties:
+                                        gmsaCredentialSpec:
+                                          nullable: true
+                                          type: string
+                                        gmsaCredentialSpecName:
+                                          nullable: true
+                                          type: string
+                                        runAsUserName:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                  type: object
+                                startupProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                stdin:
+                                  type: boolean
+                                stdinOnce:
+                                  type: boolean
+                                terminationMessagePath:
+                                  nullable: true
+                                  type: string
+                                terminationMessagePolicy:
+                                  nullable: true
+                                  type: string
+                                tty:
+                                  type: boolean
+                                volumeDevices:
+                                  items:
+                                    properties:
+                                      devicePath:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                volumeMounts:
+                                  items:
+                                    properties:
+                                      mountPath:
+                                        nullable: true
+                                        type: string
+                                      mountPropagation:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      readOnly:
+                                        type: boolean
+                                      subPath:
+                                        nullable: true
+                                        type: string
+                                      subPathExpr:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                workingDir:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          nodeName:
+                            nullable: true
+                            type: string
+                          nodeSelector:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          overhead:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          preemptionPolicy:
+                            nullable: true
+                            type: string
+                          priority:
+                            nullable: true
+                            type: integer
+                          priorityClassName:
+                            nullable: true
+                            type: string
+                          readinessGates:
+                            items:
+                              properties:
+                                conditionType:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          restartPolicy:
+                            nullable: true
+                            type: string
+                          runtimeClassName:
+                            nullable: true
+                            type: string
+                          schedulerName:
+                            nullable: true
+                            type: string
+                          securityContext:
+                            nullable: true
+                            properties:
+                              fsGroup:
+                                nullable: true
+                                type: integer
+                              fsGroupChangePolicy:
+                                nullable: true
+                                type: string
+                              runAsGroup:
+                                nullable: true
+                                type: integer
+                              runAsNonRoot:
+                                nullable: true
+                                type: boolean
+                              runAsUser:
+                                nullable: true
+                                type: integer
+                              seLinuxOptions:
+                                nullable: true
+                                properties:
+                                  level:
+                                    nullable: true
+                                    type: string
+                                  role:
+                                    nullable: true
+                                    type: string
+                                  type:
+                                    nullable: true
+                                    type: string
+                                  user:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              seccompProfile:
+                                nullable: true
+                                properties:
+                                  localhostProfile:
+                                    nullable: true
+                                    type: string
+                                  type:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              supplementalGroups:
+                                items:
+                                  type: integer
+                                nullable: true
+                                type: array
+                              sysctls:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              windowsOptions:
+                                nullable: true
+                                properties:
+                                  gmsaCredentialSpec:
+                                    nullable: true
+                                    type: string
+                                  gmsaCredentialSpecName:
+                                    nullable: true
+                                    type: string
+                                  runAsUserName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                            type: object
+                          serviceAccount:
+                            nullable: true
+                            type: string
+                          serviceAccountName:
+                            nullable: true
+                            type: string
+                          setHostnameAsFQDN:
+                            nullable: true
+                            type: boolean
+                          shareProcessNamespace:
+                            nullable: true
+                            type: boolean
+                          subdomain:
+                            nullable: true
+                            type: string
+                          terminationGracePeriodSeconds:
+                            nullable: true
+                            type: integer
+                          tolerations:
+                            items:
+                              properties:
+                                effect:
+                                  nullable: true
+                                  type: string
+                                key:
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  nullable: true
+                                  type: string
+                                tolerationSeconds:
+                                  nullable: true
+                                  type: integer
+                                value:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          topologySpreadConstraints:
+                            items:
+                              properties:
+                                labelSelector:
+                                  nullable: true
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            nullable: true
+                                            type: string
+                                          operator:
+                                            nullable: true
+                                            type: string
+                                          values:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                maxSkew:
+                                  type: integer
+                                topologyKey:
+                                  nullable: true
+                                  type: string
+                                whenUnsatisfiable:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          volumes:
+                            items:
+                              properties:
+                                awsElasticBlockStore:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    partition:
+                                      type: integer
+                                    readOnly:
+                                      type: boolean
+                                    volumeID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                azureDisk:
+                                  nullable: true
+                                  properties:
+                                    cachingMode:
+                                      nullable: true
+                                      type: string
+                                    diskName:
+                                      nullable: true
+                                      type: string
+                                    diskURI:
+                                      nullable: true
+                                      type: string
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    kind:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      nullable: true
+                                      type: boolean
+                                  type: object
+                                azureFile:
+                                  nullable: true
+                                  properties:
+                                    readOnly:
+                                      type: boolean
+                                    secretName:
+                                      nullable: true
+                                      type: string
+                                    shareName:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                cephfs:
+                                  nullable: true
+                                  properties:
+                                    monitors:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretFile:
+                                      nullable: true
+                                      type: string
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    user:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                cinder:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    volumeID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                configMap:
+                                  nullable: true
+                                  properties:
+                                    defaultMode:
+                                      nullable: true
+                                      type: integer
+                                    items:
+                                      items:
+                                        properties:
+                                          key:
+                                            nullable: true
+                                            type: string
+                                          mode:
+                                            nullable: true
+                                            type: integer
+                                          path:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    optional:
+                                      nullable: true
+                                      type: boolean
+                                  type: object
+                                csi:
+                                  nullable: true
+                                  properties:
+                                    driver:
+                                      nullable: true
+                                      type: string
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    nodePublishSecretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    readOnly:
+                                      nullable: true
+                                      type: boolean
+                                    volumeAttributes:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                downwardAPI:
+                                  nullable: true
+                                  properties:
+                                    defaultMode:
+                                      nullable: true
+                                      type: integer
+                                    items:
+                                      items:
+                                        properties:
+                                          fieldRef:
+                                            nullable: true
+                                            properties:
+                                              apiVersion:
+                                                nullable: true
+                                                type: string
+                                              fieldPath:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          mode:
+                                            nullable: true
+                                            type: integer
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          resourceFieldRef:
+                                            nullable: true
+                                            properties:
+                                              containerName:
+                                                nullable: true
+                                                type: string
+                                              divisor:
+                                                nullable: true
+                                                type: string
+                                              resource:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                  type: object
+                                emptyDir:
+                                  nullable: true
+                                  properties:
+                                    medium:
+                                      nullable: true
+                                      type: string
+                                    sizeLimit:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                ephemeral:
+                                  nullable: true
+                                  properties:
+                                    readOnly:
+                                      type: boolean
+                                    volumeClaimTemplate:
+                                      nullable: true
