From f01a2cfb74a0dc1d0fc6bf85d8a0bf1416f81d91 Mon Sep 17 00:00:00 2001
From: Nick Gerace <nick.gerace@suse.com>
Date: Fri, 8 Oct 2021 18:21:33 -0400
Subject: [PATCH 1/2] add index.yaml and assets

---
 .../fleet-agent-100.0.1+up0.3.7.tgz           | Bin 0 -> 2334 bytes
 .../fleet-crd/fleet-crd-100.0.1+up0.3.7.tgz   | Bin 0 -> 21941 bytes
 assets/fleet/fleet-100.0.1+up0.3.7.tgz        | Bin 0 -> 3173 bytes
 .../longhorn-1.1/longhorn-100.0.0+up1.1.2.tgz | Bin 0 -> 15699 bytes
 .../longhorn-crd-100.0.0+up1.1.2.tgz          | Bin 0 -> 1814 bytes
 .../longhorn-1.2/longhorn-100.1.0+up1.2.2.tgz | Bin 0 -> 17251 bytes
 .../longhorn-crd-100.1.0+up1.2.2.tgz          | Bin 0 -> 2648 bytes
 ...ncher-aks-operator-crd-100.0.1+up1.0.2.tgz | Bin 0 -> 1137 bytes
 .../rancher-aks-operator-100.0.1+up1.0.2.tgz  | Bin 0 -> 1643 bytes
 .../rancher-backup-crd-2.0.1.tgz              | Bin 0 -> 1702 bytes
 .../rancher-backup/rancher-backup-2.0.1.tgz   | Bin 0 -> 6879 bytes
 .../rancher-cis-benchmark-2.0.1.tgz           | Bin 0 -> 5106 bytes
 .../rancher-cis-benchmark-crd-2.0.1.tgz       | Bin 0 -> 1462 bytes
 .../rancher-gatekeeper-100.0.1+up3.6.0.tgz    | Bin 0 -> 10106 bytes
 ...rancher-gatekeeper-crd-100.0.1+up3.6.0.tgz | Bin 0 -> 5955 bytes
 .../rancher-istio-100.0.1+up1.10.4.tgz        | Bin 0 -> 20360 bytes
 .../rancher-webhook-1.0.1+up0.2.1.tgz         | Bin 0 -> 2294 bytes
 index.yaml                                    | 322 ++++++++++++++++++
 18 files changed, 322 insertions(+)
 create mode 100644 assets/fleet-agent/fleet-agent-100.0.1+up0.3.7.tgz
 create mode 100644 assets/fleet-crd/fleet-crd-100.0.1+up0.3.7.tgz
 create mode 100644 assets/fleet/fleet-100.0.1+up0.3.7.tgz
 create mode 100644 assets/longhorn-1.1/longhorn-100.0.0+up1.1.2.tgz
 create mode 100644 assets/longhorn-1.1/longhorn-crd-100.0.0+up1.1.2.tgz
 create mode 100644 assets/longhorn-1.2/longhorn-100.1.0+up1.2.2.tgz
 create mode 100644 assets/longhorn-1.2/longhorn-crd-100.1.0+up1.2.2.tgz
 create mode 100644 assets/rancher-aks-operator-crd/rancher-aks-operator-crd-100.0.1+up1.0.2.tgz
 create mode 100644 assets/rancher-aks-operator/rancher-aks-operator-100.0.1+up1.0.2.tgz
 create mode 100644 assets/rancher-backup-crd/rancher-backup-crd-2.0.1.tgz
 create mode 100644 assets/rancher-backup/rancher-backup-2.0.1.tgz
 create mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.1.tgz
 create mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-2.0.1.tgz
 create mode 100644 assets/rancher-gatekeeper/rancher-gatekeeper-100.0.1+up3.6.0.tgz
 create mode 100644 assets/rancher-gatekeeper/rancher-gatekeeper-crd-100.0.1+up3.6.0.tgz
 create mode 100644 assets/rancher-istio/rancher-istio-100.0.1+up1.10.4.tgz
 create mode 100644 assets/rancher-webhook/rancher-webhook-1.0.1+up0.2.1.tgz

diff --git a/assets/fleet-agent/fleet-agent-100.0.1+up0.3.7.tgz b/assets/fleet-agent/fleet-agent-100.0.1+up0.3.7.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..9da094b6e88c2b24192ee72c4493032a9dc914b7
GIT binary patch
literal 2334
zcmV+(3E}o1iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI>{bK5o&&oe*84n3XRACsnJTki19=cJwVoSer_J9E=!G7!0x
zZ~_4q0OhKxzWWUTlA<WuiWApvX0#7B1?(;s;Qn?OAToxi12RFbk1nP}>Tp4F_To_~
zilS(Aa$^5SQPlk(jRq$#1}B5z>2Pp%GK^kCgX81T@e7C^*NlEDl_v5<^u=R!C-;>Q
z;aq5<so*O101~1J6O%9@S~Co(I7(1zno&$+kc1~wl)Y?Inx@EO@U<+_?`7d6M^%sn
zV{naub3V0D8uMNep<-Z^m%sJ)N@PeB21aoVEl>7HL4QK2sNgZohaM@4=4TWhhi6`j
zDv`9%w&^<~32zA}6O?dnG(Z5~Q~jSp0nu=i5QZL24DVFyLd8c%iNT5rt0ghk5T#J7
zBPJ$79a&>SHJ^Cf#?5O}22m77;ozTT;f#8Y_ut0<oUjtr;|G8p_#d7P2VMM+hQmGn
zpMq#kCTNgvpyuCFo{C#_XfbC{EU^%ZY9SX5{Eync44}y*hPiWK?*QIU5sGrmXaYZ8
zUxLU$PZ9oIj!|;dsNnqS4JedzlpssaDW6!5O$_Fx(lAC)s9}l{y#sjt8_5fXYXqWe
z2osUVqmz?k1Ns}Q_{ZzZ7<|7r$EYtb2jq!JF$L@9wPhFQpJ`+09l)Cm7-kwUFZ2Sa
z2C9H4Rpyw2o>JA-`Tp|8uqZm=n8J7g1a6Trm~nB-;o>}8&*9>{J%xmoN*il%LY0;_
zUb}gCTFh+RwY-;Pj7)(RK+@Fw(=Fk$5PVaE;A|0^0Tw_c0vFoIVG1NO0!BC^i4MI3
zW);WY0YD~13}YhKwowx>-@K|9vL4S^p_E7{(FnIxPd&%_=2d%YO;+fN-=a0j8Ek$#
z4Yu>$I+gTkN(9%0Ht($xQk#=km`K#hbLr>0)z#AOe7#msrz-CNu59XoRM=HZri4$N
zr;U+`TjRLe3}14FO2I;uAdxV(u<sgfr$pOEGs9F+KJh5mC^=yUi*A@LGnz!1TNg~P
zUH*Hwm0{`y5h>mv!$b=Sgd2xo=%%P36Yd3D2}rSEVv!qRtH>rnV@g{`49k^4{8~#4
zKY#FM<rovqwzxe2fLVipZa#0Tv8(~ia8cI=j@z~ah{A9h1N_&&mW26LyG1|@eiN<?
zVU}T{V|XWSk}0Mo!?t!~VVE#criB!9nxYIhO)NR(R8zv}@0fn#_;t;5$MD{SiLraL
zZgOtE?sdMxjFe1Q{<p9W?Ut=t)BYe_G1z_=f(PL+3WpCZBHH<1V_q<#Q5}7pA}dg;
zP#2F-3hb)?kB3nw|DT?nM*IB#6tr9hkYYwTg6|yiW9mHeV-+nIJ_M_kXBcS);ZLqe
zbS_;N<Grrjh!v7@oq_+2I`ThD0WyWn4}WbB^0fQ>-0S(ZQ9u3@!81C^N%1I~ft~n2
z?(Y9b!_mI}e-fHep2l!t-}hTmZ0?)~UXGfiL=&6bx9W_#$GJ-ke*`ukEvr<xT(%>I
zD<NUEs(O9b;K$3Q7C$J#JDjW4;aZPD_gb>9BmLN4E^Dc}akX-(c=as%>939Y@xLwy
zA0q(l!2jU*Y}m#BX|%`xlTaJ)q$t$UeBim5@M^s!xIYT00u#Gy*(m&TqLb-mwQY2`
zB}K6*2~fLSCDR(m5Ze&%RRB;AZ>ZY%p=^XqVK8572rB#Eoxgp3b9H|4y6LH^`R}C2
z<5nX;Mv<l0m~FOJ?N>xk<Hqi=*@8B_?tBGaE|<+*?<urGSgqC(&B})B>VLJ0yPcX$
zR;!oIXxlHxwJVf!n&5eoh?48=4PzZ=1G~#^0`Yn)7`C^LO(5Rd!qr-|_%F#BgzyJ&
z%2Tt${B|u?munjhcMZI;iESjdH<}L~`ni$!*P#CR&r#nBIr~@$Mw7)y!kD-<e?Ko9
z?5zJro%lZ-oD4?$`2Q3X1i?nlSG{@4C*kZ{dmz#zgm<p%%KAi4PN>3JV7<lst$M06
ztmU$ScYW3sb`H7>EbDMyh_rL=MEOLbvXLfmE!b^v{`!7VVAcA@$=K)D?(w--{I5m*
z_%BTIZt_!=J&4O5503%6>c7$1sDuCE@OZGt|5H#G|6}v!*O>o7jC+u7-J||`OFV$i
zS7ZQxiYyP+^k^!?%#WcEN(YoHO&B|Lzsh1FNs8O-L5d7D1`f=A47O2~NrISSdI)38
zgv7u$Clc+rP2AY5DBH#1rxigGjYDV`<xJ3<+b`aCRhMo->>_LweEvfUzV4w|b-3Fq
z{lM0KckyX5fqL89*l<-cR?lKvw8OHlkjymmoS2vYvtJG1AA)b+xp~-(2BxK&mU#>c
z^LP1+Pf9Iv!*H{)>hHx2`7eG98DR=n{)csKFDJ?j8F2sb6LZCfyUNFAU7oaPtw;US
zDpr6oNoFF;E@@7641-6=W&QDAj!E)(_W*XqfAicq{~r!c_woNJs2%(5TPLNS3Q2#r
z2-&IuFWi^VYr*jTQ-SJZWzcStMoN~<6lVdDf_^VWSyYwU%YVGI_YIUNWr7=xbCly&
zgV)Vj53~DUl&6$WKF|DMTuGZB)uBK=k$VjB0JhifA*-g!@&7Q<cHx|+&A8foFw-f&
z!|Ho+*u>D)%In9!`!@bq5n$K;@ASBP{&zZxPWJeJ3hJEq*MPY9QiQ);jz=fRlP2}u
z!|v*mo_iZxO1eBwvcBK4#cn$sPv_>(7Hhk|BVq5^+%0f%Zuo1&8Bpwq8)G4~S%cy$
z*=OE`|1aC|ZPG6M527yq&yI)t{Qo4>!GCXVx&Qe8xo5DaFQI<?&k3U`(fBwOz|Q)A
z`}_YO+MoYE2`!g21CFp=9DdSi?Q#hjp$z_3-|=}rr3&oj_~sICb?k#FP;Rdrt}kkS
zqkt&eR^8>deeLk#?=<7@&JN`1YUO#o^V!z1eS`A3X0vTc--LwjEoRzA`x_lpfy7@+
zD$(8pc6X@{?Jdw;C=HCxkS%~PCECT1-yZw9eREHH+S8u)^ykt40{{U3|G*F(`T#lr
E0D*0rQvd(}

literal 0
HcmV?d00001

diff --git a/assets/fleet-crd/fleet-crd-100.0.1+up0.3.7.tgz b/assets/fleet-crd/fleet-crd-100.0.1+up0.3.7.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..a9b2796f6e7ddf42cb89e1b3e1de0f0642bf67b6
GIT binary patch
literal 21941
zcmYJaW0WXOtTs9}_Sm*<+qP}nwr$(CZCiW1$F^tgyyu*6-Tsqwsw=&!Dl4n<B*BY<
zKnD2l`Jn)yG7wj!Hxid&mG<CZF=SGuH&$Y?&{X1Jl~Yw^l~J>{G_W=HP*$+x5jU~6
z0l4gua{9}D&%SQv2Q`}QY9wUoRcdyOhjSOF6KCATa~0;Bdc|RV2}r1*g5ChZ8opS>
z_1<L{U#-|9PKX2|UZ3pY&@N1v#7~$oenNeuoi{@Hc4s({%<E@7^$0$8dw(>Q_VapH
zcD|cNr-%FfagSH`{XSHcr~CDE<LC1<m-qerf~VX2zBTnL`qSeqBaT!JHM0y)=XJ>W
z*&YEf#aNMn%1Gtwiy*?VM4j^RkZzH4??m7i-LYs$>VEH3td2_8Zs~1JkQi*nC+4?c
zIr6jkDn6RpJ+3kB7kiF3XL(G83q6w-Q#XEaLXNU=UT{|zS(c6RS&jXAavG7OSFi1T
zQu&ARgQN4~0y_0X?#IXDyY0cRSKJ+eD&gY1tnJ8aK`ga_Lv3NCa^CSR1kJI;(09U&
z5NYMI`;Wuhqu@pN>)ROKp<^5J$pr;Pg@MR`%bgMBN#kn+;c<6+Rv$a@wXM)(RT|x#
zUT)uepQ?w<GW$i}_D?3=L$ZbLCwf(}Jp}~k%g^r5dt92|$JoI4&siSdSJ3m%pW87!
