From caf81099a9c57fbf2d864b86958deed22383a9e0 Mon Sep 17 00:00:00 2001
From: Michael Bolot <michael.bolot@suse.com>
Date: Thu, 8 Sep 2022 16:29:28 -0500
Subject: [PATCH] make charts

---
 .../rancher-webhook-1.0.6+up0.2.7-rc4.tgz     | Bin 0 -> 2592 bytes
 .../1.0.6+up0.2.7-rc4/Chart.yaml              |  18 ++++++
 .../1.0.6+up0.2.7-rc4/charts/capi/Chart.yaml  |   4 ++
 .../charts/capi/templates/service.yaml        |  13 +++++
 .../1.0.6+up0.2.7-rc4/templates/_helpers.tpl  |  22 ++++++++
 .../templates/deployment.yaml                 |  52 ++++++++++++++++++
 .../pre-delete-hook-cluster-role-binding.yaml |  19 +++++++
 .../pre-delete-hook-cluster-role.yaml         |  23 ++++++++
 .../templates/pre-delete-hook-job.yaml        |  36 ++++++++++++
 .../templates/pre-delete-hook-psp.yaml        |  33 +++++++++++
 .../pre-delete-hook-service-account.yaml      |  12 ++++
 .../1.0.6+up0.2.7-rc4/templates/rbac.yaml     |  12 ++++
 .../1.0.6+up0.2.7-rc4/templates/service.yaml  |  13 +++++
 .../templates/serviceaccount.yaml             |   4 ++
 .../1.0.6+up0.2.7-rc4/templates/webhook.yaml  |  19 +++++++
 .../1.0.6+up0.2.7-rc4/values.yaml             |  25 +++++++++
 16 files changed, 305 insertions(+)
 create mode 100644 assets/rancher-webhook/rancher-webhook-1.0.6+up0.2.7-rc4.tgz
 create mode 100644 charts/rancher-webhook/1.0.6+up0.2.7-rc4/Chart.yaml
 create mode 100644 charts/rancher-webhook/1.0.6+up0.2.7-rc4/charts/capi/Chart.yaml
 create mode 100644 charts/rancher-webhook/1.0.6+up0.2.7-rc4/charts/capi/templates/service.yaml
 create mode 100644 charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/_helpers.tpl
 create mode 100644 charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/deployment.yaml
 create mode 100644 charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-cluster-role-binding.yaml
 create mode 100644 charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-cluster-role.yaml
 create mode 100644 charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-job.yaml
 create mode 100644 charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-psp.yaml
 create mode 100644 charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-service-account.yaml
 create mode 100644 charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/rbac.yaml
 create mode 100644 charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/service.yaml
 create mode 100644 charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/webhook.yaml
 create mode 100644 charts/rancher-webhook/1.0.6+up0.2.7-rc4/values.yaml

diff --git a/assets/rancher-webhook/rancher-webhook-1.0.6+up0.2.7-rc4.tgz b/assets/rancher-webhook/rancher-webhook-1.0.6+up0.2.7-rc4.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..0e9e5561b0869f23fac8da336969e6152e01ca73
GIT binary patch
literal 2592
zcmV+*3g7h~iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI}dZ{)TSzi0gw0~LiIdeUmYuR>G6@j1m6caCAFDT*LCaHZK@
z#uTZL)H<%S|9c@(->dc77vEmoXkON)$kB-6{N{_4Bs^H7bZ&967UE`bwkA@$cO+u3
zo{c=u^JbGt_Un0G`*%1T&R-2DV{bN@&PUVvD{nX%%_gtFdp;5NQ=&AHue{%UulB>e
z5F(rlO*9o;`4&JxG+|=p21ILyE)|0SrKU@Yp%3|5>Fl<qVTjxZTgwFP&Mr5}0-X&?