+                                      properties:
+                                        metadata:
+                                          properties:
+                                            annotations:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                            clusterName:
+                                              nullable: true
+                                              type: string
+                                            creationTimestamp:
+                                              nullable: true
+                                              type: string
+                                            deletionGracePeriodSeconds:
+                                              nullable: true
+                                              type: integer
+                                            deletionTimestamp:
+                                              nullable: true
+                                              type: string
+                                            finalizers:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                            generateName:
+                                              nullable: true
+                                              type: string
+                                            generation:
+                                              type: integer
+                                            labels:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                            managedFields:
+                                              items:
+                                                properties:
+                                                  apiVersion:
+                                                    nullable: true
+                                                    type: string
+                                                  fieldsType:
+                                                    nullable: true
+                                                    type: string
+                                                  fieldsV1:
+                                                    nullable: true
+                                                    type: object
+                                                  manager:
+                                                    nullable: true
+                                                    type: string
+                                                  operation:
+                                                    nullable: true
+                                                    type: string
+                                                  time:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            namespace:
+                                              nullable: true
+                                              type: string
+                                            ownerReferences:
+                                              items:
+                                                properties:
+                                                  apiVersion:
+                                                    nullable: true
+                                                    type: string
+                                                  blockOwnerDeletion:
+                                                    nullable: true
+                                                    type: boolean
+                                                  controller:
+                                                    nullable: true
+                                                    type: boolean
+                                                  kind:
+                                                    nullable: true
+                                                    type: string
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  uid:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            resourceVersion:
+                                              nullable: true
+                                              type: string
+                                            selfLink:
+                                              nullable: true
+                                              type: string
+                                            uid:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        spec:
+                                          properties:
+                                            accessModes:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                            dataSource:
+                                              nullable: true
+                                              properties:
+                                                apiGroup:
+                                                  nullable: true
+                                                  type: string
+                                                kind:
+                                                  nullable: true
+                                                  type: string
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            resources:
+                                              properties:
+                                                limits:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                                requests:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            selector:
+                                              nullable: true
+                                              properties:
+                                                matchExpressions:
+                                                  items:
+                                                    properties:
+                                                      key:
+                                                        nullable: true
+                                                        type: string
+                                                      operator:
+                                                        nullable: true
+                                                        type: string
+                                                      values:
+                                                        items:
+                                                          nullable: true
+                                                          type: string
+                                                        nullable: true
+                                                        type: array
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            storageClassName:
+                                              nullable: true
+                                              type: string
+                                            volumeMode:
+                                              nullable: true
+                                              type: string
+                                            volumeName:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                  type: object
+                                fc:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    lun:
+                                      nullable: true
+                                      type: integer
+                                    readOnly:
+                                      type: boolean
+                                    targetWWNs:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    wwids:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                  type: object
+                                flexVolume:
+                                  nullable: true
+                                  properties:
+                                    driver:
+                                      nullable: true
+                                      type: string
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    options:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                  type: object
+                                flocker:
+                                  nullable: true
+                                  properties:
+                                    datasetName:
+                                      nullable: true
+                                      type: string
+                                    datasetUUID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                gcePersistentDisk:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    partition:
+                                      type: integer
+                                    pdName:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                  type: object
+                                gitRepo:
+                                  nullable: true
+                                  properties:
+                                    directory:
+                                      nullable: true
+                                      type: string
+                                    repository:
+                                      nullable: true
+                                      type: string
+                                    revision:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                glusterfs:
+                                  nullable: true
+                                  properties:
+                                    endpoints:
+                                      nullable: true
+                                      type: string
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                  type: object
+                                hostPath:
+                                  nullable: true
+                                  properties:
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    type:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                iscsi:
+                                  nullable: true
+                                  properties:
+                                    chapAuthDiscovery:
+                                      type: boolean
+                                    chapAuthSession:
+                                      type: boolean
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    initiatorName:
+                                      nullable: true
+                                      type: string
+                                    iqn:
+                                      nullable: true
+                                      type: string
+                                    iscsiInterface:
+                                      nullable: true
+                                      type: string
+                                    lun:
+                                      type: integer
+                                    portals:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    targetPortal:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                name:
+                                  nullable: true
+                                  type: string
+                                nfs:
+                                  nullable: true
+                                  properties:
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    server:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                persistentVolumeClaim:
+                                  nullable: true
+                                  properties:
+                                    claimName:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                  type: object
+                                photonPersistentDisk:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    pdID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                portworxVolume:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    volumeID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                projected:
+                                  nullable: true
+                                  properties:
+                                    defaultMode:
+                                      nullable: true
+                                      type: integer
+                                    sources:
+                                      items:
+                                        properties:
+                                          configMap:
+                                            nullable: true
+                                            properties:
+                                              items:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    mode:
+                                                      nullable: true
+                                                      type: integer
+                                                    path:
+                                                      nullable: true
+                                                      type: string
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          downwardAPI:
+                                            nullable: true
+                                            properties:
+                                              items:
+                                                items:
+                                                  properties:
+                                                    fieldRef:
+                                                      nullable: true
+                                                      properties:
+                                                        apiVersion:
+                                                          nullable: true
+                                                          type: string
+                                                        fieldPath:
+                                                          nullable: true
+                                                          type: string
+                                                      type: object
+                                                    mode:
+                                                      nullable: true
+                                                      type: integer
+                                                    path:
+                                                      nullable: true
+                                                      type: string
+                                                    resourceFieldRef:
+                                                      nullable: true
+                                                      properties:
+                                                        containerName:
+                                                          nullable: true
+                                                          type: string
+                                                        divisor:
+                                                          nullable: true
+                                                          type: string
