From dc26f5845cd711bf02af8a134aec5dbc10911b8e Mon Sep 17 00:00:00 2001
From: Michael Bolot <michael.bolot@suse.com>
Date: Fri, 22 Jul 2022 18:23:32 -0500
Subject: [PATCH] make charts

---
 .../rancher-webhook-1.0.5+up0.2.6-rc9.tgz     | Bin 0 -> 2592 bytes
 .../1.0.5+up0.2.6-rc9/Chart.yaml              |  18 ++++++
 .../1.0.5+up0.2.6-rc9/charts/capi/Chart.yaml  |   4 ++
 .../charts/capi/templates/service.yaml        |  13 +++++
 .../1.0.5+up0.2.6-rc9/templates/_helpers.tpl  |  22 ++++++++
 .../templates/deployment.yaml                 |  52 ++++++++++++++++++
 .../pre-delete-hook-cluster-role-binding.yaml |  19 +++++++
 .../pre-delete-hook-cluster-role.yaml         |  23 ++++++++
 .../templates/pre-delete-hook-job.yaml        |  36 ++++++++++++
 .../templates/pre-delete-hook-psp.yaml        |  33 +++++++++++
 .../pre-delete-hook-service-account.yaml      |  12 ++++
 .../1.0.5+up0.2.6-rc9/templates/rbac.yaml     |  12 ++++
 .../1.0.5+up0.2.6-rc9/templates/service.yaml  |  13 +++++
 .../templates/serviceaccount.yaml             |   4 ++
 .../1.0.5+up0.2.6-rc9/templates/webhook.yaml  |  19 +++++++
 .../1.0.5+up0.2.6-rc9/values.yaml             |  25 +++++++++
 16 files changed, 305 insertions(+)
 create mode 100644 assets/rancher-webhook/rancher-webhook-1.0.5+up0.2.6-rc9.tgz
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc9/Chart.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc9/charts/capi/Chart.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc9/charts/capi/templates/service.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/_helpers.tpl
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/deployment.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-cluster-role-binding.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-cluster-role.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-job.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-psp.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-service-account.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/rbac.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/service.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/webhook.yaml
 create mode 100644 charts/rancher-webhook/1.0.5+up0.2.6-rc9/values.yaml

diff --git a/assets/rancher-webhook/rancher-webhook-1.0.5+up0.2.6-rc9.tgz b/assets/rancher-webhook/rancher-webhook-1.0.5+up0.2.6-rc9.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..539bc233853fb46b58e01c2f68af117215a773cf
GIT binary patch
literal 2592
zcmV+*3g7h~iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI|CZ{s%d-`DyS1O4$wUffES{FJS5Js{1dhdu13LDK8tP!tPV
z8ry6rQY9&;xzykNAW=`2<v7`Tz0Fng#tB6ZM-=BbPn0C#;S!~DhqI*+w}bN~k=nf{
zF?)3|@;uL*j>q}0=Xvd4-}g^n`QzbqIvshF(eRb$kB5`#EAS2{!fr~HCi0c{yXR`(
z+zTPXxzI#Y!Bt=ZghUf27H&wiX6RBe2vKS}rx*oL?3K=LOBzMU1F*GB(eCVWo6gW#
zp;T1x08ak)HTbSSbv?&}zk=@$C)uATokKZ^Q6(hA08FE!?v=*4v$IeEFv`<kJFg}v
zW2%)?^?H3rc_i*sXYW!yHpCvfrPM?BbhpqF84`s~CVaJcrJ`9Rp+A&NS3`>=N%gPi
z4&A9E!>_Ce6XX%{kfI7K2SULks`E}ENvMmQ%os)%fSDv~v;ZU~LQyT`eE_y?MW{ka
z6Ep4y!e~S^<%_c@rYf89Uq&RD3klaoOwjiUDyv)cYB7A*b0>dElUm>}y`6h{CbjW@
zMOcdJum)fc{(GmxaU1_9{%Mc@#~>P$1qLn5C^p5Qt@r?%ECN{7`VNpYxJntj5{!oT
z0lb@E3VkI}A=j3*U}8pCVOliHrvfnO{TAmWW%?QyROte%0G2}OOVoEl-UcuyOrd3E
zxR#A9@UCi)!+4`PGd`A;NPLS7HEv%k<TX-s-EwB6Le28)=4O3&IC4jp^?#rRLuqVf
zj+J_eP%I5Zm@si4BiAn6Ai`4XL<NJKpX8`fWhNmKp&EpOhnQ$JP~j4zlu^ELa7Dw6
z@jw&GwL^I1)Uyrp*<v9PD4z?fAx8i|{$z0x;SDkjwU7Zkte^Az+xo9DP8iXs1|OHm
z5|ql-$?t@Mz4|{Hw)B5GolJWDKL$NKI1u5Sas=CG<;TdV<wsfQr47z{ZDk$l9NZs_
zfiQYqdOMx^Tn$Sk<$4bG|Eq!hNeqxFtp2fUd5}k2e_PEvYVB^9kr^^&7?32{c5O;d
zZAQ7L=wyo4(94361GkugSJMN{fGjtqK`}OK!1)|Q9e{l)Zj9>Zp0Y?Xewpgp7r&&0
z*}LzjA%-dx-pH^CGqnfY;MD#6ck6!x(SD~lut)z#p6|8v|8z9%_5Uc;3`0ngsKLs&
zZYhrfcw0SxD@IKsqDfE%8g0E%35MC#a#tDy8xtKa-{(4K8UQ-A4xrq2#kj_N8L<r(