zvxIb!6EtcwHbNB5+k?-im5--bidjDckw>&t=<j?F)gR}NzR1M=8{IDw&X0$=o~zaS
zy(p~&623OuS~RIzjX`EA5&0eiTUCw3`-AQsaXGJVk%WhKZ_C<$lzKN+Iecq%YK7F1
zmc>7nqLsemODTqDOM5GJA>+qY$rUqobcN(<-FxS;ep9wg9(g?|+%l1QMHo_1_j4lD
zPTx+C7DTg&XbR0cD<}s|;Up4II@CRigiG2w<IXM9tHwDZKQzX!Baa6sr`_|?b&(Ik
z$R3lpb0}sLha#Pn%xWw?S&$WchlwW@-rD!lXl8noW@~e&V~NFrR0%U$3B!z4XO!Q&
zKOaA@ezQ|<-!DJkQY_PY-*Z1V-V;%QGjF)77w0pq#7|6ab?TXP>s6kdhoE|md24p#
z*=8h6Uss+tCytROy13L?C6xwE?ONu(wZXx2>y#^URraqh<ddovleUWAPRh9wVt%~u
zncEFcxg;Yem+tZfZ};J;wvukgO?Pynk};3AKh$>LQ${vyDAE+q?(9g0tU`0vFUrG?
z8B8N}>9J@wNh_RF$NN_62@*AP04F?*b3U*up-C&gH~G`I4&sCU#RYsV5ooRQkgEg7
zEmkM51FMAc-UZYf9#w&Dfc`f4Tt-2Qk06ndMC?SW&Z%RI;jcI9o#)zmeIU+}me7yK
zG*-h9{VO3QMxPnV41K=S2X5S2O>cM8Yd2|yPP*H4ZUzHOB^N~H-Q6wNOY;%tIw$8r
zS>ScM-3g3G)K>0>6S%$zA*tsL7hlH~lm<Qo-^-NrAAUIp9gi%nrfr`OKBFoPe`xL}
zn1eK_JG9TNbk93!6z7?vQk>0~4)XCf8rE=UZPnPcO|%~ltew`_wN}z%nl|2B7Z`nI
z{%R#?R>;yK&+H5yoDn5kudk2V`C~gaOq&{hCmi+NkI{7t1c~^-VB0~qb(_3s?nTp&
zMM}usM{Sfdy$Ql|%0S~%)ka{24q`L1y{d-hRtxyfPQcyUQGH~-;@H8QnVtxj5A>A;
zMP0&jacH4*@1Jj$sFt^MG#Z#z#|Sh`GtX%%%d3qs&lzTfTVHEnq!;T*O)%3u3D=|_
zKY$@@TlLkaq^e1uO|E-xx8nh_10*#W!|yV>jtTS3;;ZNKR@X)Tjih7KKdr-E1$%Z&
zfgjk0{cF#DW!Q5}5!YgkP$hmTuVXyn-0l7#ugd|I)It%ckxhSU1wby$f?q?2Fbjgr
zv$5TYW+3j_Nt+u6pq+(DEiQ(%YZTZSGxITrSz~H0na`};bpqVAU*WLh_T_imvp=_E
z!GJgF0mjpc>Tv}|LF|LhAw{?fL2TINFI-I}DL%{^b0In`SPLMI81yh1d)iCc-igHE
zhco85;%v~?CSqQCtnIgdgm;*_726X4Xg}oO^fUI?k{_MG4CgrA<(v&1r{=pD=9B&D
zk{f(n^Y$)+cUgX{bVWElu5#b!b?*?tk2x0Cc6m-0zTJd9#fA8o5}yGrAzjFjjA3nv
zhC@P5s^&P+7W%z8JeU{K2l4$%h=;2{u9GH$1JQ~2SXO&Fqv`FBFa}>eM-^-UAZn2H
ztW(uMg?o@m@5-LsAivYTCA$rW(QMj90Pb-%&@j-)D10Quv)`>?_B}-CFvqchhZ_sb
zp?s*x0jvZ9J)0eS;vd;NBt?~IbO8^aE~6GQ?Utig0$wO*{5G>M0(ud7xbtz~zc?j4
zX*FO<vU}I+I!f3A_rO;6T<}*ILA>>Vju38QOf$U1dG>DHOHk={y0k0T<#w(6v<o;K
zVJy;pwE+}#4Pa&GoP<gZVE-VQHpT_gXF0KH_`h5r0{>t_GT$sj+8@w}HA^S7jn?P7
z9II&VU!b|JC)h>ggEhuzGSMTr6RHiQ?)V^#^6Z1fP_!<Q)QYuA_c%p#A5xmck=2x7
ztS`y^5qda(nnbwLt-7spZ<ckQ!aK(d{>WSA71~k^fddv(R6VVWG!bFBSKHT$PI>J;
zf?WE`SL<>o+9!@|Ch~E2Ax_SA8)1dL0*uS>iXeD_Suhst_VA@Ev2a{>o!6*Sn_2ex
z5IdpW7$*1mjc$`hGnz~X?AJzx&})?(y;~NC7Rj`&8(H`!<DsNshq$F^sT1+UW2xax
zE@xVWPVG0r9qU)qtWJ|wy$u7cc<4cZELWM>^%WDLU9sko8%fGK7~7I8p>x#pBAzi_
zdGoQT%Vq*CYh&R8cyi&Y&@5KUCRVghjvE~OWU1?hTdH+?d^0Rev`inJ#;{KjW<PO#
zOR6_O+t2;Y0`o8;rGShx;-5J-=FRxGoK?M*dA6A~e~t%k@(edHjLRQC<*7r2u?ciA
z$%5F?-xx!AO{m||TA8Y7o)M2_Pc9vzNZSTbWvmFSN~Hp@hn0t65cCq2)AmBQTxd4b
zw{d|0Idwd-L_SOpk_sUi8D{?$cL*(A;_4KWM(zFK@|_{-13u-Uy6S+`8~^Bd={jRR
zRvKiKMfa)g;I$#k7OMSw6WL$i=9$sT!nRsgM>CDf?gH}F>5E>j>e#qE-J1C^<2i7m
z-ORIZE8ol$%Y67kCj!O1(FuzPYMuax2qf!JmL3Jd(sGF0&WLQ;KgJ?G4s#m-Q7{#5
zp8Yt=Ux9hU;3F$wMw^U0YBUwAd4yq<JR1Ybz<+QPQeL#|M2!{IME)L6!N!1hkO5@y
z9}pvI&a8oHEY3BWvpM5OdMyi>Qry{->_hC?5nNL2nMx5xnU{a8${F*fb4=$s7Wj(z
z@<N<T_YzzivSy_s^37*sCx_)i6C7dm_v^z*R8tdE9?fKujhL<3%w(HRZx!EF8_lkO
zy5Elg@PqNo5rS66nzOQyDAo#D=ii?@@njd+_T-FtMV#o@yFIn}c(PT<oX(WBdXul0
zw6W!&P@7`)W152*V~}9vmNPu>E!|l#`c{pJP}D{S%3gUNTwgU|3t9ahNTqJD@++_I
z#r?AW>J_2u3E$)IjMkdr<g&X(CNRzP(Vr(+-NaEons7tr0pep%1W5c#{%+D}FzvlT
zrcx~xuLTUYF;lk=jAdh&`|yH!nBi7H3PxZ^L;#d@hnJ)65|h9CfT$?})6C8JFvhJi
zBgXPb`s-UgQ{(=T<LGg$W4(XafS^^`M>9O5sWE~$Vd*7->+{1-GGqGx=>I7D5Bd5e
z0<9v_hZuwhg%%h}Vlx*DLXdwRoL94Xrxxr*A@wvgEl=_9TI`8}za985QhhZvqv<#_
zDjqvhEiIdIW)vO9g_t_!YI`yct`_-`Dp6+`W(7z$7)QDU=1MnUbxt5}ebZ+cP9S?h
z7)L(Eg#9-}qI5|RPhb-lNrACAj@-q>=`ep+^q=^5@&s}e{YdL4pju$Y3M6>%bcgaj
zMnn`PH<7(Ey!-GTh3|Il-~;K>VA`dxWcRHrNQ@HCrhE#)>mvPj3d%I;pPv#F7#GB8
z;#_eXOd*{hdlE&`rns6A<IdDMWmEju84;JXesgSOQ8v;WA(+m5;jfC9K0xBFuAT}1
zr85Cmx1^dvA_HD+ijBn0Z59Hnm*^z`j36R7=6i}VOTLI9k}0QznQanlz7Z6kYOz|}
zb-68GLEX7=f&1ruC0fOHofFbJtJb^Zv3GfMw_EiOhI(q3A~yJ=Fw|IBARJR0HZwgO
zszqPdj)BE1U1n^H>+HJlI18@9Pl&z9U$>2w%Q`(|3mHUf%iybX0ux{!wsoEh0(jK~
zWuC_pC-edHy1k@kc+eT9Rg(3nq+?k6rd?U~#8HK}t6;VIb+D5XbVb4BC5&B8-{ptZ
z_B^dS*Y$+ClGOfoSKTPvZEnDRxZbka#`pNn_Bl?b5>sl<T?fF`_7TpIr;`xnIUGt4
z(Z*)AlyQt(L?LbSevD8QP~ZmIIm<*Zm>sl7$F}vBzsnp+<l#fD%^Zg2ETWbehaM5-
zJq&?8H!0R#)$;0im}_6QAH#JqsF{ir?Vn%{texKZUaE{|mEf?^1}s|ku>R^e_l(w4
zIbG>Jz^L_?=X|)<3E)!qS<N`rvs@lN<r|_REHVQqJ*_*m!HYm19z{?1SK2#X9wx~Z
zO~Ym$r39bCQ!oA^Hq*j_8osv)^dxTqcwP`Vx)KxOS-uC(?$g&8W!~Q6Q1yP)Z}j(o
z8m?dNayhMw?Vc<HJ6h|@kk4`;)njr>;90b%)|Yqd4TqUB>p?oNta^Se+suo|S3l%e
z`1JPHP&MI^wC!U?u64B@qXH9>h+TL}*#IaAtRRB`%GxhRuS^1#EX>|AXysCbwVGJ5
z4c(=|08*i;;*nLrVQ@(qz9Oav7}@Z~53iXTbA0a_eH39*nlavfPU{*njBB7uj^I{E
zub1<Mzboxq{}-^vUWl-p?|5FMeIJ2O04arWP2sam3?oXJoi4_qt8*VM<-keD20P8@
z#9Bq)$z!Fn?B9hWY8T`5X5G9j&_t!muxA3>8kXK2`Od|IbvEqL)%DWzpbtb2=~BQD
z%oeQNmYhWaiZLK(K!tqIae<JeYL@Ym>53HR>G$?4nksX7$um$T=0{OFRcV8xrQYOL
zj6zo1JDi|H6}vWaTVy}OLi<XNd99nE-+qU6dKqm6lIK6GFlM(u&+o=>PoW0c{hD}^
z9gSv;P@X0EYOesukDd_7kCFm)I{X54|HB|Zax!QzxBktikrk-(`jzTylApT3`^1M~
zfc7ZPU!V)rMb3#7SfNFvwsAY5gMOHpUDh3~uMmM7G>m~PKRBY3c|HDR4`^~B7UTHm
z*|2Jmy)tLU)d!9;RpBDU9$e$G5J8p2_fL?ef{bUfkC!Iq#4cx<HxIhToz`bfN((FN
z#q|~JX&_Yhhx_q+#>2aomDtwwWa=4QKlsIw;&JB>S{L8G&_AoO>DCEpCG_uEy*v+x
z7Oas*QYx{yR}$5^hL7}eEBJeeb;nkzDvev`voPicV<%snrs^F;^(j8Bvk+ywROxlL
zNk;QmmdI!Fjc@eTturdU<1_T@;W8F?y~v@iQu=XR=xh{jT?$_xs{1;;+CC=|)A7a|
zj-@Eb<nM+E#A%bvNb75(gRCs*7mOQOW-a88a=mSv$4jwQ>6wna(-lwiGzG~!*?sjs
z1NyG?%qU|b2Eppkdd6ZFc9x)^_ojEI9zn^J_tF9F?q;xh926S`;SHo3(m`uBoS_9{
zY7b4|(p!o|$=km~eO+>ugGmtQl3b3I7vj?@{D!oI3}M5vhO@fUZ?hUN2=<r5l2~op
z|Gd&g$(aDcq8Neyu$Sgx%<JN82$}MW?S)O$?M|e|-b2Pl@AlTmAieRSz3<+a(qvBS
z4y!`u#c50@y<i#XH>Ed<5!hL#rPaW0%9H2ZBa!nNz<%E&u|_|ZA_pSTOW<|H0TzcY
zN_8>~&SMK6w~^Q)M^L9uaUXSZ<qb-o0>B=H$%D(4GPupIyeFS&s|S$)n)Ya9mG58;
zqHgPj0Pc6qlgr4r*M86e6w~G>00m0p{r~Y9Qj}vWZ|$t<g*h@XFF!!t2c!_l`Cuw8
zy;(TUhONnYHjS7Y|M=f@Gm}g;3CYglVkyZ^ZlGX+yhK`xGelVs5}jueQHiuG`u{Oq
zi8L>MiL_tSJ#+lebTc;Y<RsEi>l7DB2+tOkdQG0zVwI)%Q;*moQ@IF2E>bkgG*<fD
zO4V`6ylcd&j541`w?59yiy54<y_J<~$36!ei!01T@*LcbU)=T0i`M~YS>|TGbWRj!