+                                                        resource:
+                                                          nullable: true
+                                                          type: string
+                                                      type: object
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                            type: object
+                                          secret:
+                                            nullable: true
+                                            properties:
+                                              items:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    mode:
+                                                      nullable: true
+                                                      type: integer
+                                                    path:
+                                                      nullable: true
+                                                      type: string
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          serviceAccountToken:
+                                            nullable: true
+                                            properties:
+                                              audience:
+                                                nullable: true
+                                                type: string
+                                              expirationSeconds:
+                                                nullable: true
+                                                type: integer
+                                              path:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                  type: object
+                                quobyte:
+                                  nullable: true
+                                  properties:
+                                    group:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    registry:
+                                      nullable: true
+                                      type: string
+                                    tenant:
+                                      nullable: true
+                                      type: string
+                                    user:
+                                      nullable: true
+                                      type: string
+                                    volume:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                rbd:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    image:
+                                      nullable: true
+                                      type: string
+                                    keyring:
+                                      nullable: true
+                                      type: string
+                                    monitors:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    pool:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    user:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                scaleIO:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    gateway:
+                                      nullable: true
+                                      type: string
+                                    protectionDomain:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    sslEnabled:
+                                      type: boolean
+                                    storageMode:
+                                      nullable: true
+                                      type: string
+                                    storagePool:
+                                      nullable: true
+                                      type: string
+                                    system:
+                                      nullable: true
+                                      type: string
+                                    volumeName:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                secret:
+                                  nullable: true
+                                  properties:
+                                    defaultMode:
+                                      nullable: true
+                                      type: integer
+                                    items:
+                                      items:
+                                        properties:
+                                          key:
+                                            nullable: true
+                                            type: string
+                                          mode:
+                                            nullable: true
+                                            type: integer
+                                          path:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    optional:
+                                      nullable: true
+                                      type: boolean
+                                    secretName:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                storageos:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    volumeName:
+                                      nullable: true
+                                      type: string
+                                    volumeNamespace:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                vsphereVolume:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    storagePolicyID:
+                                      nullable: true
+                                      type: string
+                                    storagePolicyName:
+                                      nullable: true
+                                      type: string
+                                    volumePath:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                    type: object
+                  ttlSecondsAfterFinished:
+                    nullable: true
+                    type: integer
+                type: object
+              syncInterval:
+                type: integer
+            type: object
+          status:
+            properties:
+              commit:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              event:
+                nullable: true
+                type: string
+              hookId:
+                nullable: true
+                type: string
+              jobStatus:
+                nullable: true
+                type: string
+              lastExecutedCommit:
+                nullable: true
+                type: string
+              lastSyncedTime:
+                nullable: true
+                type: string
+              observedGeneration:
+                type: integer
+              secretToken:
+                nullable: true
+                type: string
+              updateGeneration:
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+{{- else -}}
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: gitjobs.gitjob.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.git.repo
+    name: REPO
+    type: string
+  - JSONPath: .spec.git.branch
+    name: BRANCH
+    type: string
+  - JSONPath: .status.commit
+    name: COMMIT
+    type: string
+  - JSONPath: .status.jobStatus
+    name: JOBSTATUS
+    type: string
+  - JSONPath: .metadata.creationTimestamp
+    name: Age
+    type: date
+  group: gitjob.cattle.io
+  names:
+    kind: GitJob
+    plural: gitjobs
+    singular: gitjob
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            forceUpdateGeneration:
+              type: integer
+            git:
+              properties:
+                branch:
+                  nullable: true
+                  type: string
+                caBundle:
+                  nullable: true
+                  type: string
+                clientSecretName:
+                  nullable: true
+                  type: string
+                insecureSkipTLSVerify:
+                  type: boolean
+                onTag:
+                  nullable: true
+                  type: string
+                provider:
+                  nullable: true
+                  type: string
+                repo:
+                  nullable: true
+                  type: string
+                revision:
+                  nullable: true
+                  type: string
+              type: object
+            jobSpec:
+              properties:
+                activeDeadlineSeconds:
+                  nullable: true
+                  type: integer
+                backoffLimit:
+                  nullable: true
+                  type: integer
+                completions:
+                  nullable: true
+                  type: integer
+                manualSelector:
+                  nullable: true
+                  type: boolean
+                parallelism:
+                  nullable: true
+                  type: integer
+                selector:
+                  nullable: true
+                  properties:
+                    matchExpressions:
+                      items:
+                        properties:
+                          key:
+                            nullable: true
+                            type: string
+                          operator:
+                            nullable: true
+                            type: string
+                          values:
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: object
+                  type: object
+                template:
+                  properties:
+                    metadata:
+                      properties:
+                        annotations:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                        clusterName:
+                          nullable: true
+                          type: string
+                        creationTimestamp:
+                          nullable: true
+                          type: string
+                        deletionGracePeriodSeconds:
+                          nullable: true
+                          type: integer
+                        deletionTimestamp:
+                          nullable: true
+                          type: string
+                        finalizers:
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                        generateName:
+                          nullable: true
+                          type: string
+                        generation:
+                          type: integer
+                        labels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                        managedFields:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              fieldsType:
+                                nullable: true
+                                type: string
+                              fieldsV1:
+                                nullable: true
+                                type: object
+                              manager:
+                                nullable: true
+                                type: string
+                              operation:
+                                nullable: true
+                                type: string
+                              time:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        name:
+                          nullable: true
+                          type: string
+                        namespace:
+                          nullable: true
+                          type: string
+                        ownerReferences:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              blockOwnerDeletion:
+                                nullable: true
+                                type: boolean
+                              controller:
+                                nullable: true
+                                type: boolean
+                              kind:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              uid:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        resourceVersion:
+                          nullable: true
+                          type: string
+                        selfLink:
+                          nullable: true
+                          type: string
+                        uid:
+                          nullable: true
+                          type: string
+                      type: object
+                    spec:
+                      properties:
+                        activeDeadlineSeconds:
+                          nullable: true
+                          type: integer
+                        affinity:
+                          nullable: true
+                          properties:
+                            nodeAffinity:
+                              nullable: true
+                              properties:
+                                preferredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      preference:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchFields:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      weight:
+                                        type: integer
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                requiredDuringSchedulingIgnoredDuringExecution:
+                                  nullable: true
+                                  properties:
+                                    nodeSelectorTerms:
+                                      items:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchFields:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                  type: object
+                              type: object
+                            podAffinity:
+                              nullable: true
+                              properties:
+                                preferredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      podAffinityTerm:
+                                        properties:
+                                          labelSelector:
+                                            nullable: true
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    operator:
+                                                      nullable: true
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        nullable: true
+                                                        type: string
+                                                      nullable: true
+                                                      type: array
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          namespaces:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          topologyKey:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      weight:
+                                        type: integer
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                requiredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      labelSelector:
+                                        nullable: true
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                        type: object