zJDC8KVq~-uERC@m<rI=@rYb%PLy5ZPTee(w-J?^F?8d@|<C5Wr>AK;~6fQ`~q5vAx
z&@$o=KzYd0XqVEv@EdTN#fBQ*)LdGUHJL&Vl%U1GNzA%?{07||Hw4}AK6c2tfssv7
zr#nS$I#->NHak>;P9G686g=~$P&W1e@>Tt~%Pn#9{n>}B#wI9%`{ALSTWJy}>$SZ#
z^y2dDoA(zV&(E&jJ<6aNtv|x&!}*6t*~DS|7?;bl4;MFAXXh7fCf`aCH@7*!oFa>^
zalYAFv|kau3@R;jtL#hF*ErE|l0BtDb02XZTv)Fk9;yeK4|Z$k8`kS!>#`;bSg%j2
z8M|R;L!M?3Vs9~Qb%EykB|>Voy)SYfzOg>lhPo0`2k_N+JlYzQJ!ogoz&EF-r`1&h
zQy)aiyF_TB6+oQzG7o2<<79CAMpfvfP_9r8vY#xV2vO>CXx<j$Sr}&HJHf3_-26#t
zxBr(&bfP?rcJd7tvQ%l5juZ@?8RZe>i>G;pd-MOpR{S>{4~Ks5{~d!`R=7%?lx7C<
zNU8P_<&1<bN%c}l`k&kyySH!hprdje&&@`;77V{J+ho53>D0T;s{FkT?_yUd*YqyN
z#`w2t8UXeZS?sFiARB21urXQdvU7)YvD9_|_R#LQT&P5nTM;{e8P0_)RYYPw?Q4U`
zX&53#7@2?Pgffh*OnnNwOA`8bDbnPTRkZ-N7WFA>sM6Wb7#fS>6fABw%z(AisyeOZ
zX%t^Ft9ot98t!G;42=kUz3wf^i=t1%|L0`{_Tm57YvccL>JNMTKL$Mo|F;q7$rj;d
z0>A%RfInqe;Bg83Du5rsCS@JAh?tsdXv0rMsX~cVhG<5_sm?37#gc@A&*>tq0&X*8
zg>q)P8_C<Oa{SJ(7b{$su1(jroZYe%!38l^rDOI5>TZ6;N_KKhM5HiGCDr$NH;Nsc
zQ?>u5I`&yMrngrGJstml7PC)G1n<HB;bb&w;eTEd>hb>w^j!acMs&EWef@uk*>f@e
zDemMS#uAJUWC^MS`HY0OVm^OQW2yrf?M;0@$wUA2<*E|B&CK}|@<rPcNX!&TmkGG<
z__u_zRAQgrK3aOaP8;rhT8$*G-Mq=C=5TAA*ptm|cQkojyDi4f10;37(jPb%T;s2L
zGjT0bey0AZPzK;_Bwpi~WH|LB*u}{X`*r0Iy$0KH=z?d;%Y}C4BIVK7`2oh)`<$%T
zJKUz1=2$%4{wFH=JoeuojobF$&o1}&{|NM4`)`ciVCBzHlhO;g646beokofKxUY`;
zO3Ru^x}pph_3^dNvu>vG-PQSK!_~XDbwiDICiqDi25@qnwVv_&le`Z9J~LOluct}E
zFh;HkD?+kn*AJ=Ed3RHQlY}ptmGqeM0Q?GPWAbYN)5&Bsu>j`E<TMY&P9llE<Lv%g
z2>mT(Xbe=n6dP532Tn`@|K!Et@Ry>e<A325Iz^=a3|p}8{NL1To&Oz<hSUE1?@{Qv
z_+LeSt!l#mauE1g%)%c8pmytjp4UCddjR|Ne>~bc|Lgbl-{a5`YP*Lld6q>e62+7^
zs+>D(oV(5qZ2-_V{`_g&hTZyK*!u%Oz&`yS4M*GO|9kyE3T>!O+tTk>?F~iRd^NL*
zd&<LgPX1>A<*_+U<N|f;EL|dn7NKAPe1Cq`IHOP=soOkY+<6fAOE2k*qP_b6e0P6~
z_UXUxP22UK;jlmde-t{1Z{Mrji>2NAUj|s8-~LZ0lWqIo$Nxv6jrV^ZIfzn+0QCn1
zith%TH!CB%!J@8{SjE=L{q}0oYg|#hD}*T=hLvCZm~1mZ$S87cW-MMMHdys&y|i&{
z$5$kB*TWpFU-^T^%kcTF3SM?;I52Zl->j-uc^%0rUV189FMdhsiZI-cMH<TiplE~_
z`P+difJ?zMKAOfTQhkG=;E@Wz_dW;Aw)H<;5~<Z7Bnds(w_x_^zjwOj|Bw6czZ{1i
z{S1lcdRF7ZBCE|SUt08@4nU9T|DkdLd*lD9w^je`&wm|<o*Dl)-!`N93xQinc8(Z1
zB!2;|@i8P*m+Sr(QvPObN4lW>7T)gkLGeaipB(6^r=EIxGW|CI0RR8fkU@6<QUCyJ
CBo@d3

literal 0
HcmV?d00001

diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc9/Chart.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/Chart.yaml
new file mode 100644
index 000000000..2df8f7725
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/Chart.yaml
@@ -0,0 +1,18 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.25.0-0'
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0'
+  catalog.cattle.io/release-name: rancher-webhook
+apiVersion: v2
+appVersion: 0.2.6-rc9
+dependencies:
+- condition: capi.enabled
+  name: capi
+  repository: ""
+description: ValidatingAdmissionWebhook for Rancher types
+name: rancher-webhook
+version: 1.0.5+up0.2.6-rc9
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc9/charts/capi/Chart.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/charts/capi/Chart.yaml
new file mode 100644
index 000000000..388210bef
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/charts/capi/Chart.yaml
@@ -0,0 +1,4 @@
+apiVersion: v2
+appVersion: 0.0.0
+name: capi
+version: 0.0.0
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc9/charts/capi/templates/service.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/charts/capi/templates/service.yaml
new file mode 100644
index 000000000..08df65d62
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/charts/capi/templates/service.yaml
@@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: webhook-service
+  annotations:
+    need-a-cert.cattle.io/secret-name: rancher-webhook-tls
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: 8777
+  selector:
+    app: rancher-webhook
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/_helpers.tpl b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/_helpers.tpl