zP^RKd)XL~^*D?ws)07aq5@Roxm+7_?UV@E)7lAk2KZpAZ8TOf4C7+&jLuYcCyQ=fp
zt-Oo1WE+`NUbr{>ob*(CYw<X&d`G)(wUyi*;#EBAQLyM3bFk`NK3uw2s;_G(s5dSn
zEoN2>+>HQ+aj13KA8R^3>^=NOV?2c=4olD2PK$#rsF`M%u7vxl!#39_)`sxT6XfCs
zLH@NG?DRT2(+I6P!*+dtqqa#t&={^h_%pA$xI+>A)%v7)4?6ODA3|Tjq5S6suBP&%
zZeAgef}~jLQP9`;HV{(q$ubN*q{(-eID6yF51+BnAuSU9?50-bJk%1t^$r3^&1dRW
zrwn;he+NXPQD6Sz%A`7w=4NBe{w6)rNNe?gpSN*0)=4XGbV37cv7NVbjdO?2tXmzK
z&E^r(X+4-Z15O?l+{@7<ZF&S(J&V4!7=;)U-%h>&5nz<LV4z|e9_AdcY0!!6q{}XY
zT0Q1-qY3Y^c%u!sNk?KzzO{|#mo36g<L>-?k~hCK0lPMR5UDse*|ICw+5FLTy1SOg
z=b|jrwSHA$OPk_aZ!0rIG+B&;BEf}@>)TLkvD2lweaURJyHjP$3a_bM8LMF!Mo{VO
zm2gRKJtb0dX3pJR+>DcFr6g?yipM3SG$<ug{_5Slpc(rD(8AFlhBtL5JRPgNF&ogy
z%bhxvP2oG@+-;tl9t(i*umXT6c69FhXGP6J12QQ#9@S_#>JWl;`ou+q%2_O^BWvWk
zoUY9sW<lpVekDYvQ>p_U0~m9kM2pJL1^`6}I5vMm>^#1=c7qYjQhq+Zh{n7h)Y*_N
zW|xyOf77f>v19Knp=tL!U!8s>|L@Dwwi@0#v$b3FRwB<Qq2yH?gKz~`ulQYZQ{l+o
z{EJs670WY@N|V<28}DJIdbsGuB9GSpfhLq4F^yGTqnlKWfP7UhbC2Q!RS}+4nw^@i
z5D(v=M4r}9WP>V7#IkZORJEC<e#UQgpA8Fpklz60qY#Qs(?V}#M#i0Z+5YCvYvF)o
z+BW;8EPlLJ*K#Nxj)R@NBbpMuHP(^`ZrK|7Q8Gvir`Pv_K2%}r7%Z94a&34wH7Wwt
z(fBb6i23l0-m0+NQ6^r(ok2z(jI7usOU=vU&4!tCal#cWCr$qgha`Gz*O&1pEpVVn
zJ>Sw8xk)b@x#Rwv8F3H8p5z$4C=COs^y_4@(YN&DSOKLgcJw<lNt5D~>(`3lqOCt7
z6ign!mx5?=qour_@IlTxD&j->;X@-Nf}y+WbLeCRcJ^Mn*G^pm-~uiGdBLZU5N8E|
zoDjk%u#f|WlyDPVtadIEhaQDy50onDl1tdG>9HkhPBJ(?<+SY<dF*2vvV)T~4A}=S
zV6vm$yL})c%LmUDORH881cGOeW6{0Ev*T0@eS`#tr@!21F@%WhS=lI`;7U>@E*F>Q
zz)t{KLEwfKV8P)Nkn)pUB(=gP;6ZjpTqG{G=}l>#fD)I74aosPfuzi`Ye7>ky(Fb)
z2#vFx`~ZxDjlf|s0b1FU<{z-4{zyQsw=TexRnYA}m-2Ef0HBom7=o#!xO%W>?(!d?
z4y)p{nU$^_=wm`ktYSu{$-gWy2nXacB&!odw+Cd*a~-p&6aAYE3i|!0zhNU44RjP?
zz`dA7$<i(OI&*JZL#gYqS<cLOHotOUJFV?VxntC5x^WYy!mD%!L#@lmWv=y1^iXmp
zM!Q*<$=GCteg)?8dYWdhO#t57o>mREd`aK2!KhxASV$i5QtTiNxjq$O3Z@A^oqaqr
zlEPuWp0y-)nh9F^*}$v@!$O~OdaH;;%x3=P@dTX3(bErP+rhiGp1ZMR4XVIRyX5lj
zpL2=qsM8g(ohH!*OlK_$WJ@XkR50tew>D0L4eKVAxn>9+zm?f@o`m?y^tU?ag~>Bs
zZ<S&x@cxDZQPa=qN?uR&m8Nrb6cjGv*2sj{6L?l{qn@Irl^rMD#>KCdMeO1gTD3_!
zpAhixTFIT;;1L|YoE?T7R2NXmerO$6W?$X3mVs*>ueMcEkW&32{up8omD8zf5+UVB
zVRgj|^VSDB6@<en>%!u2M%GumA1_&fSTEqdKi&gk#d`|I{@cNQe`GM^3>OP_XDh&!
zDaOC`Oxw?iEEeQV);{H7d{-d<uz>H8k5076->WT-_DB$pvF68VsSn()<oW1rtS5dS
zAuJB=-&HMUUK?${y-F0dL@?;86IY+JM%1NJ4%mU(Q!fB|g!*TD-D@c%6F6%2G6CfQ
zAFc*svxJB9ZOB!9SJ{p11;U+#+1WV^ZfRo!hf`cE%<c5gsO(LB01Q>fx!H%k4b$Ib
z?a!z68XFUIMhls*E2b;Wcr3nMVW03?j3SY+vub5adLI`j*S3zTk8N5cwU;dXCe^z0
z2z;W{u6Dkn<KsUl^ZYK15~%ctNZKZtbS8l2x`BR^O)~)i8ByN(xavmOm2q(Mw@!?V
zA&aSCV(`p!`Y=rTNif&EG4w;+X$P?oNKw0|YRv+mO^^CUApPEqPeWtKFBW)~t2Pj4
zz3k4Ie4Tn%^zP1m>z4mceP{I7Pdz(auDPbsuMTV8g=d)K9dDON4>&u$RGx<YTE1!q
z9b0W(J0Hx9ur>wWCrP(>>t?y8SB=zql-R`S-26D#Z*_!dOh}uRy^MVRe!$YNhu2uN
zT{-`P5^NRQ8bO(`aGNWnU37BI4p&Sz3?I#oH+1k6U@+_aCDT|WYHc>t+G<65)h1dZ
zu!rTOJZP#?L-~G#$rh(3Fa?VMD46bFF!6;~XFI`P)=7dkz22R9XJ*T9FuDXo9!VhT
zHZXl`#O5k6eaik91|abTr`}P(w}JGohv&mU)jkV8Ar@6$3qST3mF@xQnQ*kH)h-6C
zQ0W)i={}48m}s`WEmfT%STOmWsK**1E6wzC)^0q|!(?vP3%M!O04~%p;PFDhetr(X
z6*~LEI3g-F{NlE+0&tbAdkykf<daKuzWT;xbcFt7Y~8G&cM}gsNe0UdMpuw%WDX}~
z&a2s{HBBzcS-0ONIoYdB8msESg}bjdD|nuDVHMXy$<9%+BX(a(1smC9X|prYPwjaV
z>+T@N*3HE6(J@1N#72h<@eL06jN|L#qoc8H6YCJ8{G+0btceW^s7}J7#KZ{3*2KI7
zMnv~Y|MLlrv_xA!78aIYsG5L@3v#=c5=n~M)v(}^N}id=ip*_~*V{XC)Xly*daJpW
z8KOr%3wbBvfXp#K-V+t)Qm0I?O#7>d8K$ebBXQEkSgI$=mDF+$8qO(efg+8sB@9+$
z%nX<Wzv&&b77Kb)(DvC+|EHe6OZ!LePUb#Vrnc3ztj*77OIE)^xp3JOIQ?<cB%4p7
zomA=xVOE=2j-e8Do}eu6Dv=ueC7C8JL7mw?{`UQC#e5>|no164=2aV`R+ctf%TgQX
zUoD&FFZjCa)Yq@En|nu>TuEDR-#vJ9-Vkl6mDttC`q0PFo3nIyfF63_l_k^CuLA?`
zO}ef=Iln$>y{YhvP{EY@z23qR-MPZ^L(A%{yxGdA`>4<n##l`%hOVGmzkwJI`<SS7
z3*NNzh^)EuF}LKVr{!)c@GYf@XVr6lgsm?v^K-Q3W03{>J@huqH3<Vw@50_AL9U#O
zYumc*utY8G(%ju8W)}3?tDZ?k7i>d>SA1aKstHuEk66H*bgK^Mg@5g~aRo&1Bp&1w
zLLS0{wVQ`KDej6_By6<l&{S_ux2(!g9z8M5ZNTNca2ZakWv^aghl{s{ag#TzC3q^m
z`WdjYQ$Vp7>sFspyp(*3M*cMNM*gPC%jo$&?3OV0pV4_Bs+KVPF@UiKl#C&mz%a47
zn85f+i3m<s5d+lzt-m9#{+Pgzjs1#7096<J6kSX_9*j6|*e|1>#7R8}RX<xXYV{_$
z_m2KKcePb`bGg2t(PPKlOD7amk1Qt}v+8*21;0Y*xvtI=ff`>9``p%7nX+@n8q{+c
z*O#1tm}DatsMG4U1M}PGZa)B^rc#L6cktW{`t9ZP0Uyki^mAU=Y6gTBaNVR*u=#*W
zO3a~}7x$9cO86eeRa3_p^m-61h7Z^ElJNfp6Ds3^2C)Xzi2ef;w#BxKwxwO{xdEt(
z1q#vPn3NZ`-u$inyh|ioRQH>wo8>}=y1%woVEf9I<1Z|!+A&zns(_OImalHN=%zia
z<c==6;$30LDc2y5=5%xnx5Jy?s^1zJ@zLE_=e4$F`JC3Hz@bX4n#OG;?urxi^D{2U
zsjcpAQ_fMQ?luEDXS22W1$~B~h*jq0$XAGdksn7|L|bp94ZOZsRq^KmlHbMy!OQX7
z+LQI4<jm{2)5e*W=;#Jxw60S+c#Tr?ZYc3Y^H_5iYmKOGFu;pY1ML)ti$tnd2N0rW
zDJTpZe%K>7xPMMlgz_m26N*r?0*Fv!(kuPP;>OA$M19OD4if^PiBKyJ7fywXjGPqC
zx7g@SY2|i68&vb0<gGi>&DXx)U7oG=F1YHsp8jYq>hU=K@pb!5c=E;@J;dQ*TLIvy
ziR(URMQzK~Rr-#HcBz(APqp(tAeGZ&{i5MP)4bE}Tp!?wo11EIb-hlT@e{afn<|;-
zqSLeX>j$G;BmK1D3p}Jh&FPcrhFIEc?I9att@6ZgT;-Ef5!@zE#nD2fKGad40jDi8
ztIdhTl3yEeoiYB+RaylOC(gXNOgDO38B*_Bm!K*3XfPVA^_3`H)PmbZd0(<UdkXm-
zO>yHa!ag&v-AEO9xnbX%b_8n-9HtzswGsZj@4s`Y8HSeEW;69bG><~Ca#E*RP&RgK
zo!Ok@Sa2=om^XH8SPJU+WL%Ce{{jgY?8Bb&Yz#DavL1qZ1IS(MnUnK{_8C_e@tgrH
z>`XsEoA+-Ff|*v3@58p0wCcd~rQyv@1l884cy^5ha2Ko$%f!`yx*2~&aO_JJb}g}p
zzlkL`k=U~(s1TKj%dz9d1J5CHL-Oy_JT6%Mo69H|ZM*+zVnUE>W)-&NDKxukaVVB8
zY}OEfZu|a&Gj;m2>tn3z8fUide%Ueqlgc);AnH0;FX`+xZJ67=i{6nL9JRf7U+P-E
zzAnvm0i{&UJ`$OwYr8Fsh3cUcS<MeyUP;r>HP4!lgJ4q1PpH=eUnFkapnXiSrgL{m
zdf)wg|5Rlu)9Gh9yQ2B-My-1ygK1c$j%Bdp7FyELgN_+QXOQ6LuP@c+j3qRda2mZI
z2yfO_g;mQ~>*3JqkeF8!m)NwiDYFwXh3<Xk8rd(98c)JHi|8KLqM^uXIyRs)!Hrg`
zkv{7ZwK&(xe`YpQPX1Nx!!F6k<$H|mq(S}_y*P&nFwK|j%gXL4$yfB)1V>5!MO{5K
z_K&vov1x#27M2h1lX*ZpB{Z7KEyIj!L2V`Nisi?4hKFm`Un5QlJn}NS`C(`Pz2|<d
zvd^`+7O-)(G!yQi)!2e(6D^fwEM&t*?C*Z?5P?B}pe_%8E+%=G6k7&WDuE?oZt=8M
znKgy(tlXveKN9az)r#I7DX8@Xm9(ebIZWKsL_cboBObZu-OZGMx(o2x%-nj^$cxW5
zx-E>&qzG6fcYMUSJO~-WTC(Q@{3&a@9~NyoPFJ0&Tq~a<2@x$N71?i;rOYa7m_WF8
zEA7lxtt<O8-_STW|2~JCO*l56H}om#2kACwkziL9_?9|_nlQfQ!d%>ti3pplJX}Tn
zn8&wTmlQ;e;pvD~z4P-Gf36cH6(VKxivEo~ily#(y$x@<B|5(*p5<xCT{!_Kuk6m8
zY+zlVcOmmKOyxPfyt&w=bR5_tW-sQnif{$oZA-fydzypeTy)W`sEJTYl|ikmQv44D
z;@*xKcjen79j5mkyi)a5+qS1qgBrg|=u~Fsm^0$?3#Bb@2wlODD3yc<BRh#M9hIhz
zv2*J3DXJ-B)$2mZ&dwy3<W~k$W<nBQ7=#Grkq0i=gSwSUDTb4fB9Lm&;g@UKZ?c)W
z8T)4o=)?4$@7F`>0}aHSueTF;5Hh$G*niZj6LFq8U}dikw2yvAG78_C*?f&An@D3*
zzXd_xhh=${etNy$9WOUkecz9Be&1I&eBJM7D|$cQYid8AXLf!+`$tuNpO5Edc!g=P
zy$wjJA*SbHX*~`&zJG=D|6UrR=IGUDZ-*-<Z%%l4Old(UJm{$-e3cwE{-i02@>c_?