+                                      namespaces:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      topologyKey:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                              type: object
+                            podAntiAffinity:
+                              nullable: true
+                              properties:
+                                preferredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      podAffinityTerm:
+                                        properties:
+                                          labelSelector:
+                                            nullable: true
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    operator:
+                                                      nullable: true
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        nullable: true
+                                                        type: string
+                                                      nullable: true
+                                                      type: array
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          namespaces:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          topologyKey:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      weight:
+                                        type: integer
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                requiredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      labelSelector:
+                                        nullable: true
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                        type: object
+                                      namespaces:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      topologyKey:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                              type: object
+                          type: object
+                        automountServiceAccountToken:
+                          nullable: true
+                          type: boolean
+                        containers:
+                          items:
+                            properties:
+                              args:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              command:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              env:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                    valueFrom:
+                                      nullable: true
+                                      properties:
+                                        configMapKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        fieldRef:
+                                          nullable: true
+                                          properties:
+                                            apiVersion:
+                                              nullable: true
+                                              type: string
+                                            fieldPath:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        resourceFieldRef:
+                                          nullable: true
+                                          properties:
+                                            containerName:
+                                              nullable: true
+                                              type: string
+                                            divisor:
+                                              nullable: true
+                                              type: string
+                                            resource:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        secretKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              envFrom:
+                                items:
+                                  properties:
+                                    configMapRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                    prefix:
+                                      nullable: true
+                                      type: string
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              image:
+                                nullable: true
+                                type: string
+                              imagePullPolicy:
+                                nullable: true
+                                type: string
+                              lifecycle:
+                                nullable: true
+                                properties:
+                                  postStart:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                    type: object
+                                  preStop:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                    type: object
+                                type: object
+                              livenessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              name:
+                                nullable: true
+                                type: string
+                              ports:
+                                items:
+                                  properties:
+                                    containerPort:
+                                      type: integer
+                                    hostIP:
+                                      nullable: true
+                                      type: string
+                                    hostPort:
+                                      type: integer
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    protocol:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              readinessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              resources:
+                                properties:
+                                  limits:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                  requests:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              securityContext:
+                                nullable: true
+                                properties:
+                                  allowPrivilegeEscalation:
+                                    nullable: true
+                                    type: boolean
+                                  capabilities:
+                                    nullable: true
+                                    properties:
+                                      add:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      drop:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  privileged:
+                                    nullable: true
+                                    type: boolean
+                                  procMount:
+                                    nullable: true
+                                    type: string
+                                  readOnlyRootFilesystem:
+                                    nullable: true
+                                    type: boolean
+                                  runAsGroup:
+                                    nullable: true
+                                    type: integer
+                                  runAsNonRoot:
+                                    nullable: true
+                                    type: boolean
+                                  runAsUser:
+                                    nullable: true
+                                    type: integer
+                                  seLinuxOptions:
+                                    nullable: true
+                                    properties:
+                                      level:
+                                        nullable: true
+                                        type: string
+                                      role:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                      user:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  seccompProfile:
+                                    nullable: true
+                                    properties:
+                                      localhostProfile:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  windowsOptions:
+                                    nullable: true
+                                    properties:
+                                      gmsaCredentialSpec:
+                                        nullable: true
+                                        type: string
+                                      gmsaCredentialSpecName:
+                                        nullable: true
+                                        type: string
+                                      runAsUserName:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                type: object
+                              startupProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              stdin:
+                                type: boolean
+                              stdinOnce:
+                                type: boolean
+                              terminationMessagePath:
+                                nullable: true
+                                type: string
+                              terminationMessagePolicy:
+                                nullable: true
+                                type: string
+                              tty:
+                                type: boolean
+                              volumeDevices:
+                                items:
+                                  properties:
+                                    devicePath:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              volumeMounts:
+                                items:
+                                  properties:
+                                    mountPath:
+                                      nullable: true
+                                      type: string
+                                    mountPropagation:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    subPath:
+                                      nullable: true
+                                      type: string
+                                    subPathExpr:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              workingDir:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        dnsConfig:
+                          nullable: true
+                          properties:
+                            nameservers:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                            options:
+                              items:
+                                properties:
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  value:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                            searches:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        dnsPolicy:
+                          nullable: true
+                          type: string
+                        enableServiceLinks:
+                          nullable: true
+                          type: boolean
+                        ephemeralContainers:
+                          items:
+                            properties:
+                              args:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              command:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              env:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                    valueFrom:
+                                      nullable: true
+                                      properties:
+                                        configMapKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        fieldRef:
+                                          nullable: true
+                                          properties:
+                                            apiVersion:
+                                              nullable: true
+                                              type: string
+                                            fieldPath:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        resourceFieldRef:
+                                          nullable: true
+                                          properties:
+                                            containerName:
+                                              nullable: true
+                                              type: string
+                                            divisor:
+                                              nullable: true
+                                              type: string
+                                            resource:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        secretKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              envFrom:
+                                items:
+                                  properties:
+                                    configMapRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                    prefix:
+                                      nullable: true
+                                      type: string
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              image:
+                                nullable: true
+                                type: string
+                              imagePullPolicy:
+                                nullable: true
+                                type: string
+                              lifecycle:
+                                nullable: true
+                                properties:
+                                  postStart:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                    type: object
+                                  preStop:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                    type: object
+                                type: object
+                              livenessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              name:
+                                nullable: true
+                                type: string
+                              ports:
+                                items:
+                                  properties:
+                                    containerPort:
+                                      type: integer
+                                    hostIP:
+                                      nullable: true
+                                      type: string
+                                    hostPort:
+                                      type: integer
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    protocol:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              readinessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              resources:
+                                properties:
+                                  limits:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                  requests:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              securityContext:
+                                nullable: true
+                                properties:
+                                  allowPrivilegeEscalation:
+                                    nullable: true
+                                    type: boolean