new file mode 100644
index 000000000..c37a65c6f
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "rancher-webhook.labels" -}}
+app: rancher-webhook
+{{- end }}
+
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/deployment.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/deployment.yaml
new file mode 100644
index 000000000..a8554d605
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/deployment.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rancher-webhook
+spec:
+  selector:
+    matchLabels:
+      app: rancher-webhook
+  template:
+    metadata:
+      labels:
+        app: rancher-webhook
+    spec:
+      volumes:
+      - name: tls
+        secret:
+          secretName: rancher-webhook-tls
+      {{- if .Values.global.hostNetwork }}
+      hostNetwork: true
+      {{- end }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
+      {{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 6 }}
+      {{- end }}
+      containers:
+      - env:
+        - name: STAMP
+          value: "{{.Values.stamp}}"
+        - name: ENABLE_CAPI
+          value: "{{.Values.capi.enabled}}"
+        - name: ENABLE_MCM
+          value: "{{.Values.mcm.enabled}}"
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: rancher-webhook
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+        ports:
+        - name: https
+          containerPort: 9443
+        - name: capi-https
+          containerPort: 8777
+        volumeMounts:
+        - name: tls
+          mountPath: /tmp/k8s-webhook-server/serving-certs
+      serviceAccountName: rancher-webhook
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-cluster-role-binding.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-cluster-role-binding.yaml
new file mode 100644
index 000000000..ca439ff48
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-cluster-role-binding.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-webhook-pre-delete
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "2"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rancher-webhook-pre-delete
+subjects:
+  - kind: ServiceAccount
+    name: rancher-webhook-pre-delete
+    namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-cluster-role.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-cluster-role.yaml
new file mode 100644
index 000000000..36a1c7fef
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-cluster-role.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.preDelete.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rancher-webhook-pre-delete
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+rules:
+  - apiGroups: [ "admissionregistration.k8s.io" ]
+    resources: [ "mutatingwebhookconfigurations" ]
+    verbs: [ "delete" ]
+    resourceNames: [ "rancher.cattle.io" ]
+  - apiGroups: [ "" ]
+    resources: [ "serviceaccounts" ]
+    verbs: [ "get" ]
+  - apiGroups: [ "policy" ]
+    resources: [ "podsecuritypolicies" ]
+    verbs: [ "use" ]
+    resourceNames: [ "rancher-webhook-pre-delete" ]
+{{- end }}
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-job.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-job.yaml
new file mode 100644
index 000000000..81f306b86
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-job.yaml
@@ -0,0 +1,36 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: rancher-webhook-pre-delete
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "3"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  backoffLimit: 3
+  template:
+    metadata:
+      name: rancher-webhook-pre-delete
+      labels: {{ include "rancher-webhook.labels" . | nindent 8 }}
+    spec:
+      serviceAccountName: rancher-webhook-pre-delete
+      restartPolicy: OnFailure
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