zj@~7L&t3R!#r)O>*|8G+Xzg6;RQ$p^f6FfPu4tD&6x*iM6~4dvLZ)43P@D?dK%aB1
zQSEAZ`^-7CGsDWK%CBJW>*(tEbUuNwj>|Q7lj<HH#^P@J48h)RNbBtFvi<zN*Phna
z^!jvyLO1P4JgV8Z$VWm<r@Zav*PMFUv@6!H*R8Kt!*+5P3P(~GN{jF|nL3@{Dx0-x
zbldV?w{w5q9Bez!p69js?RaFqqN19Umz`L93&wM)xbqP$x`<lDV2&hrB2<ARqdsOF
zIvCuH*wFBun0&`@ij$$lv?v(Kutzoj-bu|SDjR=hrm@}hrZu(t=a6?A+|^{y@P>yX
zBFx5DD?x5uoUr#d7;i+D^iTm|xB)3q%Xm;ieYC!m%2AY8Bc!mL%MnseCr@HN<-@Tr
z0jIDm;*jVHG#Z@vF2dB)%r#0|t`a=u;R@GE{-e_a;H9Lu-&BX0!)&>8ils#qLXtOW
zfXwJoqCQsBhRkrTWLiyb#w!Ucj%Gz;N@!62+>wtn!Q%%Pz@N6`1UP<*sb7FzLHeD0
zjMKJoxIYb(j47LXI()RAXktB^)Z$Ri2W{k-yO-gV@M4_Z={&fmnzwq}?Cp1yfXHts
z|2T}3-_6{oq<HZzU>|Ag!Uit}>W+{z<?A$C=9K|I{p=j4zGJ5Cv(HrPzN)xk08K`N
zYo~~@>q}d9=vd?6Q4E>+7jsIQDx*{v6ge4P9Mct^(f<NOV&Yj26u)el4dGB?T!xv_
z{H8Na160loPuP`<S@$rrOB7Ol-zaX47N7>lzUd2$`>)eRwIdT2bq&PuZ4h}9q#vwc
z95JAn=$EqxDpjs_t>kKZEE>0lij3oNhWGp13~-#<JQ0-23xL!O?Mew4px+prQt&+h
zGq5FRtG<*iEC8M$le%&tJIL~cD~vpyFjKS~-*nspOlr4cP>|fs*Bu-hfU0Nlo6eq%
zH=d`0t&|gq4*qDN5&l3RFd{XvdTx|{L*a97)LS7*dkJ)m#@4k+ri%mhX)(q3mL$7s
zAWirv^zl7u1LVKANfgttB2b`;xj*PX$@xmLvK=RmlL_z9fdA<cuYWCCO_Ze$A>aH1
zf5J#m)r`_};nw<~c77mqx~fvG;zsPp^|-0(BRkN`7FeFgf9>Wk<^y*(zGAVr$9?LR
zFDBq4l{dt5?$s}LT{<{n%&v>x1<ZHub}B~OTL}M^&m7@e59weNddFfWcA-B4zFNmS
z(hlpwaLFOXvud84)t1^Jee`*!_GxhHulvZIAmD8r)b94RrHRpMD#jQgr2qL4MXhGs
z;YpiXr5jm=RpPQ3`NuQoN;*V!vSLK{nt>?wLO*69beAS&K9{-hn3(wr&H`b!8NaIj
zzm<$r!T>iyg&9bYRNbPEQ~s5O)(DxPlvXuh8l=z*{S|;1qvXba%cvRv$E&y(J|?N8
zR}b3bSJ7*Pw1tmTUgnOT7@&ahj;m_Y9#L|cYrU)NIIe+ePd^14W>}CivXPJ|fR-&|
zH!~q<t!KjbUs`AgLyVd=Xwza;*DgI|Am?s#<o=0LR@Bd_dRp>P#E}ndTyzW~xvWWq
zNQ)(LaAj*&H)Ue@8Nb(iGZONXpiACV!rIs&5mTm8;5t65SvXDcs2PqEW@^6Ny~{E`
z>Y{w%gv}jGDgGOFr(Th{SBbM^9NubNB6Bs+wq#I2X0xU((+xR#SSkEBVsI3f4R-?T
zIUQ~$^&|gUNv2X5Jf0HJ-=YHXG%cR)wO2*3j!f4sRSpdy`4s)JHh9->NK5|eS=)}Y
z!E44a?<jI^SSZ}>^L?49x5odqbq-orq{sZ+@g^Q>uTafcyJqoGvXl_aLf;osawK{z
z&Os||Gq+g(#hMn{rzQg^3{Jxa2uorRuXD1Ki*P!%9pZ#_9W-(ys5eA88cp-$hMf}3
z);?Eb97sf;j<AULLU;C<E}KLY{D>hM@zKOhCuT4rGn4dA37TV)24?usx?g(`{>XuX
z<^Xieu6H6>^@6=G^^PWo`osP{+Gc?IRLyauu7&xrX&Z=Q7YqLgD>^Ot1~w)MA)(lt
z$UoUmv6l;y#{efJ`Gzz<sRX5TaQ!>QZuzjH{SbpLl8VG`kp8a`^W#7*EUG4l2^33D
zfc_^2(wXF49rQ?4i1a{G+}w}o`D>5^j_NyHhLTCml-4D*7mlxGgKjG4$M69b_>A1}
z`SFk~Vf7{>wTn9r_i3|i0wj&P=Y-NTgk^|tIJ8swzh8&xE~Zp{kd8J2P)7VdDtKZH
zN?_;Uji0LS*s++qfhmIe82y6vrCi&1@n}?ayUU4l1U2H!N|H1w^YTqO%)gk(__K>=
z31?SZoZ289><=fRB`%O1*(4mlKLla?YCbF$8fR8LpRiv9I)1w!rOoIazkhg(@*g2O
zbz=NS;|moUC&L4xF9eV6Rboh?4;EAIwlcX-JEodG-(C1>N2NP|d9`<k)FXfEUJ~rv
z9iMRwk8g1Jg*msVyrW0qK&HrhVi%cS0;5~lwMJ~TXm6C-gp~lLywO=O%aR&DvJZeK
z`yz+T{mfg4VeJ8&a#O!^t3Qfko_8WSig!f$P}N<irtFaFJ-awYr+D5*cr;>Ez|r1$
z$nR99x^Z!klStL)LH&v)A+k=Ek<x^AknKao-rl&*ucUelPpHM?T?=I#>~>J{8Cz88
z3geZcgs8e|fPG$>7Fc2%vJNAp6vlf3g*)b$p+~`iWS@#|i#3s6lJbKlmd}!~Kygo<
zNp&rfI{rbZyw9nJdMS7pY^GWN$caY|x*SOtYcZmVit}o`p8Z0QbhZLkkg-^meE`83
zZ~%dMr+_`c^c*LTEdVW#9YE(u5$k^d0jF2M4irfQ@tzIi5tS#1El_|2=qPtkJ+M-r
z$E4l|_IEzBs$`t9?OaS3*?P9%OW~6=fO#H8+(EZSKzJ{8U$(T0r0<^_5PI+d%L_@x
zX+O&(2E8lcxN}0hBBP~krFY69lhTSTld^7Qgc75fld?JF-N))(v<%!(N;{n@TLI%-
zW-}W+#~{@c_R&I*avNcm9@ISd8+Y$OQy@MNE0Tn&wla=MXBj{M8f|11*tYg|z_iic
zP=8%!2sX}aEaJH)upG#<^f1Jufnm6OYcGNLU`fq~VM-tq3LXBG=VlgIJEnvxKdpuN
zg5{@sZpvYeR;%BijT!@rdE|5z)LgpPM5<I>`K4$1_avpIXR!Rzt1Et)tqKb-v}pB1
zAH&(hlSPY^%+{fNa4Ll*SM=yX#pPxkNFMRh(koGX6(D~PL$0Tea>UoyFn{XL-yxXg
z&(0KC%S~CCEi3%qtA{`}1v#0mtbkt?{_mpK1L0@^yy-TJc+@CH=U5v6s~569L<sXn
zZX(NUj_e(RK14q9l0HOn0kWy8=}<;m^id)ROuyPD+vui?y>FJ-F%Tps*?`2~NRPUb
z=8;wv#NTXzI5jj4D5J0R-b8tRe=ESxGWL7gGYw|iQX!VHEdVRn4<fWH*hQH}VRiB|
z43!+Hj~p2HsC*%rM$64U(96v^nXO7ou9lnE!TI4Zcs8%&w|CJfoQ&Sh02sX92~wfI
zNgC{4!T$(|k8Ei7h}^)ffXvpy)J~Bz5sM9;@w0r~@7}TOE!kICe4J@wms@xt@&2mI
zqP5)I38MeyTqescJ}|3;=~!&q%3?EH;oD=%ExLfu=e2(oW%WnW{l0-S_H5#pTW|r8
z$L1s8jUaFv{XmQ$Gy{wvyb`7zK#<4o-J(Pi<+BIo&rQU)y;2M#NY`6%DLK{B)%UP{
zn)=I=c`%zSOY}m5!JI-chLIF=Bb*b<<^20v63O{jk;Lti7&a^Hq2-YSrJ7D$_JBG>
za$K3#eOS~Vn3SM>*+v9L&U@^fard<%@&dwN;=-{`Ry!qgZQEb<l6DQol$U>s!Ag6p
zRF-s6DKtNy#T)z%ba>Y`9$cFGd#IY0XFCAPi#<5yC0s4eH-QLL{c_VSpW5&Bic)Uq
zkNPB*XK+CZ>XDkAL<Qgz%Zu9(#gYK@a@J+MXevN>I0*3-Ihvh80h&f_ixM>36(wG<
z!)-pgw-^0|sn;?5G}{LJIwUXp!%_Tr)2tH+sgVpWDb@fNE@ice5T^}Ygy)nT+1drQ
ziM-?`wTWZ=WKvYpAq_O?BZb2lEzV>|TWF?=y)PEo(c#2LSb)XeN%z|lr;r!q#olay
zIn*`uD5KAH-bJ`&sn_`Vk;XBv<%AndwatPk6Po^%iEo5yl!*!=jYDeXgcvHs(EsNu
zL>m7n)>f2sA%sE`m!w|*F6oiF#W@TRgBSBIVgC?=%K6uq12TI5o*fLH@hiJ`$baPj
z98KVUkY;C5+BOtYrdoN)2Li6;+4a+Hf7!mG)XP!}yS&s3srRo&Hl5!s1vmKRE|L|b
zURcy2^(@b9<#1Y@@$9h_q};%l3pxTdJJ|wI^yH=7;Eg?71b!*NuZtt%jU;j({YHo+
zG6#$#x)q@vL6FBD*r!4k<97fN$V(!yyHg4$O4pZiJI{?RiS8_88}M&H5-5!dPEHiq
zUaIiw^y@75;&hQKyFQ!G7&jiA3H4#tJXA|_uk)BRvawV!MdFIkq`KuSFdJykzmKf~
zH4CLWqnP8bW!F>H6$vN2%7u3#DMlpS#)w(-PT0cl71vORZUD|hG~Q*fIUqZ!>7MFx
z7+KN_(7j(u?u}HN9dS_Ct6`)`^=1a6J^+<dr5J9w1mqyC#}2^lg*2V-7b3neqL#42
zq(!9;(qgPW1+)>CW-lGn7y#ANL;&it#uudFkp*Y1N0flNK97YcYHnY|uVcE+m-uP!