+                                  capabilities:
+                                    nullable: true
+                                    properties:
+                                      add:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      drop:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  privileged:
+                                    nullable: true
+                                    type: boolean
+                                  procMount:
+                                    nullable: true
+                                    type: string
+                                  readOnlyRootFilesystem:
+                                    nullable: true
+                                    type: boolean
+                                  runAsGroup:
+                                    nullable: true
+                                    type: integer
+                                  runAsNonRoot:
+                                    nullable: true
+                                    type: boolean
+                                  runAsUser:
+                                    nullable: true
+                                    type: integer
+                                  seLinuxOptions:
+                                    nullable: true
+                                    properties:
+                                      level:
+                                        nullable: true
+                                        type: string
+                                      role:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                      user:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  seccompProfile:
+                                    nullable: true
+                                    properties:
+                                      localhostProfile:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  windowsOptions:
+                                    nullable: true
+                                    properties:
+                                      gmsaCredentialSpec:
+                                        nullable: true
+                                        type: string
+                                      gmsaCredentialSpecName:
+                                        nullable: true
+                                        type: string
+                                      runAsUserName:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                type: object
+                              startupProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              stdin:
+                                type: boolean
+                              stdinOnce:
+                                type: boolean
+                              targetContainerName:
+                                nullable: true
+                                type: string
+                              terminationMessagePath:
+                                nullable: true
+                                type: string
+                              terminationMessagePolicy:
+                                nullable: true
+                                type: string
+                              tty:
+                                type: boolean
+                              volumeDevices:
+                                items:
+                                  properties:
+                                    devicePath:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              volumeMounts:
+                                items:
+                                  properties:
+                                    mountPath:
+                                      nullable: true
+                                      type: string
+                                    mountPropagation:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    subPath:
+                                      nullable: true
+                                      type: string
+                                    subPathExpr:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              workingDir:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        hostAliases:
+                          items:
+                            properties:
+                              hostnames:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              ip:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        hostIPC:
+                          type: boolean
+                        hostNetwork:
+                          type: boolean
+                        hostPID:
+                          type: boolean
+                        hostname:
+                          nullable: true
+                          type: string
+                        imagePullSecrets:
+                          items:
+                            properties:
+                              name:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        initContainers:
+                          items:
+                            properties:
+                              args:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              command:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              env:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                    valueFrom:
+                                      nullable: true
+                                      properties:
+                                        configMapKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        fieldRef:
+                                          nullable: true
+                                          properties:
+                                            apiVersion:
+                                              nullable: true
+                                              type: string
+                                            fieldPath:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        resourceFieldRef:
+                                          nullable: true
+                                          properties:
+                                            containerName:
+                                              nullable: true
+                                              type: string
+                                            divisor:
+                                              nullable: true
+                                              type: string
+                                            resource:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        secretKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              envFrom:
+                                items:
+                                  properties:
+                                    configMapRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                    prefix:
+                                      nullable: true
+                                      type: string
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              image:
+                                nullable: true
+                                type: string
+                              imagePullPolicy:
+                                nullable: true
+                                type: string
+                              lifecycle:
+                                nullable: true
+                                properties:
+                                  postStart:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                    type: object
+                                  preStop:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                    type: object
+                                type: object
+                              livenessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              name:
+                                nullable: true
+                                type: string
+                              ports:
+                                items:
+                                  properties:
+                                    containerPort:
+                                      type: integer
+                                    hostIP:
+                                      nullable: true
+                                      type: string
+                                    hostPort:
+                                      type: integer
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    protocol:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              readinessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              resources:
+                                properties:
+                                  limits:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                  requests:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              securityContext:
+                                nullable: true
+                                properties:
+                                  allowPrivilegeEscalation:
+                                    nullable: true
+                                    type: boolean
+                                  capabilities:
+                                    nullable: true
+                                    properties:
+                                      add:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      drop:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  privileged:
+                                    nullable: true
+                                    type: boolean
+                                  procMount:
+                                    nullable: true
+                                    type: string
+                                  readOnlyRootFilesystem:
+                                    nullable: true
+                                    type: boolean
+                                  runAsGroup:
+                                    nullable: true
+                                    type: integer
+                                  runAsNonRoot:
+                                    nullable: true
+                                    type: boolean
+                                  runAsUser:
+                                    nullable: true
+                                    type: integer
+                                  seLinuxOptions:
+                                    nullable: true
+                                    properties:
+                                      level:
+                                        nullable: true
+                                        type: string
+                                      role:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                      user:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  seccompProfile:
+                                    nullable: true
+                                    properties:
+                                      localhostProfile:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  windowsOptions:
+                                    nullable: true
+                                    properties:
+                                      gmsaCredentialSpec:
+                                        nullable: true
+                                        type: string
+                                      gmsaCredentialSpecName:
+                                        nullable: true
+                                        type: string
+                                      runAsUserName:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                type: object
+                              startupProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              stdin:
+                                type: boolean
+                              stdinOnce:
+                                type: boolean
+                              terminationMessagePath:
+                                nullable: true
+                                type: string
+                              terminationMessagePolicy:
+                                nullable: true
+                                type: string
+                              tty:
+                                type: boolean
+                              volumeDevices:
+                                items:
+                                  properties:
+                                    devicePath:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              volumeMounts:
+                                items:
+                                  properties:
+                                    mountPath:
+                                      nullable: true
+                                      type: string
+                                    mountPropagation:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    subPath:
+                                      nullable: true
+                                      type: string
+                                    subPathExpr:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              workingDir:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        nodeName:
+                          nullable: true
+                          type: string
+                        nodeSelector:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                        overhead:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                        preemptionPolicy:
+                          nullable: true
+                          type: string
+                        priority:
+                          nullable: true
+                          type: integer
+                        priorityClassName:
+                          nullable: true
+                          type: string
+                        readinessGates:
+                          items:
+                            properties:
+                              conditionType:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        restartPolicy:
+                          nullable: true
+                          type: string
+                        runtimeClassName:
+                          nullable: true
+                          type: string
+                        schedulerName:
+                          nullable: true
+                          type: string
+                        securityContext:
+                          nullable: true
+                          properties:
+                            fsGroup:
+                              nullable: true
+                              type: integer
+                            fsGroupChangePolicy:
+                              nullable: true
+                              type: string
+                            runAsGroup:
+                              nullable: true
+                              type: integer
+                            runAsNonRoot:
+                              nullable: true
+                              type: boolean
+                            runAsUser:
+                              nullable: true
+                              type: integer
+                            seLinuxOptions:
+                              nullable: true
+                              properties:
+                                level:
+                                  nullable: true
+                                  type: string
+                                role:
+                                  nullable: true
+                                  type: string
+                                type:
+                                  nullable: true
+                                  type: string
+                                user:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              nullable: true
+                              properties:
+                                localhostProfile:
+                                  nullable: true
+                                  type: string
+                                type:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            supplementalGroups:
+                              items:
+                                type: integer
+                              nullable: true
+                              type: array
+                            sysctls:
+                              items:
+                                properties:
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  value:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                            windowsOptions:
+                              nullable: true
+                              properties:
+                                gmsaCredentialSpec:
+                                  nullable: true
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  nullable: true
+                                  type: string
+                                runAsUserName:
+                                  nullable: true
+                                  type: string
+                              type: object
+                          type: object
+                        serviceAccount:
+                          nullable: true
+                          type: string
+                        serviceAccountName:
+                          nullable: true
+                          type: string
+                        setHostnameAsFQDN:
+                          nullable: true
+                          type: boolean
+                        shareProcessNamespace:
+                          nullable: true
+                          type: boolean
+                        subdomain:
+                          nullable: true
+                          type: string
+                        terminationGracePeriodSeconds:
+                          nullable: true
+                          type: integer
+                        tolerations:
+                          items:
+                            properties:
+                              effect:
+                                nullable: true
+                                type: string
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              tolerationSeconds:
+                                nullable: true
+                                type: integer
+                              value:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        topologySpreadConstraints:
+                          items:
+                            properties:
+                              labelSelector:
+                                nullable: true
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              maxSkew:
+                                type: integer
+                              topologyKey:
+                                nullable: true
+                                type: string
+                              whenUnsatisfiable:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        volumes:
+                          items:
+                            properties:
+                              awsElasticBlockStore:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  partition:
+                                    type: integer
+                                  readOnly:
+                                    type: boolean
+                                  volumeID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              azureDisk:
+                                nullable: true
+                                properties:
+                                  cachingMode:
+                                    nullable: true
+                                    type: string
+                                  diskName:
+                                    nullable: true
+                                    type: string
+                                  diskURI:
+                                    nullable: true
+                                    type: string
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  kind:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    nullable: true
+                                    type: boolean
+                                type: object
+                              azureFile:
+                                nullable: true
+                                properties:
+                                  readOnly:
+                                    type: boolean
+                                  secretName:
+                                    nullable: true
+                                    type: string
+                                  shareName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              cephfs:
+                                nullable: true
+                                properties:
+                                  monitors:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretFile:
+                                    nullable: true
+                                    type: string
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  user:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              cinder:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  volumeID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              configMap:
+                                nullable: true
+                                properties:
+                                  defaultMode:
+                                    nullable: true
+                                    type: integer
+                                  items:
+                                    items:
+                                      properties:
+                                        key:
+                                          nullable: true
+                                          type: string
+                                        mode:
+                                          nullable: true
+                                          type: integer
+                                        path:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  optional:
+                                    nullable: true
+                                    type: boolean
+                                type: object
+                              csi:
+                                nullable: true
+                                properties:
+                                  driver:
+                                    nullable: true
+                                    type: string
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  nodePublishSecretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  readOnly:
+                                    nullable: true
+                                    type: boolean
+                                  volumeAttributes:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              downwardAPI:
+                                nullable: true
+                                properties:
+                                  defaultMode:
+                                    nullable: true
+                                    type: integer
+                                  items:
+                                    items:
+                                      properties:
+                                        fieldRef:
+                                          nullable: true
+                                          properties:
+                                            apiVersion:
+                                              nullable: true
+                                              type: string
+                                            fieldPath:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        mode:
+                                          nullable: true
+                                          type: integer
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        resourceFieldRef:
+                                          nullable: true
+                                          properties:
+                                            containerName:
+                                              nullable: true
+                                              type: string
+                                            divisor:
+                                              nullable: true
+                                              type: string
+                                            resource:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                              emptyDir:
+                                nullable: true
+                                properties:
+                                  medium:
+                                    nullable: true
+                                    type: string
+                                  sizeLimit:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              ephemeral:
+                                nullable: true
+                                properties:
+                                  readOnly:
+                                    type: boolean
+                                  volumeClaimTemplate:
+                                    nullable: true
+                                    properties:
+                                      metadata:
+                                        properties:
+                                          annotations:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                          clusterName:
+                                            nullable: true
+                                            type: string
+                                          creationTimestamp:
+                                            nullable: true
+                                            type: string
+                                          deletionGracePeriodSeconds:
+                                            nullable: true
+                                            type: integer
+                                          deletionTimestamp:
+                                            nullable: true
+                                            type: string
+                                          finalizers:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          generateName:
+                                            nullable: true
+                                            type: string
+                                          generation:
+                                            type: integer
+                                          labels:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                          managedFields:
+                                            items:
+                                              properties:
+                                                apiVersion:
+                                                  nullable: true
+                                                  type: string
+                                                fieldsType:
+                                                  nullable: true
+                                                  type: string
+                                                fieldsV1:
+                                                  nullable: true
+                                                  type: object
+                                                manager:
+                                                  nullable: true
+                                                  type: string
+                                                operation:
+                                                  nullable: true
+                                                  type: string
+                                                time:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          namespace:
+                                            nullable: true
+                                            type: string
+                                          ownerReferences:
+                                            items:
+                                              properties:
+                                                apiVersion:
+                                                  nullable: true
+                                                  type: string
+                                                blockOwnerDeletion:
+                                                  nullable: true
+                                                  type: boolean
+                                                controller:
+                                                  nullable: true
+                                                  type: boolean
+                                                kind:
+                                                  nullable: true
+                                                  type: string
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                uid:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          resourceVersion:
+                                            nullable: true
+                                            type: string
+                                          selfLink:
+                                            nullable: true
+                                            type: string
+                                          uid:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      spec:
+                                        properties:
+                                          accessModes:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          dataSource:
+                                            nullable: true
+                                            properties:
+                                              apiGroup:
+                                                nullable: true
+                                                type: string
+                                              kind:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          resources:
+                                            properties:
+                                              limits:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                              requests:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          selector:
+                                            nullable: true
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    operator:
+                                                      nullable: true
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        nullable: true
+                                                        type: string
+                                                      nullable: true
+                                                      type: array
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          storageClassName:
+                                            nullable: true
+                                            type: string
+                                          volumeMode:
+                                            nullable: true
+                                            type: string
+                                          volumeName:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                    type: object
+                                type: object
+                              fc:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  lun:
+                                    nullable: true
+                                    type: integer
+                                  readOnly:
+                                    type: boolean
+                                  targetWWNs:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  wwids:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                type: object
+                              flexVolume:
+                                nullable: true
+                                properties:
+                                  driver:
+                                    nullable: true
+                                    type: string
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  options:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                type: object
+                              flocker:
+                                nullable: true
+                                properties:
+                                  datasetName:
+                                    nullable: true
+                                    type: string
+                                  datasetUUID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              gcePersistentDisk:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  partition:
+                                    type: integer
+                                  pdName:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                type: object
+                              gitRepo:
+                                nullable: true
+                                properties:
+                                  directory:
+                                    nullable: true
+                                    type: string
+                                  repository:
+                                    nullable: true
+                                    type: string
+                                  revision:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              glusterfs:
+                                nullable: true
+                                properties:
+                                  endpoints:
+                                    nullable: true
+                                    type: string
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                type: object
+                              hostPath:
+                                nullable: true
+                                properties:
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  type:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              iscsi:
+                                nullable: true
+                                properties:
+                                  chapAuthDiscovery:
+                                    type: boolean
+                                  chapAuthSession:
+                                    type: boolean
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  initiatorName:
+                                    nullable: true
+                                    type: string
+                                  iqn:
+                                    nullable: true
+                                    type: string
+                                  iscsiInterface:
+                                    nullable: true
+                                    type: string
+                                  lun:
+                                    type: integer
+                                  portals:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  targetPortal:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              name:
+                                nullable: true
+                                type: string
+                              nfs:
+                                nullable: true
+                                properties:
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  server:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              persistentVolumeClaim:
+                                nullable: true
+                                properties:
+                                  claimName:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                type: object
+                              photonPersistentDisk:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  pdID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              portworxVolume:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  volumeID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              projected:
+                                nullable: true
+                                properties:
+                                  defaultMode:
+                                    nullable: true
+                                    type: integer
+                                  sources:
+                                    items:
+                                      properties:
+                                        configMap:
+                                          nullable: true
+                                          properties:
+                                            items:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  mode:
+                                                    nullable: true
+                                                    type: integer
+                                                  path:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        downwardAPI:
+                                          nullable: true
+                                          properties:
+                                            items:
+                                              items:
+                                                properties:
+                                                  fieldRef:
+                                                    nullable: true
+                                                    properties:
+                                                      apiVersion:
+                                                        nullable: true
+                                                        type: string
+                                                      fieldPath:
+                                                        nullable: true
+                                                        type: string
+                                                    type: object
+                                                  mode:
+                                                    nullable: true
+                                                    type: integer
+                                                  path:
+                                                    nullable: true
+                                                    type: string
+                                                  resourceFieldRef:
+                                                    nullable: true
+                                                    properties:
+                                                      containerName:
+                                                        nullable: true
+                                                        type: string
+                                                      divisor:
+                                                        nullable: true
+                                                        type: string
+                                                      resource:
+                                                        nullable: true
+                                                        type: string
+                                                    type: object
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        secret:
+                                          nullable: true
+                                          properties:
+                                            items:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  mode:
+                                                    nullable: true
+                                                    type: integer
+                                                  path:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        serviceAccountToken:
+                                          nullable: true
+                                          properties:
+                                            audience:
+                                              nullable: true
+                                              type: string
+                                            expirationSeconds:
+                                              nullable: true
+                                              type: integer
+                                            path:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                              quobyte:
+                                nullable: true
+                                properties:
+                                  group:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  registry:
+                                    nullable: true
+                                    type: string
+                                  tenant:
+                                    nullable: true
+                                    type: string
+                                  user:
+                                    nullable: true
+                                    type: string
+                                  volume:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              rbd:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  image:
+                                    nullable: true
+                                    type: string
+                                  keyring:
+                                    nullable: true
+                                    type: string
+                                  monitors:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  pool:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  user:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              scaleIO:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  gateway:
+                                    nullable: true
+                                    type: string
+                                  protectionDomain:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  sslEnabled:
+                                    type: boolean
+                                  storageMode:
+                                    nullable: true
+                                    type: string
+                                  storagePool:
+                                    nullable: true
+                                    type: string
+                                  system:
+                                    nullable: true
+                                    type: string
+                                  volumeName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              secret:
+                                nullable: true
+                                properties:
+                                  defaultMode:
+                                    nullable: true
+                                    type: integer
+                                  items:
+                                    items:
+                                      properties:
+                                        key:
+                                          nullable: true
+                                          type: string
+                                        mode:
+                                          nullable: true
+                                          type: integer
+                                        path:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  optional:
+                                    nullable: true
+                                    type: boolean
+                                  secretName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              storageos:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  volumeName:
+                                    nullable: true
+                                    type: string
+                                  volumeNamespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              vsphereVolume:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  storagePolicyID:
+                                    nullable: true
+                                    type: string
+                                  storagePolicyName:
+                                    nullable: true
+                                    type: string
+                                  volumePath:
+                                    nullable: true
+                                    type: string
+                                type: object
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                  type: object
+                ttlSecondsAfterFinished:
+                  nullable: true
+                  type: integer
+              type: object
+            syncInterval:
+              type: integer
+          type: object
+        status:
+          properties:
+            commit:
+              nullable: true
+              type: string
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            event:
+              nullable: true
+              type: string
+            hookId:
+              nullable: true
+              type: string
+            jobStatus:
+              nullable: true
+              type: string
+            lastExecutedCommit:
+              nullable: true
+              type: string