zMFsca<nLd>&>hZP&+*`IFmy-L^v{#dp`1jhViKSarqNM%N@LX7StuVE<;gFdS7VeB
z)ygS*y}qS96t}9gccC5)u}5wp^~jy?7g{1iqR>f&FDI{1G>gRa`-16aWRW;7|MlFF
zJ9lI-u|kZIhsXnp%C{T{1P`gsIt3)AE^@M97+L`4CTXJuATbt-Y9a4@ux%?u6-XMJ
zao-b0L!v2PorV!r=^g)VM1rM|aAm{<eHWv$x<xN1W9WMB>@P`N3H+s(b5BpCHvVr2
zOHe(p0XTsF-h4D^<NtIt?eYH@L?g07zl9n3q8PLlA3&3p51UHg0Wt=c31gRn(csR9
zcgqW*FC{AE+Ok$mEC|a@i)Pua01SG+#U)9YzQPq%I>#!2wNUy3^{tRMJ}e1SXjv()
zr6Y5^E8C+WYBZ<D$FgFHZ;_$K-D|nLMvAUSPK{KcS$5q#?9d&J-LYl;3AA7+jjhbE
zQm+y6seuq<Chj8S+J$RGSZf_Ce~|H$95t%cB!nVRgFx^AW32`%SYwzl%2y6<Xpk}<
zXhOMm2oIg=ZiDP@k&p<KFNIZ;!-pS!w73ZI8W{#!NFVOEPkH}s{nr@9jA&GYk85Nx
zO6BVKH$uTd{hy9n`ahe^#=ZU@gYNGg2ysa{f^D?&V`$X!qs;Zv24}mq(vEZq?)Sz(
z7`-mMolbo&hsBa|y#)KuYG8j717r%zf9y&g<l)ZWR{e=utJ`H{flL_&B#w7on}SoD
zQRXQ+siM{NGH2w#4W{5#_dru1%S@@Ck4+nJxx_&GU|)!9qxzYrEaH@3s=D_1&k14n
z{^zNQp>l;cGBjbP@_=icy5IkP{jVX~Z}bKZ=>OOodM*8*kLSJqABE~+2#I4g*bJ>3
z%0nOCmhaz+P?L~o;+KI&TW?g1L3*`VmBzqEL<j5lna-I8fKIIgD3)D5u6DnaScAo0
zCIE#PDQyHxA}mKax#XIul8?ebqOSNBEf-zS=u{)Sv9RX2r1)XFHoTeK1u0nMKw}zO
zM*JQq4_FfJQ+gME1y0l0P{W&wOG~mkQ^<f4wD=E+Sa*+Kp_^kv(1!Q1N6rRD)<vD|
z6}9eMbxK<APzpMGK+r(&)SE(CTLZ{9)$1;n#PxTlA1-T)paAas`{Le8lPKP9?VX|L
z7pGspKmT}kdim}_2K8wD0X`qjK0L@K3ZjR&T%3M5zrH*@J8v`jMvADu%mJ1ZS$KuZ
zW^3MlN%Yz;wa_iIFJ)ijM8iq?mU7K~z<qFGyS=|JUt~7et(<SzZvCChnyg^EJt^<l
z4Lc2a>OqLT!?4u_>hl*1snzbf$b9(P{FDpoQb_H?Uni6C&Y1K?I|l~7na}6tRRdEW
zM8dm7sG}7?l=d<&XP~2aaPvl$=%i3?P!7_cG@uAj>SAct7T{?Rq~klmtxw$iL21AL
z7fW=)ER1%t1s1SGX_Sr>44nn#A?2&bd4>n`|D#s?H=2w_^WOhE2DPkknK~)V3}lf~
z<s-@k30#uswUG3`nKgEA-ef^X={TO5g>oerer=Y?VF%KwR-0A&dkybmUnp1iE+)qK
zw`v*y_8M8_s`VfpY5UN)S?jWMi*&Wtwh#8m?zo(*M4VX>+lK`%g)CG=Vs_it29c8>
zKnyW7|1Jq-7+R_N<aU?D^dC|r@dLAJ0qjibW9CpLi=Qws7RAX~TsO>swb!aTt?8*1
zUs9`jWy%`vMbQkk2z<NkEy;_bPs9JGWdsi4|HNzK|7bSydi*~IJqG`G5$Mqt;bj8<
z@UsAa!Z63<0{E2=KY&e&I&2;>)#uQLAM;X$5{V4ZjEEAQRdDku2?Sr#RZ<4rX2=HR
z!gM#1w^?QQon6moxGG(nu5CHHWyymJVysHX-B+l)`Q<a&$u$<C!XS}U-(}q>c5qJA
z;fLy2XX%*UUgh+7{QpTTJ~0t|0RKnR@wkQm-h9^M|550v{{MpLU|sq8{}hX-V*F#=
z$={777(bIGC==uh65NR8@;!~H_F;T5_5COh{nMwbO!U?>=a0x2?MfgqRU};`;J)SG
z5XusXeR}(7>Fp|Qc<^o2lDKyLAs?H=t#IN%Hn-i;<aO<~7<)I6RQ(En;7o9hzvyP-
zS|<Ed{Y#<r!D}R5qllz9^#j=X&JO!^=@7jJ+i~cMr^?HPc9tUH;aAxP#@C0Otk-+o
zrkCbeJl_7tD*in7e>k4B?f=m8X1)DC20hjO8>2Va3>T<L;RRfZ@H*E{qr`pOSH*pW
zWsN1>P=>2&`&#E-H`Dm;@~qi#`R;AiP@$a(eiDX0oLr@?r~K|DtHZxf&DH+vNgOkb
zkZZ#7kgVSIL!xxn-4x&?;j4NjJ)+!)VTrR5`NfCXbUL0|083?Zn$N^eA_>3c?Cwek
z{S9Sk3{*80jViwbC#HaZ^5Ss#OVQ);KlciqJko!HEjYCQZ|1f3|Bl9^dB6YnDD+hP
zFC)KJHR1m`2>dK&;dcU1`}IG|>psglfJ6E}8Sm`>9rpF#<IoXmyU$tjEQ(Mhj3}>F
zIrr8$_w5^M0MIV}{9)XN{raEV`)7cFL;61+jd%9{Pka483N_TGZRroIc0-YxM>ET~
zr`TNQWPkclY@5?Wu28r3(#29}5eVkPcW0NiJqpE^y5<Js&W*rddP-ju9n}A)yZbwI
zNdJf4tX=;Zjr;xoN1<o&?R%Abv9w?Riva8M+yB{gx_kbwkN=NCjq^VbY(%L-fa(JR
z`F8`(>XniGU{TdctbA!@etUV-E8I}L&4tMwhRrblG1+E-fKlYy+%Z2&Y_RIVdTH(2
zp07w`u7}xJzZni{hvBnF6};$Db6}RHzFAhSvO1ELA9^ZU&woznhA`ZXMQYOlplFEa
z+37&#!-e1}A59|^iN3}_@KE_M^gaj7w)H<)6RFi8ATfQmZ^0bWe{a6y|4;hwzZ{1i
z{0xcbdRFbjBAe!wFD-gc&p;39|8wO64#xj8Z>Rp-@BcauJu&{TpEje}fxw+4J4Xy1
zk{v*+eGJLe<+{Ixl%1^YNEftE;q6Z!<R|L-<Umh7_0-d&>3;zL0RR6(2JlV*QUCy1
CXEj>@

literal 0
HcmV?d00001

diff --git a/charts/rancher-webhook/1.0.6+up0.2.7-rc4/Chart.yaml b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/Chart.yaml
new file mode 100644
index 000000000..724c26cfa
--- /dev/null
+++ b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/Chart.yaml
@@ -0,0 +1,18 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.25.0-0'
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0'
+  catalog.cattle.io/release-name: rancher-webhook
+apiVersion: v2
+appVersion: 0.2.7-rc4
+dependencies:
+- condition: capi.enabled
+  name: capi
+  repository: ""
+description: ValidatingAdmissionWebhook for Rancher types
+name: rancher-webhook
+version: 1.0.6+up0.2.7-rc4
diff --git a/charts/rancher-webhook/1.0.6+up0.2.7-rc4/charts/capi/Chart.yaml b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/charts/capi/Chart.yaml
new file mode 100644
index 000000000..388210bef
--- /dev/null
+++ b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/charts/capi/Chart.yaml
@@ -0,0 +1,4 @@
+apiVersion: v2
+appVersion: 0.0.0
+name: capi
+version: 0.0.0
diff --git a/charts/rancher-webhook/1.0.6+up0.2.7-rc4/charts/capi/templates/service.yaml b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/charts/capi/templates/service.yaml