zADa1G0)h{Jlz~3zjDYoioH|xDh@Fd=qNnPbd`PDADAmx+q4g&L*ur&)#iC+>Z7@ZS
z6RB28!wY4pFuV*HD$dUr6bZ$LH2J(ArCe9ntqYuGbzJK!zd$PE@;?uVn}ii51jeKO
zzq0S+OIAFzVV%oEZG|Vg#`zL$AD!;6yeYX@NcvrYNKmCu$%*te)IdTrQnNmIN>#Q9
zZAK-KpbyY>hv&ZkLb6+T5_m8n8l_rvep4>C)w_-8F<-|U1)$?p@IPh>vRF)<G@<#%
zQ-8wMiKG(q-)Yp3IAy$Q|MwEksg_NG#z@s{IEa3|=RH<>8CpjFq6xd>q?#%{mLipj
z21*(Ng8^-a1`dx*t%c4D3rgfVTHJ&PFis3oHEP!b^j<Uc<|Ri?%eYJEl|ROVDy!9!
z#g{A?Dv2+Wy9A$hx&NNJ+tnsw16QRdBwuxn#{H3sA{}K&O36H@8c{w(9Hxq~?sG?K
z5`ucy_Z!6NT2%~=yXK(GqXSYo5@InVFqMFk(k~SP!7xT6;0>!kY<x_`m!gtjY}`<d
z(1|!;f#i)+>xNr@E06{-SP@2QNnd~4EBk!h^HLWICbP5w<*M*mThsxT2Tn0{|8s|a
ztny65{uc2WFd6|Ay`+H|l1K^QU~ZJpMt<;Scrfx1%2GEbZ4OSu<k#&Ya{vv}GhmRo
zF^E*rVgN|-TCg|FFT8-x^B|cTWeu;1MQ}D{ES1%94^%aVjQ%w9Ai|M!pC^6lmLT(^
ziZfwFdWeHjR$Tkgm3fV>QRJDg!8Y0xsL=ZdR%H;OE+)o&kSQvP`ji}+H!lArxjzy=
z+3l(+v$l$WMhGKOJ*=btZkC>@O^W2((kUU*&`z3S1(8A}?sY7R<XzK($VO!pd5t>0
zWc%h$c+=!nnz*Kh-v)A4TfYy!pko$T1}UhxIxlq7Sl2%3c$ZTJq_S!Te7K@hLyE3;
zZwic5)g$Q^ZA!R6Rd1p9>dNWGl$v2mIE2<!XV86>5zeKcKO|J7AhA<F=4{@INN%vx
zqM&?dQj6!4G9lQ-;X$Y>#Edw^UO#;E8KfSW?^(Z}%C2`yqDC(?1}QAOoK_W;9C4)9
zJFQeYbm7wcFOx)?DcZl8=UqKj0(OGd%DrXH#|ii_M+lA)a-P!^dE~5e-qmxIy#l`B
z0L9N6MM~GaRk#HYC+;%1>@R8167-ilkKYF%Qr1hxxH_e;SSxRY^-=&SEx)~m0Liq+
zD9Td#DMuKHmh^I_A#_*R*Rg~Gha^@$(#)~2R%7&xhvN2g*yiIi+gEuR3GI2`phBNY
zEUPL<GLjXZ;9KBLooMN9;I379$Ijp_A}GU`i|$>pn?EXRXeT+qrWgGVIcAtlS$jfb
zvq6icAc5Nd!ydpcn;M~=oi!n2vy?~M@}?^Kw0G-8zY(>8BXxcg8Y$9C3vmP=a{a~~
zS3|Ga#%qF1P=U`W>8H(dSC4<)yQoW!*~yd!mNvi>0uZam%2or@#_*RTouG~7ysY^6
zSEwF}q`{ViNNq?5rUHU3Ty2hCu0?F|Y~qf9)RTYEJ@Jrw;2^bX47Dq5o+213T6tsH
zP6#vUKJ1+-Q-M~4ZvXsE4=n;fCO7*uwBS_wY(t?lM;X-yy-<S|wwcgDzk+G1;p>1-
zg_2#~T1VU<KDi16rj2`d@-)^Nb3_|_L(S4m>zWVBv$SVMktH3v8{9*=_<E`N;)oq?
z!1+RTVQ~wH9U=Mz#*5OVWDRRw<_dMVB+csmyWSk;aF#RqsY#zSN8E-n9{osdRbEV0
zui=`{&Gq9jpIO1N_VYGJMu`RHdHAi{AC#5*pu8WfIEmM*rpN=aFI)meKf*xHz=K(M
z4xn-g)#wePI6Lvm8c*p8xl|3&Kz^B7Z?{XT4Pv8vl!;t8&%HE|Ob&ksgOQ)?n;Sg#
zueXFRRx9Lt&<O)1j#N-3H-w<_E`OCOEd(N=mMb8F3`$OM)gwM&dHz@<QOaqk6&G2=
zRq(z8rAqWpeuW%|U1Udtyt`#F0O!5D1x17$6y^|gO0VwmKoPm2`|vgiz|Uzbzq7Vy
z<@--aIYOkg`9QPq(I~v|rkwyz^TqZZFBQDJaHo|0u`_gzF6GRg?&67c1c}m8M0zIc
zPG(i)i_qp}Ieb7ZM5aCRf(AZY?CtUhL2(GwbYGz1-seQ)i;tEFC4_0Dl;oh&Z=DVG
zF?5BA=&DBkne(9NtD;zU8YS_ZW4M)cj_FKxvGE%=I0+KZVdvhsa;^YnP|-VrjY0DL
zP%6UyYQR6AB}7kR67~qx8=SV-x~Cq{Fg<;xO>5v+$vrIy0|d{J3oZ%V)`*q1sReAh
zHH@t>b7)!fRtgxy3G{JVTrK<vcz`ZmEG>INhj+83Cpvv)A$1IO9#3a$f?~Pzj46>5
zFMt!TU0!@G2vOI^OT@;I_-D;HTtY2~i=a!c=-;pC&MDx^$}O}OwLgd?ez<@-?~+96
zp9!TE;1*)=V1jmEp=+;&r}f4fv`yZtx{t=Ww#k2U6Nm#%6fJyFgx~Q|o!adt@F-%#
zTM}|y9UQCHS~g%&X@XOr-!>$6xCYzp-Cmo=>5XA!2Q@0*v`{#jg;B>CQ-SAoXd+dF
z)#RlyWjw^0@?Lt|!TSdA4AMf>8{G7Xwr@sn*6PCl)hh(I;dt#7>~|y!h#)G}zfXWv
zg}HJT^5%zYOz!%XE|r5GOFwv_rpKmJRd{IY%F!JqM)W(jh}R3`!D-i{h`f_hRRFK0
zwy95cCjR4R$W2#0VKGn}ID`ESZ$0#V_U}?ChqxdHa+}StU!psOU=W|8pO>EKoisDq
z?{eFBm=CT--LvlIkuXXp&~E(B1(0>cGF!!K<Mc5^fvm#YkQ7@A<iKk!!z%c%7DLXN
zu(HWJsO~}4vKfiF_RnUMB3~J*nMZ*S1h*;D^B?<JAzu|hw*Tl%hOgcFuby#=A3jMt
zJ*gTOsyAm)12nr?&EpIs$7yJ%kat=sf^CJ_U^M==ZNddhbj3#;IZ|NO)`h}f>z6r7
zib!o=tXAbnK$TX{>!D0VTK=oU;kgpfHvJ1r(rf22$ovv#H4#-f<Z=cUaZqh8cjORM
z6!D;aIFA#S2Mv=W2;5AOS&Z6uDAR!PoMlaLboBwIVZwLdcQoTN^}YeGY5Utjz^!YM
ztIeLqd~~|@Us>(3j3r-VcZK9F@s0cFg*$Jw{?1=tO+uQh2~8EmiP&<{QQr54?@OG?
z)y<`Ax~i<A+~SKIysx{HD86s@D0j`<)5|$Ny-Q*QQEIeLfrn~KI(OgS*4f`);%+aO
zAr`NvLQ7#RooXnWG`-a#y?YInb9qy`RPCl<3)O?FYr6&Q)1S$#gYNGaZd1*&PwjEE
zEYbO{8RW?~d9;#36+B6^g}ypIze?xY({Aqq>|^aaZPi^Rqu2Z6^M|NVPz&ET(FSVW
z%kJ<0O(huO=4W<1yrb`Ud>#BxHbGF&Z?l_===0;DuePuE`~7N@ecaS_&S+%g*qeq~
z>zHe(C-)&IK$6$HA>t=07PY|FVg~nVvlr>V^5b^`Ikm_VIV*Lil>gVaE1Bc3cKJ%v
zHS^C$)np8XPmC!QmE@W*m4rmjZTg=GlHIkv=}NpjF&CHEF}Ih`)Az@2?SIX)uxxA;
zL}6beTga)uou)sg>t$D6&c4(HUCKq77n!p{hZ^f1aHE%cRn!t#a+|qCWr1ezolE2E
z@Im8HxOK>Vy(n*M@N2srh)tqGYHbQsYWK3lGYFVp5Xv+q|2|?jbx*tJ#%rJyD4Z}e
zuiYA`qFUMy)3Qk_#@)rjx#Ra*r&eL3?2fFT1(+$Zd&1(5809>ytnzY;=rmdl&s@ZS
z4e$e1XH6qZDC9&IPGPSleAP~j4(Cg)@SCL?20|d3IxuvC&4WT0K7lU2FL3FKmFUK4
zq8eoaY!rpGV&&B)T($jeTiR3g`aJ-qsSZ9iVa;{?R=qRIsySpv+Na!_zexS9^-@g~
znT$SIyr)=Rvf#N1#}_fzz67O1ZHX0!#ISX+Lxpl~-^qQ;)K`=w$3fz~!ioow(HaO0
zgKzR8qDv0kc5vq5|Lhboxwg&cuC-AV)h%6J&T?7Pgb8J&6SF+i@bOqQ8)IZW82h;0
zjOE+QQIxu(EM|q?7OAY1`tNA&D*t9VBEaIK>W_i=8-w~R%2_TFI0W5Z6F(2ZY15S|
zY@k{lsA`zRyCbxc?|Bc;q4OL@n1oDrk&qqODx&T9(v<8wR{gmZfT4M!{<~u+*%g9`
zikjTwI;iL)*nZ#E4TtCPg(h#kVgqn3);v<UbAI4A&VIw#GGMN*k}w`h;=UWZ0vZ$f
zXBN@)%{mk4H%$&~SeSqm1>@pmNWWSE7$Q5u06sMxMO3&uc2HvMaq8Y0r$kzR`{quR
z<z0*e>Vs+uuR`!zwwI!*#f;O^fm-g{f>kxT`AF_)q;_5Cn9MMil!B$F^k9sZU>la%
zfn5ZK%Ss+Ry_=gQ*($Bf5_*+~?pVmGTT)FJur^}@L&8GD&+`L9#y~>A{(p_!S3DeD
z9|v%4bwOApda!yYSR_k`mepI75LR0yHhLGmL<x!BduOpxqlIW8(Fv=s-X%y#@^0k0
zc;ENxxtN=CaprSozB8Yh|L>eb20m;_6Q&9eJ@zS9E%>Y#k<QZ>WJ*#BuQ<QT)9qX$
zNbtw-)ipZmK2v~j18;5>f%lVRCQZe$9pI6~P0-z@bHAbe{k;m@S%{{7+se6hUWWf0
zY$@Xz@aF_@3VlQVZQM_pX)V2kG9rxx7J+~pYdmSSb@$T>10&tm;iOEDLMHm^WU319
z5qVDL2Ko)*uAJ@%Qx-c#AUsUD-JT&2QiSjISx_L9cO|8!E5$C}84a72JpXm!xCI~^
zOmo6H{{XA~fh_KU4|>8hU5M(*U)k8Jl4>rAO+ILG&o|c8_qdfelM#*=y;%8x?rY<R
zh)p=ZGLqgS?Eu!j^^_+QUILgi7_8ZenU314fEjVM@y!`<)K?~%0~Lhk4C15*Ygz&I
zm4sES$>vk+`I3p|Kr)yS^9#KCN>7|Q1Njam@2Y|C&Bsqf3`MzbM<lG>KPON%kT
zO?I|T{aLCqG_X_Pm8LrzSqiEWGVsrsyd6zyq!Mwf)te#SyeY$6p_89wzC|z3WxrR0
zl-`V(5vZJ$!{^+tP70LepI?Z#N+0RH;usFXBt$)YIW6&J{MH<L`JwJvBATPWkapf;
znjMw)Fu(1P9k^1_XtR|S$2++hHCaYEub&*_pdt-wF?4DupFZ;>-8(G`wE`QRmE7HV
zuMpi#16Zt)yn$r2O~XSOE<9<v!vS0-Rs|fX?X&UWoB$`+?j5?<?S?e@p(px+zcg5T
zy%~w$QDb-E&iB%(xp*WOhOO;<5?CGG9L;`8?1bFg8eO2dZ~uZHug1{9<h+hG`L+H>
z?<)o=uZTTm0vD-``p+{Nyq1ZvfaJAe{2+T_mHjYI+4?&#6$0pae5)>*Ustq#1_$+1
zi#`rL=~tv99`{Y8pR0W?6WWO_F)twcMZBexMgXFu92ItOm=?DPNF`H0a>=SCjHPUC
z%(#~<9{q%dcy0<2D7a<{W-rjQwUDr8vlsw&PS-bFuG6XVf{L4IxOw|t#M0=-;6l_z
z8B}>)3PioDLtd{6ekMWStTfbG6f+#V@*Q}8h+S15%tT^WuD|o4l4Pmo*E>@Uv)li#
ztm4H)+{mJ`13J`|UNip28&m6Y^Fo;=!^#{@rldD?^6A8F-C|>|Urt=-2}-TVRp<@*
zZ%8<3!4%0-o}9dv$IGB)U46kyE@Pw!dZI&HDZQb*@;&UqB4f_CTl5<neT1aZT&eu~
zuRN#;;?RMeW;&^AMRY609z#9A5Y!Qu{Sd{sUwl<veMz8B3+5-9wts>O0wU%c3I+@>
zLjMF63i;Fnd3B+&<fPfI;32wOv}eKOq(UTIp?J4w2l60<03%N2(ng<BC+*qwvd|2G
z<tz_S16LHNB)@w~;YN+>3Rx$`z6p*)Y(It`zFR(4C;92kE<VDFgV(!jlU`ij-l@B)