+      {{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 6 }}
+      {{- end }}
+      containers:
+        - name: rancher-webhook-pre-delete
+          image: "{{ include "system_default_registry" . }}{{ .Values.preDelete.image.repository }}:{{ .Values.preDelete.image.tag }}"
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            runAsUser: 0
+          command: [ "kubectl", "delete", "--ignore-not-found=true", "mutatingwebhookconfigurations", "rancher.cattle.io" ]
+{{- end }}
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-psp.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-psp.yaml
new file mode 100644
index 000000000..8acf758d0
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-psp.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: rancher-webhook-pre-delete
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+spec:
+  privileged: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  volumes:
+    - 'secret'
+{{- end }}
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-service-account.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-service-account.yaml
new file mode 100644
index 000000000..93e215394
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/pre-delete-hook-service-account.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook-pre-delete
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+{{- end }}
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/rbac.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/rbac.yaml
new file mode 100644
index 000000000..9afaae6c6
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/rbac.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-webhook
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: rancher-webhook
+  namespace: {{.Release.Namespace}}
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/service.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/service.yaml
new file mode 100644
index 000000000..74a8a9e5a
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/service.yaml
@@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: rancher-webhook
+  namespace: cattle-system
+spec:
+  ports:
+  - port: 443
+    targetPort: 9443
+    protocol: TCP
+    name: https
+  selector:
+    app: rancher-webhook
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/serviceaccount.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/serviceaccount.yaml
new file mode 100644
index 000000000..f9251b418
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/webhook.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/webhook.yaml
new file mode 100644
index 000000000..4f95ae896
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/templates/webhook.yaml
@@ -0,0 +1,19 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: rancher.cattle.io
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: rancher-webhook
+      namespace: cattle-system
+      path: /v1/webhook/validation
+      port: 443
+  failurePolicy: Ignore
+  matchPolicy: Equivalent
+  name: rancher.cattle.io
+  sideEffects: None
+  timeoutSeconds: 10
diff --git a/charts/rancher-webhook/1.0.5+up0.2.6-rc9/values.yaml b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/values.yaml
new file mode 100644
index 000000000..d425a741c
--- /dev/null
+++ b/charts/rancher-webhook/1.0.5+up0.2.6-rc9/values.yaml
@@ -0,0 +1,25 @@
+image:
+  repository: rancher/rancher-webhook
+  tag: v0.2.6-rc9
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  hostNetwork: false
+
+capi:
+  enabled: false
+
+mcm:
+  enabled: true
+
+preDelete:
+  enabled: true
+  image:
+    repository: rancher/kubectl
+    tag: v1.23.3
+
+# tolerations for the webhook deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more info
+tolerations: []
+nodeSelector: {}
\ No newline at end of file