new file mode 100644
index 000000000..08df65d62
--- /dev/null
+++ b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/charts/capi/templates/service.yaml
@@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: webhook-service
+  annotations:
+    need-a-cert.cattle.io/secret-name: rancher-webhook-tls
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: 8777
+  selector:
+    app: rancher-webhook
diff --git a/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/_helpers.tpl b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/_helpers.tpl
new file mode 100644
index 000000000..c37a65c6f
--- /dev/null
+++ b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "rancher-webhook.labels" -}}
+app: rancher-webhook
+{{- end }}
+
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/deployment.yaml b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/deployment.yaml
new file mode 100644
index 000000000..a8554d605
--- /dev/null
+++ b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/deployment.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rancher-webhook
+spec:
+  selector:
+    matchLabels:
+      app: rancher-webhook
+  template:
+    metadata:
+      labels:
+        app: rancher-webhook
+    spec:
+      volumes:
+      - name: tls
+        secret:
+          secretName: rancher-webhook-tls
+      {{- if .Values.global.hostNetwork }}
+      hostNetwork: true
+      {{- end }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
+      {{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 6 }}
+      {{- end }}
+      containers:
+      - env:
+        - name: STAMP
+          value: "{{.Values.stamp}}"
+        - name: ENABLE_CAPI
+          value: "{{.Values.capi.enabled}}"
+        - name: ENABLE_MCM
+          value: "{{.Values.mcm.enabled}}"
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: rancher-webhook
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+        ports:
+        - name: https
+          containerPort: 9443
+        - name: capi-https
+          containerPort: 8777
+        volumeMounts:
+        - name: tls
+          mountPath: /tmp/k8s-webhook-server/serving-certs
+      serviceAccountName: rancher-webhook
diff --git a/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-cluster-role-binding.yaml b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-cluster-role-binding.yaml
new file mode 100644
index 000000000..ca439ff48
--- /dev/null
+++ b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-cluster-role-binding.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-webhook-pre-delete
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "2"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rancher-webhook-pre-delete
+subjects:
+  - kind: ServiceAccount
+    name: rancher-webhook-pre-delete
+    namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-cluster-role.yaml b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-cluster-role.yaml
new file mode 100644
index 000000000..36a1c7fef
--- /dev/null
+++ b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-cluster-role.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.preDelete.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rancher-webhook-pre-delete
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+rules:
+  - apiGroups: [ "admissionregistration.k8s.io" ]
+    resources: [ "mutatingwebhookconfigurations" ]
+    verbs: [ "delete" ]
+    resourceNames: [ "rancher.cattle.io" ]
+  - apiGroups: [ "" ]
+    resources: [ "serviceaccounts" ]
+    verbs: [ "get" ]
+  - apiGroups: [ "policy" ]
+    resources: [ "podsecuritypolicies" ]
+    verbs: [ "use" ]
+    resourceNames: [ "rancher-webhook-pre-delete" ]
+{{- end }}
diff --git a/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-job.yaml b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-job.yaml
new file mode 100644
index 000000000..81f306b86
--- /dev/null
+++ b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-job.yaml
@@ -0,0 +1,36 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: rancher-webhook-pre-delete
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "3"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  backoffLimit: 3
+  template:
+    metadata:
+      name: rancher-webhook-pre-delete