zS>!*uL@TOstI^vv!6BSm@5A-h8c|kH9%QKr<TJ{fkZI9MSjiSVp7&#+rte%Ff}Al~
z68)1=l<MA@(fa?4qOJmsb6WgQMiDeeF>9)zJdVvM#ObExuo*?&uW_6S{eLow7@9D5
z6KqDo0p}w33fH}vWO-lCe2O1;9EI0#ndr{`sVoHhp}S$EK1$&JJ#r2tX6t~N>rJ#(
zd*ZI16}=wp_loPJgIG&@G!@XMEw_?RC-82RNOikm`GqwfLXw8)^<kzs_z~Va^s%I#
z@0(<)E8+phj?mcl73>ww!8?gK#PxY^ep7wX^&}!$YJrUIBtk3TRCA8;$(9lh6M~`5
zL2`YQTo=G1UbO+|tsg>MyrKtWx*1ylg356zXycyf>O122er#MCbVseHUTFp^g4!_(
zoIpUD;ca}MpZFT=#2m(*8yQ0!QlJTa=fj@0^b7$mx4S9?igHHri(oxOG$hUHOWzJi
z?(SonZyW4Hm)1E6VJ)dUhOko&+%!guenD4I*A}})F04;^3Q@4z(9MvKhl2YIPce5j
z6VPt_(r23-(2htJk-B-bhS+2<W4lanR50%MrwLWNbJl$mV8{0)E%k_2iopILxk|($
zDzRtms9TP|-$V-hi>-csG+Jf#E-$UzpE`uVyF9~wA(cpez~qiM1@>Sqn-WEV51`hQ
z{ngUUL|f(OGDU{{=9VLOCwH332<=$m9($?AaE}GNBD_Yc?2npq9zdL3BxTPkv^u_x
zT1R{?fV6xH$z2~M%dD+h9q+eNYS_<+JqcT0jY~Xo^}%YjzQNAU89_?rBXjgi%XdL{
zc6K8A)XdQz@?W*KItOb;;S=WujJ<pzw5?Pf-wjbm;{J<=Ujzkq0aWxghQ`80J$kk$
z%kxYg`9V-=W;fMQX=QXYQ&uM-;c!tX_D;9Z(V)O3hW(2j;P$LX*pU!oN5=dwpE~S7
zIy{+^_{*k{QcJSe{eYwg8Rb#n_^WvZZ0mOf+~egtpmwD-+{1~GOjNx(zI+M+nGZ8z
zHXRRN$ANpa1ISpg-NX}r_3X!98$rn85wqDk#bMaQF>RuhKji@9L6Y_#n_2BEPwKEO
zJDFZXi$^3Vuq}M_8=xknv$Gv%r~OfOYWb<y(J|7EsO+>pUEsQfT}fvX1M;rPP94td
z+10NrFeL;#?>=6w@)ee)#n@{qBg#ABKY}mf^sJlCjp)r;DU#n}Ai2##P1Tv*HH#Ll
zw+7r7**7QZ61C7&HI+i_@10i>r>*_V=C4Sg(8TQc8}zRy34AE92WuILn54orloe^_
znXPg!ND*k@8VW(nHI$G)P(uC}$}nZm#Up4U7E0zHC?xg&K!GM=p@0S$^FRY^d4bQc
zP(m?(pqyVr`MLNP$~hLw&qXYhAMgGf%9#>0@n1ucRKP+R$3m%)z(Ucl%j1LkK@2jm
zPz*B4)M*SHuuv)_uA!*YNGg<o2L6E(f`vlR@~@$Q2L3`JsmDUO?&lhcq{1~6l6owZ
zkUvmpVDOM@DA2@mlIK_`8Ek){gj_=b4g7@y8u-^xuqUf|Kj|UeKAo3eOch35rDYyD
z0@Im!x&tO>k7>Oj)$O(q&KeBMBuA@;MF<OuJ~@5e-`Yk&eNT}RDbyvY5ZLl`d!5;c
zY!oaUSb9Fyvg-fXXXN8fm8s_Nn?!YY$2!%QCHxbF80DcDtJ#2WuRmYJZ{wOqr8bSm
zSa*iBx0iCt0&BBuA2gs$Y%tkD1a$m=Vu$iM$sGnkxhsa33`5J}#>R{>)hpAfl4r4i
z;k;=aGIgAJGM42{2aw2$KOHCJwV&%zPAP9!_)dOQmswc%3!klF{GC-Ciub1)0Exyy
zVc=&f*<AhLT12xpILOI~TH5PJJAp-?K~Aavp!mr6j+uz2%xAtx1k{+=q(LyxTfi#2
z^#@Z{G_?!=Y3}o2VzVPCd5_Y1IF~CjcTp+Dyr|S7--dN&`>}l2Lj)n4fkFb%3>}@;
z8E>r@n6#@gE3}v|9Q=d+@s=*QLum2WCk%IF88jmZX&Ga|d+YSaTl4j*dEox--#egJ
z8q@m*Ub1M}_${xPzAMt(jBB%LB{oAq@gcL)4S{=^$Fl(u;)=$>Ce@b@EHr7w(>4Mo
z>dd`e^<#meB7!t!#MwzUde<M!-r4-4No46j6Va!x9kS?1-nJFqUZ{TPjDHx{1Ojsx
zql~NdOQBD3zE>fXppPyBDi$333dvLTR+4XTp+HbC0pc<&a*&f86+QS+<)!HoO}@T?
z?6(KJ;4<=;m$XPOzvd3ixr?)OX5q#RVk+kn@TtQFFj0^eP1@H0KH9};TZ#Abv}jj*
zoUeRUi>=+xm{cGeZrA}nhB_;#hAmyl=$Ukde*Zirs?F{?i_@Huxo8m~nodm8A85fF
z$Qv{N%16}pSP^!bAVw0wPNTEXBVG`hzd4_Jo}WmQ^0gWG*&nl_PVZAf#Ft$+zAQK(
zwPkSo0yqsw07~6<Z(7c^=1X>zCSaEaZG5-dSTqTjFdBGdPXe8PXb#8kJb~0kAHh~X
z_ZFfzA_nX1(?-m7zJ`Blrw(f>Ua24<$RHxEZ2%^9(LTmwzr2OMil8EH{Fx^l+_VHc
zZ2!A46Rx_KFFKqg7imyI)O^}A!byzT@@ex+SvGJ}WG>+~4Xa@h-&+sgR3_mi)!9J#
z+4@e0Hd9$^=yM$?j*&c=s258=s+@xI#q>#*D+THobO{78GVi0N)fcMB)sjrvSVdP?
zlosvIA92;z;*|J|b7#xJOSMJ`v}o!kE4xjE>#I)(u0sc%$s(!pR{?t?zPh5t_djsb
zSNl9H+Gb6R%sPcO)HUhN`e{}7Aj0eXbQ!<R1^)R75ZZE;vy%EK0)PuDDchf$5Xk$d
z@2apC2PekM<wU(X1l@P-kGseYqSByN)#Cj4e1oiGozzMxt&X*`W5KNGkwE8(O^z6|
zZf+9SjKI^3?(l3hvJX4E(QQ=weXP8T4<o}S(>Akp{3K2xkET)h+cB~T%E$y@ZSzW{
z@rhysS3&xcGy%69=HjC)<!funL&5Fj^xeOy14=q-@1_EXpGky-{cq|Jbs=b1R8VRM
z<^R%Z*`}bYWIIH-Wfs!;_D=<%sMVYjS?v65T1R-;aMDY;@LuI@=PEN|uhDy9kjrx;
z4&C^T-P`bkhm2AMW2Nn*fNaiE#}`ro${c#mBe2k2(hDI?j`ayecwiW$to>8-j~+X-
zWAaJUr}SGF54xayYxAEl?iMxA<TwKHO9Xxj^@>fXmu#02#RwiBU6lkdq&{=Xm{u;-
zdv`NAb7wm%n2|N{jR4cHm)9i$F^KP8vwMM$r~OSq=|+f$=i9~{Bj%lZLolkJPYY~G
z_E@yiY-i|l7Foi+INA!(=ZP)#f7V+*r#koi(&hd2%Qmj{n4?dci{@QUqAzYP*u-I+
zd5_AB!MJb?CBeP$)Fw^$I&s*D%<&nfCv%0qGiSgE)K|7Okr~3(CMO!HSCUbl`BG9U
z0W#qFs--5fr~ZJB4@*MEZdw$YC0*T|(&pq<CvCsq7H__fjzZ-#nQOVyZ+SDWc~9sf
zWvXPRMaiF)&$_?u1572TI9#~J*fLp^Yl{cBY}}ecsTx5}H*kE6133_q*y#?xPjj{O
zL&|{%hX4ts&F@gkhXX}dD}G$*{hCchuv5dtx(^DH+O48fkQ0dRy8H?&7YgPt>x-_%
z)(683emsYcH$9^f;FPRA0g~$2=WOG|@I-nLdJAo3bF(9nTHoVVRP#HJ%;E)Y!zu(0
zI(GBe47ss+Lu`R8ZbA@=+QwA6YvIfl2AenNg@PPS?l2<G<<$4?co)O(l4sD>R^1#Q
z+OoW1-wTehx*B&m4#CtK`675@j297Qoc)Wh@7mWmQdY5YKHYY>Lt`Q$NIf@#PxZ}|
zO=T_Pa>)*pPox<`Jkb1dy0UnjeCMZMV2Zlfls6miiA%-Y1y2p%!3}E~j(a$7@l->o
zdu<DMFWGq!9bCbrA8Law$F2r%o&}hu+Bp>?i`Y3)pv2h69f>Bkur{Ys`Sd)Q*2#r~
zV$%1rx2Jt|&-)(^yb;J<4TdGz8MQFH`MC1VQ?$SiyWmMU4-UNVbjy7~*b)skLo2`#
zpDt{j<W~iy3z;p5;rO%gK2rw2Rli<0S=Gzl{^#@S3vtQ0F}vQYuTA`A2>I_qz7fyj
z4IUcSm18;qMD<0_I`o%9L?pwK5!PrTOR{|bN3|cB!MQ4WFMoW!J*!AnpKrt+A{bU*
zSanJ3#Ga*v+_$O=*X}4z&C5)==cMesAIlNvOyR!v5I=j%eeDd&gKlQbTi(&^z4Blh
zHYn*FGL3Jwp%Chy<D-_#eCSxjvr5@gM#g070e4k=8>iIxD%|>G9bmZ7f`q&9wCPQ|
zPuSOk<DJlq_px12v_<)a87(*qMm!>(0vNa9k1<r{8IxlC^qgUm&9kxf)_ft8;l&H%
zdLNPAg_Hi1LG6LZL)f>wv+7qS{CGEB{AlCiWjjhvWqgABk!~gI#KKl7C+E4_oO3T^
zCa!V-g)JC$I7=#hw?+%>PFfc8O}$aI7(yyN<yRep>aD?3)njBvGeeAQqg0EqX3#cY
zo_L41fCOa;nfO~$3soY9&p}`JtQ@IL+Rq0}iY$h{FxlIX_WI`d>PDi<t@g_wXg;wg
z)Tx^3%V4Tv5r>YMux38rYwWFaAu2ipbMxMY>{CGd=8B2ONW|EVU5(bsYNTy?n7bze
zIDp62JiLxXu<$0D<rgE}PI$|qmcApc@wnETxhTz<e1clLjLN1vG<^kg<d#Lv8mZ1)
z1>PT5D+Y$q$dKu~mTQ*bw!SEChA+L!0;w7Zclo`mc0)tnQca2J1?Lus$8g<i;EzhH
z$2xJ}Q7CSSU_bH&bE_XI+>hLHjZ@lrOw3(>MjB-SogJ8ds@&h;NiE!+eqVk#%go5q
zwcei;v2?t~gWI-WpLlZi^OZZ2akukiqZJXp7r`&pn@Pk{E1@OCq#pHrVYgpkLv7+=
z1Eb!eexG`hmz<-6_mWWT?!1yUEQeXNQaxr_&B1aaH1}ZI!DI|wx&ONYbFWgE?HlWK
uv1t->{S18MN9uL#kfLN4^y~X75gs01i08#`eC!UbzcGfbzi~*3asC5m%-dN2

literal 0
HcmV?d00001

diff --git a/assets/fleet/fleet-100.0.1+up0.3.7.tgz b/assets/fleet/fleet-100.0.1+up0.3.7.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..5f12694ae6d8023c0d3449a84c62a36a62126317
GIT binary patch
literal 3173
zcmV-r44U&FiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH+%bKAJl`OIIjk37$$O)ZL)-%?JRsq5sfndTCYolASu>0}^s
zB_f6Z769eweCluS0H7$6k}O5G<=#d6!8VEA#o}cbyNfmZ3{iK^QX;iKCPVh*0U!v1
z;P~*+{tkkm`8y1cPo9K_VfUyTo*V|@lOXJNPr6SacnD#dkSk5(li<#MH3#=A0m8Y^
zL{q_4<N?G)6D9_JOtfa`Q_&&07H!IvCX7X3w@W*g$)AQq$LT_f7^S9tib({L@Hj=e
z5DmX%DCrQnCM<%MmN~W-BBnG+kl%{J$q-dWVvNAOY&${KSZN$CBoQhCMtS~aVQVJE
zh$g7ogOQ9NX1UTRm2bIL&_*F)SxUl%JR~wC3fo4wV&*)O(T^w<6+D7b*CSb0J_i1Q
zf8r&WAy1IU6jkK4Ar?HL+9C|77Mb#qlODsw18|H7RDTvd4?toj6xBkGBj{6xQK#c~
zVx!rrQy?X%Vo5W{?>i$A{6IJvpoBJjPxbpu0nu<76NVm*4OXgkrlL;4$S+pZ?hK_+