+            lastSyncedTime:
+              nullable: true
+              type: string
+            observedGeneration:
+              type: integer
+            secretToken:
+              nullable: true
+              type: string
+            updateGeneration:
+              type: integer
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
+{{- end -}}
diff --git a/charts/fleet-crd/100.0.4+up0.3.10-rc1/values.yaml b/charts/fleet-crd/100.0.4+up0.3.10-rc1/values.yaml
new file mode 100644
index 000000000..d41d3a244
--- /dev/null
+++ b/charts/fleet-crd/100.0.4+up0.3.10-rc1/values.yaml
@@ -0,0 +1 @@
+# This file is intentionally empty
diff --git a/charts/fleet/100.0.4+up0.3.10-rc1/Chart.yaml b/charts/fleet/100.0.4+up0.3.10-rc1/Chart.yaml
new file mode 100644
index 000000000..8da9b7bb2
--- /dev/null
+++ b/charts/fleet/100.0.4+up0.3.10-rc1/Chart.yaml
@@ -0,0 +1,20 @@
+annotations:
+  catalog.cattle.io/auto-install: fleet-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/experimental: "true"
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-fleet-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1
+  catalog.cattle.io/release-name: fleet
+apiVersion: v2
+appVersion: 0.3.10-rc1
+dependencies:
+- condition: gitops.enabled
+  name: gitjob
+  repository: file://./charts/gitjob
+description: Fleet Manager - GitOps at Scale
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet
+version: 100.0.4+up0.3.10-rc1
diff --git a/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/.helmignore b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/.helmignore
new file mode 100644
index 000000000..691fa13d6
--- /dev/null
+++ b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
\ No newline at end of file
diff --git a/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/Chart.yaml b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/Chart.yaml
new file mode 100644
index 000000000..d3d7e3a52
--- /dev/null
+++ b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+appVersion: 0.1.26
+description: Controller that run jobs based on git events
+name: gitjob
+version: 0.1.26
diff --git a/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/_helpers.tpl b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/_helpers.tpl
new file mode 100644
index 000000000..6cd96c3ac
--- /dev/null
+++ b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/clusterrole.yaml b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/clusterrole.yaml
new file mode 100644
index 000000000..bcad90164
--- /dev/null
+++ b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/clusterrole.yaml
@@ -0,0 +1,38 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gitjob
+rules:
+  - apiGroups:
+      - "batch"
+    resources:
+      - 'jobs'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - 'pods'
+    verbs:
+      - 'list'
+      - 'get'
+      - 'watch'
+  - apiGroups:
+      - ""
+    resources:
+      - 'secrets'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - 'configmaps'
+    verbs:
+      - '*'
+  - apiGroups:
+      - "gitjob.cattle.io"
+    resources:
+      - "gitjobs"
+      - "gitjobs/status"
+    verbs:
+      - "*"
\ No newline at end of file
diff --git a/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/clusterrolebinding.yaml b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..0bf07c4ef
--- /dev/null
+++ b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: gitjob-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: gitjob
+subjects:
+  - kind: ServiceAccount
+    name: gitjob
+    namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/deployment.yaml b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/deployment.yaml
new file mode 100644
index 000000000..86bb61edd
--- /dev/null
+++ b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/deployment.yaml
@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitjob
+spec:
+  selector:
+    matchLabels:
+      app: "gitjob"
+  template:
+    metadata:
+      labels:
+        app: "gitjob"
+    spec:
+      serviceAccountName: gitjob
+      containers:
+        - image: "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}"
+          name: gitjob
+          command:
+          - gitjob
+          {{- if .Values.debug }}
+          - --debug
+          {{- end }}
+          - --tekton-image
+          - "{{ template "system_default_registry" . }}{{ .Values.tekton.repository }}:{{ .Values.tekton.tag }}"
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          {{- if .Values.proxy }}
+            - name: HTTP_PROXY
+              value: {{ .Values.proxy }}
+            - name: HTTPS_PROXY
+              value: {{ .Values.proxy }}
+            - name: NO_PROXY
+              value: {{ .Values.noProxy }}
+          {{- end }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
diff --git a/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/service.yaml b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/service.yaml
new file mode 100644
index 000000000..bf57c1b55
--- /dev/null
+++ b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitjob
+spec:
+  ports:
+    - name: http-80
+      port: 80
+      protocol: TCP
+      targetPort: 8080
+  selector:
+    app: "gitjob"
\ No newline at end of file
diff --git a/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/serviceaccount.yaml b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/serviceaccount.yaml
new file mode 100644
index 000000000..5f8aecb04
--- /dev/null
+++ b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gitjob
diff --git a/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/values.yaml b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/values.yaml
new file mode 100644
index 000000000..896a92654
--- /dev/null
+++ b/charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/values.yaml
@@ -0,0 +1,26 @@
+gitjob:
+  repository: rancher/gitjob
+  tag: v0.1.26
+
+tekton:
+  repository: rancher/tekton-utils
+  tag: v0.1.5
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+# http[s] proxy server
+# proxy: http://<username>@<password>:<url>:<port>
+
+# comma separated list of domains or ip addresses that will not use the proxy
+noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+debug: false
diff --git a/charts/fleet/100.0.4+up0.3.10-rc1/templates/_helpers.tpl b/charts/fleet/100.0.4+up0.3.10-rc1/templates/_helpers.tpl
new file mode 100644
index 000000000..6cd96c3ac
--- /dev/null
+++ b/charts/fleet/100.0.4+up0.3.10-rc1/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet/100.0.4+up0.3.10-rc1/templates/configmap.yaml b/charts/fleet/100.0.4+up0.3.10-rc1/templates/configmap.yaml
new file mode 100644
index 000000000..6b8d6f05a
--- /dev/null
+++ b/charts/fleet/100.0.4+up0.3.10-rc1/templates/configmap.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fleet-controller
+data:
+  config: |
+    {
+      "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}",
+      "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}",
+      "apiServerURL": "{{.Values.apiServerURL}}",
+      "apiServerCA": "{{b64enc .Values.apiServerCA}}",
+      "agentCheckinInterval": "{{.Values.agentCheckinInterval}}",
+      "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}},
+      "bootstrap": {
+        "paths": "{{.Values.bootstrap.paths}}",
+        "repo": "{{.Values.bootstrap.repo}}",
+        "secret": "{{.Values.bootstrap.secret}}",
+        "branch":  "{{.Values.bootstrap.branch}}",
+        "namespace": "{{.Values.bootstrap.namespace}}",
+        "agentNamespace": "{{.Values.bootstrap.agentNamespace}}",
+      },
+      "webhookReceiverURL": "{{.Values.webhookReceiverURL}}",
+      "githubURLPrefix": "{{.Values.githubURLPrefix}}"
+    }
diff --git a/charts/fleet/100.0.4+up0.3.10-rc1/templates/deployment.yaml b/charts/fleet/100.0.4+up0.3.10-rc1/templates/deployment.yaml
new file mode 100644
index 000000000..3ebc1fe2b
--- /dev/null
+++ b/charts/fleet/100.0.4+up0.3.10-rc1/templates/deployment.yaml
@@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fleet-controller
+spec:
+  selector:
+    matchLabels:
+      app: fleet-controller
+  template:
+    metadata:
+      labels:
+        app: fleet-controller
+    spec:
+      containers:
+      - env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        {{- if .Values.proxy }}
+        - name: HTTP_PROXY
+          value: {{ .Values.proxy }}
+        - name: HTTPS_PROXY
+          value: {{ .Values.proxy }}
+        - name: NO_PROXY
+          value: {{ .Values.noProxy }}
+        {{- end }}
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: fleet-controller
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+        command:
+        - fleetcontroller
+        {{- if .Values.debug }}
+        - --debug
+        - --debug-level
+        - {{ quote .Values.debugLevel }}
+        {{- end }}
+        {{- if not .Values.gitops.enabled }}
+        - --disable-gitops
+        {{- end }}
+      serviceAccountName: fleet-controller
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
diff --git a/charts/fleet/100.0.4+up0.3.10-rc1/templates/rbac.yaml b/charts/fleet/100.0.4+up0.3.10-rc1/templates/rbac.yaml
new file mode 100644
index 000000000..59df51b1f
--- /dev/null
+++ b/charts/fleet/100.0.4+up0.3.10-rc1/templates/rbac.yaml
@@ -0,0 +1,106 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-controller
+rules:
+- apiGroups:
+  - gitjob.cattle.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - fleet.cattle.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - serviceaccounts
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  verbs:
+  - '*'
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  - clusterrolebindings
+  - roles
+  - rolebindings
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-controller
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller
+  namespace: {{.Release.Namespace}}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: fleet-controller
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: fleet-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: fleet-controller
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-controller-bootstrap
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-controller-bootstrap
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-controller-bootstrap
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller-bootstrap
+  namespace: {{.Release.Namespace}}
diff --git a/charts/fleet/100.0.4+up0.3.10-rc1/templates/serviceaccount.yaml b/charts/fleet/100.0.4+up0.3.10-rc1/templates/serviceaccount.yaml
new file mode 100644
index 000000000..bd99d9958
--- /dev/null
+++ b/charts/fleet/100.0.4+up0.3.10-rc1/templates/serviceaccount.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-controller
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-controller-bootstrap
diff --git a/charts/fleet/100.0.4+up0.3.10-rc1/values.yaml b/charts/fleet/100.0.4+up0.3.10-rc1/values.yaml
new file mode 100644
index 000000000..bc2d70013
--- /dev/null
+++ b/charts/fleet/100.0.4+up0.3.10-rc1/values.yaml
@@ -0,0 +1,60 @@
+image:
+  repository: rancher/fleet
+  tag: v0.3.10-rc1
+  imagePullPolicy: IfNotPresent
+
+agentImage:
+  repository: rancher/fleet-agent
+  tag: v0.3.10-rc1
+  imagePullPolicy: IfNotPresent
+
+# For cluster registration the public URL of the Kubernetes API server must be set here
+# Example: https://example.com:6443
+apiServerURL: ""
+
+# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here
+# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
+apiServerCA: ""
+
+# A duration string for how often agents should report a heartbeat
+agentCheckinInterval: "15m"
+
+# Whether you want to allow cluster upon registration to specify their labels.
+ignoreClusterRegistrationLabels: false
+
+# http[s] proxy server
+# proxy: http://<username>@<password>:<url>:<port>
+
+# comma separated list of domains or ip addresses that will not use the proxy
+noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
+
+bootstrap:
+  # The namespace that will be autocreated and the local cluster will be registered in
+  namespace: fleet-local
+  # The namespace where the fleet agent for the local cluster will be ran, if empty
+  # this will default to fleet-system
+  agentNamespace: ""
+  # A repo to add at install time that will deploy to the local cluster. This allows
+  # one to fully bootstrap fleet, it's configuration and all it's downstream clusters
+  # in one shot.
+  repo: ""
+  secret: ""
+  branch: master
+  paths: ""
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+gitops:
+  enabled: true
+
+debug: false
+debugLevel: 0
diff --git a/index.yaml b/index.yaml
index db158b1c9..29a4dec93 100755
--- a/index.yaml
+++ b/index.yaml
@@ -1,6 +1,30 @@
 apiVersion: v1
 entries:
   fleet:
+  - annotations:
+      catalog.cattle.io/auto-install: fleet-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/experimental: "true"
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-fleet-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1
+      catalog.cattle.io/release-name: fleet
+    apiVersion: v2
+    appVersion: 0.3.10-rc1
+    created: "2022-06-29T16:43:02.435069-07:00"
+    dependencies:
+    - condition: gitops.enabled
+      name: gitjob
+      repository: file://./charts/gitjob
+    description: Fleet Manager - GitOps at Scale
+    digest: 30ae784cf6279c14fe15c741c53f9712cb646a96b4c1669833ba4e13c02b9e44
+    icon: https://charts.rancher.io/assets/logos/fleet.svg
+    name: fleet
+    urls:
+    - assets/fleet/fleet-100.0.4+up0.3.10-rc1.tgz
+    version: 100.0.4+up0.3.10-rc1
   - annotations:
       catalog.cattle.io/auto-install: fleet-crd=match
       catalog.cattle.io/certified: rancher
@@ -209,6 +233,23 @@ entries:
     - assets/fleet/fleet-0.3.000.tgz
     version: 0.3.000
   fleet-agent:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-fleet-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/release-name: fleet-agent
+    apiVersion: v2
+    appVersion: 0.3.10-rc1
+    created: "2022-06-29T16:43:03.446866-07:00"
+    description: Fleet Manager Agent - GitOps at Scale
+    digest: 59fed3cc6c56033cae8782f6ced99bdcf8ce8ab09554910ae5cacd80a0e34e43
+    icon: https://charts.rancher.io/assets/logos/fleet.svg
+    name: fleet-agent
+    urls:
+    - assets/fleet-agent/fleet-agent-100.0.4+up0.3.10-rc1.tgz
+    version: 100.0.4+up0.3.10-rc1
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -371,6 +412,23 @@ entries:
     - assets/fleet-agent/fleet-agent-0.3.000.tgz
     version: 0.3.000
   fleet-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-fleet-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/release-name: fleet-crd
+    apiVersion: v2
+    appVersion: 0.3.10-rc1
+    created: "2022-06-29T16:43:04.678205-07:00"
+    description: Fleet Manager CustomResourceDefinitions
+    digest: e210c5238c1680e360e8e0ae6252ff732abdd653b69fabd55c487ecf04a115a2
+    icon: https://charts.rancher.io/assets/logos/fleet.svg
+    name: fleet-crd
+    urls:
+    - assets/fleet-crd/fleet-crd-100.0.4+up0.3.10-rc1.tgz
+    version: 100.0.4+up0.3.10-rc1
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"