+      labels: {{ include "rancher-webhook.labels" . | nindent 8 }}
+    spec:
+      serviceAccountName: rancher-webhook-pre-delete
+      restartPolicy: OnFailure
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
+      {{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 6 }}
+      {{- end }}
+      containers:
+        - name: rancher-webhook-pre-delete
+          image: "{{ include "system_default_registry" . }}{{ .Values.preDelete.image.repository }}:{{ .Values.preDelete.image.tag }}"
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            runAsUser: 0
+          command: [ "kubectl", "delete", "--ignore-not-found=true", "mutatingwebhookconfigurations", "rancher.cattle.io" ]
+{{- end }}
diff --git a/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-psp.yaml b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-psp.yaml
new file mode 100644
index 000000000..8acf758d0
--- /dev/null
+++ b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-psp.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: rancher-webhook-pre-delete
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+spec:
+  privileged: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  volumes:
+    - 'secret'
+{{- end }}
diff --git a/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-service-account.yaml b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-service-account.yaml
new file mode 100644
index 000000000..93e215394
--- /dev/null
+++ b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/pre-delete-hook-service-account.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook-pre-delete
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+{{- end }}
diff --git a/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/rbac.yaml b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/rbac.yaml
new file mode 100644
index 000000000..9afaae6c6
--- /dev/null
+++ b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/rbac.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-webhook
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: rancher-webhook
+  namespace: {{.Release.Namespace}}
diff --git a/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/service.yaml b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/service.yaml
new file mode 100644
index 000000000..74a8a9e5a
--- /dev/null
+++ b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/service.yaml
@@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: rancher-webhook
+  namespace: cattle-system
+spec:
+  ports:
+  - port: 443
+    targetPort: 9443
+    protocol: TCP
+    name: https
+  selector:
+    app: rancher-webhook
diff --git a/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/serviceaccount.yaml b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/serviceaccount.yaml
new file mode 100644
index 000000000..f9251b418
--- /dev/null
+++ b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook
diff --git a/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/webhook.yaml b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/webhook.yaml
new file mode 100644
index 000000000..4f95ae896
--- /dev/null
+++ b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/templates/webhook.yaml
@@ -0,0 +1,19 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: rancher.cattle.io
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: rancher-webhook
+      namespace: cattle-system
+      path: /v1/webhook/validation
+      port: 443
+  failurePolicy: Ignore
+  matchPolicy: Equivalent
+  name: rancher.cattle.io
+  sideEffects: None
+  timeoutSeconds: 10
diff --git a/charts/rancher-webhook/1.0.6+up0.2.7-rc4/values.yaml b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/values.yaml
new file mode 100644
index 000000000..9ec60fc82
--- /dev/null
+++ b/charts/rancher-webhook/1.0.6+up0.2.7-rc4/values.yaml
@@ -0,0 +1,25 @@
+image:
+  repository: rancher/rancher-webhook
+  tag: v0.2.7-rc4
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  hostNetwork: false
+
+capi:
+  enabled: false
+
+mcm:
+  enabled: true
+
+preDelete:
+  enabled: true
+  image:
+    repository: rancher/kubectl
+    tag: v1.23.3
+
+# tolerations for the webhook deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more info
+tolerations: []
+nodeSelector: {}
\ No newline at end of file