zs}2(bp*n76)M(&UhdY`ME(`)c@WVgknH%O~Z~Gk-;Ozg1upHGx9RMrr|3UX)&i)@A
z1Uvh`4WL6Zz^Gw83MF?+?Ez>qh+yP27r>I7=Zu{TM&oe=Z~E_qK9{JFYtJJC<oeA@
zwrz{|waoY6J0Yj`7$gp;($XGZpi_h_?=c#~j~8!2^zEC!<vo-fH7Ynge*+5T2qg@2
zrJ;wQP(z9my*+sSg$y%>GlPfjg&&JybbNStU~KoLCI9i_Z3L~>YH4r?$YYUU0#?JO
zLY<v{wRms(z_70YhnXG&)j$;xrSc&rpi`=voIbq0G$@J=I3~~=1A%K~46eAi=5TiE
z&xUh$Ivvd^BzYmf(vtE4^o4{}T!ZLq<Y1Rffl5Wr61%ig1A!EY)IB8Ht^HYw@fGE7
zxJEg$XM1=wwEX{`qE1o5Smba`xCSkNFea|cIm|P`8xtu&Wf;@`*i0Cez(^07@;y4>
zLgJYtyr_`8wFnXP2~%jgH7oj0^)JYz_%bf$*xPfDZoQ*U=S8kinzQTWpI>A|scRvV
zm(hz{vX{{dGtifYRV;=>0tz!CiN*vNRobj&B8G%=1wsPNfFy}TrBH!RiH2*+7;vE>
zSLil|>DlAr+({62PkeJc2A${oVKDpir0a*r_95)<hkrCr&)wtkzOP2{zF$n6&qPd^
z=k<ipW)?D|d3*37MJPR^iYPq<<JH9y?HCA8tW=gsxe`-Mw-_if0m=)fqj0sH9=pEh
z`@1$f*D|(vZu8g;bxUW2?*r|-U2b{Wy=|Kl?30|?J=1XREa!JKxmqntdTMv5-D62&
z+?v9R1x<(5=}0hRVr=l{1oPp8>EG^AWtj?&R)U<dF_iP|B-#h6pDN?B_32=$NM?3T
zr?x2(*Ia3dWLWx?mMi6!u}X#Z3!_;KLt!jY7Y{vaK_eIvL+Sx!M5oGW?|_LOVTBK`
znKixuZjN5LsVkIZ><G9>@DdruT1bO@RT_}Gd+ce!P|iYxHeBI&>SsGt+m*-+mXHy&
zUjI8MtYzO?yB9&r@^Y`R-^W--@J?LDDJD5X&vU-5VPCkn5g2cO=O;ciIR8)MFk?ic
z>U>I(WhT_o*}b`fEBwFUpc^#&zr*9BgPs4k4Y;{!8_P;LLdzM8PlciVR2;+O7PKc5
z&mhu1_#a)U;LOc5+FfX7O0rB+uKUpXf7NMi!~mJX@}V`82YJ%``?2Tq*9J}fcZb)I
zWcL^huFC(NoP-ViKMGHF`o9&ZC8R>{it;3aGrI|XAelErO%kF>RHmDX44~jz3dT@+
z(`L7GBKXA~@;CM;Kx-BbwjyZV+`x3N-C}Qim`rYNrj}yH!JkEwlS#A?LzBT|(%PTz
zeHK#|ax5Tj1fNjjREho^hmt|1Wg*4csUzqeA0m%oj_&MqPUJ=m)#z{mMwP>g$fy;;
zjMoa>$)x03I=hCxcnQ$5E@)l864SSh7101%W(k*}o3=W(bAOlNyVg2|^O0K-EGBWy
zb&@h>S=LX9P^YWM9m|O8SQQSlslCQtD#X<V#z+_Ku=)1tau29Z^WKjaZ_g$6>6bcb
zqj55EKKNwnSvT#!3x<Zs@9{clh5fgeJq`PR7#!{F|2Cj%|4EjqPI(BtDtE#<r+~^Z
zj%>U-izor?B~g)&DYh%gvIXQ&9t#CwrAGs-#$!1bfT<t`OcS9TWl3rL#L<jRyBN;9
z(;r@6o}Zq*E?bJo^*bqsQRO8-pCU^xuwQ>$ygw(}gy)6uGrLjZHoRz;k(x~A1p4cT
z59goGFW&#-r=~>4c&|r)c^3xn-mgJjWU#9AQ&+t5%B7g$>DQe7Wf!z@?t?w}8_k*w
zU^01H_PAt^)Nm|Jrk7kC0Cxy=Fcq`Hf2R||S7mYWL=6@y&4#j8(!yPZ&F-nSjr
z@>x|VM>NLMI2O4(U6zj5&|XuWmJ(F*IWvZhB+ragi=W7lfe*g`r#wNf;rWbgPO!P&
zs%fSfS~K~yL4S{JIe#0_JpW~n#P@v<xa$7zAUta3f5L-Z{I?aTp8t03Nv=~N>Ce^{
z_*c)Bt8<t}hDD$t7_Q?L$eg({29nY5rO2})gY3!?X0;MF=dDC8V=OS9J~QTggtAw8
zF~_G-kFhBmn_O>DmS?xJkA=Y{&fuyInYw_*aV#?}>o8loH1mBF7YkCbLiEau9_0z;
z1NVN0(P(N2<F(suZ}WZf7sq(5?IIW!uGMt>xAf)#%x}u&4r<=}jIp-6(UD!&&d}wQ
zwL7ny8~?)9_4t*TZlgK6s}e2RV7G0mO=W!e1$?NLyW`GXW5n$;&R@Dr&IGMxm$sy5
zRiPhF<0`#uyn+=T>uBL)AEv)TX!?KkbMAgT!BzKv-Giq8cicTV+4+ClfQ9-0hIX!D
z_~&fb=DaF8|JalB4S>`CT9xp<|2M!Y{SQwLn)%;gSO2*kxTPR{6!@Xv4eLeYXQiIH
z3M!d%_$+z~dPHFYf}7Y5aD*mEsuie@ntUI7=sQ@V|My)DzUuxz=r-%WkGjXZ`=70V
zTk>U<+U5V2OpCOw;(8jdwBXB#Tx&bml&L!D233mRQ1$NrQbFcpZ_6EQ2^QJ^`>qCE
z<^Rpsf1VtMJNv&C*wuf2+i<)7SFR53;0~_x|H7c5|J~pq+~t3^0{5C7FWki<6K*_{
zS}xobIkb92$Eou?YFTmD{M1B~u9Txpj~6XAXTF%{a(0<WmasG4-_zOS0IN^eM#xS2
zE3WwNaRjqFov&uvyk}k7Nr9<ab8k9I6P*_gjjmhIT93VdcW^gY+x{2#!<!rftNg#i
zrvKLskB^Rb_J14j5ciF48?}oabDwvN#Q`(BPqfkR;v2=e?_)G>5Mllb5xzbD@pk>c
zpK9<G`rqvy9X0*G@MxF+-wJG4|2<X2ud4bkT#D9a)!r5AdX@L0TG)!xFDe5!W}_%e
z{;GdTs#ftD$7*R^a?$PzlUtP{>N%S<6|qrMJgbtcy=u3M?5dT%*0k9`9J}QMDca`;
zQmdnf6}9xRyq+Fzsi}vx>*`lm*2AjmdRVVOzR734%6<bz3##oGb6HSvzfKYMuH<_M
zi{bY3zc8(Lyb4_9|96k)^S|BQ_y4v6x7F;dKKC;rbzwZFrYzMuYd;SP<uwQq%pRrC
zA{H!y4`=67GeqP7^?8A4QS0tR?eu@_`TDKFTKa#-YQR<cADlG(|1b!4|NpTS*sNx+
zFawV*{0{C6i}c@5kqzC40q&)bRr-H)a5z{0bFj<*Z3Xt=oM?@bE6@VmqQiBH9C|rr
z3FQOGNPI;GsC;kFeGX0KnLYSHrN|fznCQ8fpYp*zNMuCQ5!#QFRo)YxczeKc;J%CY
zyUc!&023EG{NL|=c+c6`eg`dcB0+`{80F}D{;SJRms;3QA)blhP;mHob_ofU$}_=s
z$NqHUdw%a{*|9&TFVaEB{Fpwf5%0_x^+<e`XZDl1%6sOk>&$!R_sEs^%-2Knw~%z;
zJ^PQh2Oo)~B3JO{)obOMknS_a+Vg3Gq~p+~`0V*36^jHrkG-}#*uf5Va2xzL00960
LB7Mx=0AK(BT!BtB

literal 0
HcmV?d00001

diff --git a/assets/longhorn-1.1/longhorn-100.0.0+up1.1.2.tgz b/assets/longhorn-1.1/longhorn-100.0.0+up1.1.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..e8bb77a56a10c8068a644adf5f7b0d8eba77e560
GIT binary patch
literal 15699
zcmV-ZJ*>hXiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMZ%b{jXcFgkw^pQ1LMEZZ72MO`e<=3e>MQ6wed9$V%TWqZxe
z<g>wUkVMo3IsjS{$MN?p=UL8^eGAt{UwDy3%b6MV%!;XQT&fC%LRFzqNEw|>8K*nP
zQ^aLwj%MkfHvM$F-R|MRf&RDK?N<NYdvS2^r`?0yz1`jYmoE=r{;9jW-`#)lC+Kb*
zl7=T267fHE@7-4wxqp%eQOYEegi+CJ0mMk6lubG@k}|~|!gf$DSwyIiC{26d*d>a2
z^4$!{c-mMg#$1vy!ATD|qVW{-#$pK(S&HTnMKj!kSGMiOqN<3<P>cf@#9T-`Yb?%0
z4^l$&o5rshXICV_BAQ(BqCNHHYIlSs+HI_5F^R4)7lhFsJpEta!CvRE(~Y`Mn`__{
zBY`b`=`#G}Ji|SR(_Bc*Bgt6WSS%+|%w`#*n986<l#zE1s;k`=%Cg|k&TeO~m0%Hb
zl1cr}Q5uK<1PKw6lTj{l0;810mmnnLXoA5I7{-jlU-J>>6iX~RttnIJOr^|3Z)ayh
z<TM|3Vm90H!o&kcV%483%F%Vl6wd|bF{2VwscXhG9`7J7uNlAGnIT04HA=tYSc;-q
z)!I(XQpWweNWF{nyG}+YtxG(=W;_wSR#cEDau~Iu5ZhK{@KtZ|6^YenB4R;W5zw({
zUFIYFE*NY@N;TTN`?NJfgi1sx=DI69LnQ4%@b>==*s29kX7R9KtHK?E<vhl^)wM{x
zUa<(%388r1(t5(v7)LWi(FF5#>xn7i>sA_}_>#~`L}qAm>yB<&JSXdxlvqe{C&;~A
z*zI;Z-A?z<d1mI`*Ou|i9*@%%N^>l}hyt*D{oj4Df4Em&|My-#uKy46Jb@EDMtLg1
zFn|{JUUapdz{QjZvrhc&==G~;%=ipRwN#8ridBIV9H)q5xI&zuQHljf1|tj^5&|bc
zsAMo_IR}YnS&H-uGD+D8rB>mPDOSJ0E;kmQb39R!dftO}yVcS&O_g$>nHol@ncn~$
zXG{>uR3*Du@5~72jN>G76$y)~GSSqQXyR8(^|zhYcW&H?h33|Ca_5F~vY<^Tv|ry7
z@|y53b@ySfySLjt+}kx{rUd?dJ1nmn4ZR)g9_rUt@b(oq+_BSU+1=FVo}y|j>_8zY
zk!tj|{l$Vru5PKDz0O`|H%g~w?6gX%mXEvj5LB-)hf-KvCzK`lgp(`G?d(E#>P$5g
zCAyu6yM`*=?&)p~k8mu=KkkN?ty*fl+j$WXPEeGIDU<SU9R$@YqqFNf$?`NEu$08}
z9`wg&Ob$2}n95d5V6OB=)v=q<Mv*@@ihO_I={{gw_JHQ8QtV5zWqA!H{W7Il2#Klb
zDlroBI7LGAK=K?{UY_GDB{4c?xv~=WTZ$xcipb1iae`AUv3Z|!PUz&n*+@8<s-$=i
z#wZm=HvY;+uZWO6`1zMs%T5TT8>d*FGbT?6@4^3R6;q_#z4{WcXZ@oc<NAkSY^ony
z7TqD1lF*3;UCrz~yFh$`Z3E$(V~!I{B|+&B$J~`bY09q810uYik`%vVX+FazSfi7e
zk}=0fV!Jq<5OMhmDGDTKEWyGQu`rz=i3UhcYcF517^Otc9oibDAsfphD#_7!OsM~8
z?UgrIm=7H72%QWtk1>^MEewmjCX~!jdUS<Iss^uGEYBt!CHQ!X<4ep-aMh`9KR8om
zD3K)b&~#*3uAr>~01sH2_Nm1D3Z>?wGHv7qOEE{r;?%(E<=u$w<k(rULJ@F?Qyfdi
z9k&q1iJS+$p<J>dO0PUh>V@Ir0ZZObF)feTTZ(To97~*}mZAv}iZny@HBSkhyrIX8
zCybgQERD(kFp8VUMN3e2O$RK|y%R>=obv2+rll+*^gWT&S4ha8FiPcgZb@xQ&MwE|
z^hO>G5JxjCl^Gd=Y0IADQBKmN1f2SWDG}2drt&=^vP^p4fMFUvux`vtBQRiz&<p7x
z5N{p{L(XHx^n__lPOxU8#Bv!aI9ZLwaf%Vmv!U+cM@-eo<78-Ou$@ATs)>fFJjx}T
zDZV<@8rWOIp99Pl?Ou@?2_~>x?`;otj3+tbh)RqT)0$Nbjt6h6-z`<k1u{;qki=f!
z)RZ>A-}2Ov-o6lyl<v&{32~j2-xUI;<yM<OS!v*I>1T@2LKfi36X=hX+6>o-N~KW?
zEW>hIPxtNw+dP~gJY#f-<u)XGa)6v-`1tcLAAwN)J0%nY8nG*EdO<XSoW^XXxCx|E
z_VEpxWhu745r8KU!6jCT_$8jV^$P%&DM-|eZJ+*@qtw0ERzwfl`d{}FkH<JxYuOpI
z^G|=GrJ4Wf^Fq8;K@hg&tuX)e`F@x~s-%2$iRZgLXq!JYYP;>q_r3D>y>>D9M&<fa
zV{clA6P%@N?tdtx{%x3GT@w5uxZ!R8OL4;6{=ehkFTwh&jyK27lWP%!_ZV`Kqcoi>
zy<2yk0A&Wr498?VciI>D+8R>HAjRkk8$gi&q!v>V6P63zbUbAw#+on++gxDYF|Hew
z3I>EK^;KX2@l;v%`d=;u@SFmpfaw+Cj4E0PxF&K6DUmYOv?@T^29d{8)xA<Ul?Bjo
zW0kOCxGW|?wUE#XNTpy9I?=7Gff3t)l3#P7zt2<$6vtQy#OK=@e~xGD$_#3p^K=d)
zjx=q?5_5Q3kosxIHaa6x8wF1Q;w;xb*_rushG*I`+}-=jYhn@nEyrT*@~sx36OM%`
z{{)75PHH<${cG$eux0c}^8_YFB_fQroQah<8_P6vlq9Z_77Ax*rrT3U_sx4#@EB38
z3!>Oi<g(bBA#BGs(TP<XP;Bq1VZPe!?EdA?EvWUQbrpaqQ&!#$$vT9!0^}4QISdH}
z#uLl~R4-l)RqG0tGS(I`5G27?1OOYG_O3~q!bo9&3|lB&PfZAGQ~Lrjqf~41fFxv$
zOE@@CCap|GnSlMVhJ*+!B{jU;nmuQVw-W29yjDF5t)rPvv=L)SiRW(bGDgzOr;ArZ
z)0<Q4ymvHJ_FN=W;Q+A62YafZ3=GB4N_=Y302v}&go5rVR}+@di5|%)#S><r*1)-G
zg_6YbTY0=?Dk2oCA+(NwCr?bV9~cJ&<2+3vB|;NEV?vOSIRi+yA=8_cAg~pY9FH4!
z`HKD>vqehpzS$Y2Y~(iY5*CY{p!v=$31I7w6+vr56>zI#<1(^BS?V~ltRi~QRu$WZ
zQpgz<TEdPLCQ?}^<sI%Pux!HgK%>%Bu0m*KPHBd4VxSmIv%RbaRQtWzHHCnw3QFe!
z`?-aZ#E7?`pyC_bhaGu5*Wxf_Q88tCnt+gqOC!1?^?ZN&WB&|}PtPy<KlG1}E>87Z
zVBEA6lsO+B!Qj0A?&#ta{(Aa1{UsPGs>G1(L@%OwX1YPeoY12<&bgdo4tchcxuxAx
z$SK7*!O6D5l-Sv594(p{c9N=DsOAG1t3pKRHPZ~PXDIz%uXUcuC39^lni-c{oyIJe
zT0A+qG{x!6td6GTfu9v{etLBB`m{4kG(<BcGzc{tB1Wz&J*m8#8^{Qw2q`&We+FRm
zTCFE=%;=a*a*hE(#*`q8bEP6erj2u_$#})bheT-pQERHwDz8Y2Cpb|ph?Wu1gW<q2
zt&-?=eP&mfbA`EYXWOpbb_V%T5_p`a8fP<-4mr)A`6x2fvPu<ET7`*w2q3hBrnRz4
z{Km(YFZRZQWW1hF;3yEJZjP`r5o-1y3|JyM@J5F^ptREp=fBd#zV?pWAM5e^zkYXa
z=j_eJ>98Yj<fi&q5&zZQe^K54J$SLd_qhN25KkBiMA<diNH3f?jn0N7{YR^1CE+z9
zQYjYr8fJv%((V~EE&P3RK1xY=qv3eihs0ZIVjGOR4zzbq7)8Htw;tWRcALqB5=l@>
z{(+NDtM!fuB0;UK35#>pno$~%^!iE|)TMQi$9doQG|c}GQ=Dd)i;m1T6AH3o{_nrs
zJ*>?C7YC2?|6!g_pLVw3ip+XOha)ML^9+Bd3?>v$aSyh3K7VehQmxaQO#33HW??rP
z6E?b1r)A4Ukl?YJ)onimRpB;7#b@o{=$L?GZRK{}ncyQ;(&+&3yHZ(b42S#rCz%cN
z@tE8|J1QDe_M-Z206ezZp6^2$KXdpkN2v}*1(anP^iJzNHm&ROQuU$G5HP|qQfj$i
zGaSS`8idCLr-=Y%Luv;Dw(1BG@N6{K#5g${s<KK;Qo7XhWpq){m1*;h?xy$M`b2Uy
zGft=+L;G71eJk3~IX4=ZscD+M6+N3Fw%gYIK>)JDLV^8^&^XPLW+Xe$YtSlT-P_su
zRyd2U_n$Ai-FDFE-GMf?LmMhxe)@YG<#H<i-tNJtzqh}2Kh#V0)4clp`E%P7ys|;m
z33i9zSwZ-oCj6>80`rxH%$^eb4x_^ZOylSN7X%m^u8&}6t5p~qXoOSYd`(ywBT6Eg
zAfCWa%Ca#<6kCQfvOLVDj3F?}vWg9E44hA&d^}fes&^D{%8u%Y>5di;x_rpYpFc;%
z8yjN_zk9b<`_FA?f6#+h2f%P)5{>4jS;y-`>o{tx<YJo2RV*wG<$W+`0p^j9s)ps9
zr_GuVb`F1VqgpU58G9Bmfp9LsyD<Q+VUF*#@6-TJMIkZT^$Apws0Bt2g%3GT8_`%c
zMV5lUPQ?Ih@B(HbkvrAFsbRIV)pD5WodKt^)~wd1Nn#6q@P!)bQL|`$q17cyqg3Kl
zV@fX@wcD@%4f>ze_&H1QX2OA2>3;{^Zbkn)+~0eQ|9y}rJUPNgDDJ3*ka6-4ZBcbD
z|6-)!ZtIfJ#7C)}vlO>xSfT_;)bqz1yk|%8PRnkO2_-`#sH+BUnd!jqKnYDSm2jYD
zFV9nR{sCp=N6zw0yIA#~_(ozXv_si|X5z=(kqK2Q&V^(%_fpSWqP;&YfGf;Lwpe?s
zUFrdTZnu9awFW=8GnR<<Hnj1TvRKtGABrchbc9UfOC4(`+S?00><Ecuu4_`3*d{o;
zneP;TvPA5pY@&W!7qI!MmpB6xO)^F-Sh4mU&QK;a5(ZEBxxLl?Wi^&w7F8-wuvBfQ
zM96wGD6@T)no6`APB?HSl6ah_?(e|*UkT<2$#`1t;8!*>2y;gD?^W#>=V{~6CPeUD
z`w2&RGQn#AC4BUlWxs}Y?Z&>|PN-7!S|hcPrZ${!VcYh*YkC{nhOJEC<;?MDEQn{M
zSP&Dby9RPLSgW%N49oepcnuo&q2ZN1^0nlPn;WZu4g5O`0StNxrkn}-4}S(9ZH!&%
zcko%*aMSj-4HkBfZAu4~2Thy5o94Uz5qxm^sWq`0-}&Oz&UO5JShMsZ=*7m<6=0TL
zEGQT@-1L6kA&VK~38CS_QXe|4?W}HVh9xJlSUd}@;5PJLBGtb3`unw?<@(=<&_oHl
z`>BDe{QoZwURLzKmxnKRAN9Y7c<!$MeQ$VUnHs3r=N@VxOYu1#t9ISoUjkzbpsu1e
zE2bhJ>4U{e#WZ!S>)<GkSx#lWn$^1^R4QQ4qlac`gL$Y8(yu+t3!jGh?{&CHpp6)S
zE6#s*cVATf|A+f8x{ve!A)avlE0w;O>V8MPG{f&Wm-Pv{EDNSoaq_M**UBGmF~>xP
z<DL%7u>qy_7^jS<uME^yZ(0P1n*z3CfVFyVkNIC5=F2)&k7`oK)Hv@@7(wRSs01<<
zRVDiynx%`n4jjh%yqu+ydX&=bau}F5)%cYPpaA9|ZrS}?b`Pqt`1Hx6qAPT&TL_)v
zj2?Xc+*@5<qDe?iQa!j*I+y24xd@tLWnA3IUZ6J@kupAT&e3ExLo_MMMvI9NL6ii4
z7{M8SwI__tVbkD4`_A+;4X#Z-Tij5uT>`Co%6Ef6Rt_Ss4Q;hv6WFD*!W)D+JjlE@
zz@<t}&^Den-XPQs2cp*ozNu~#4x5MienOza4>i@SHf<Lb$rzU+oakO2nxnV>`J&qm
zM23-!RT;oBN(jY53^*I%P{hbM8?yKkm*kG=wbHh6QoL5cmEbWwCip67V5Ul$<E1-O
zCge_nuXbv6GS1><mDKlotsp~DQ_U;HcTzGc@}Shpah9QpJ@WZINeIWW3Bz01Rb+Q?
zBI{aNvujtp00GmhI_U;)PClF+y*?cdj*d@*rgbFt51h@)L!&qNt;tb)Zy<46L9v0;
z*r`3nec#@UXQh*|Bxum}bN1%sRAaZ9t}+~VC`<4en$>YSIsM`2?W>Cq!_$k4{@ITo
z21ge^Rl8j_OqEgAW`(V9J#<wKB;<O<vKq>80XK{haDOB3FR2>NfrT?*N&Q9BVQm&S
zPW#s=>(!*pin?oVzuM?*uQz$EX;?(AhY$x6c-<x|+GP#2$^qC;>D*gUtMvM;3e56G
zeuv+3Ch=mBM9I28TV>j>fkk)(&vz4^-)pJ0(W>QZwDCJwz5Vd+lnu|)6_rXS?ACy)
z)QSgdkvWlP36gjyIg)rXH|)e&ni4vBt3Npoo1vSx6uJBaJ!tQCyWh53Q502k*OeSH
z4{UncD5Sfao+gz?z`2&Y3JqqSVFQ%FLg8Gb7dTD{rc%rKvIV;cc(1-h4XQ~+%aA$;
zhEZ$6VilgMg6q<dI64+-NtWPPtrT#~*Y<WiKGmnm|JSfq->Z)m{{O@M7rRyefA`V<
z|1eLZ^gVWp$uj4DT{F3*(7dxmcK|gpY7c&oe5$ZKi=<5l6v(Se>Yz@TCCJIFQtc@A
zxq~8M4}q@PUN!5GUy#z2T}M9qQuHeuMb}f3;>f7OQR0&iE$L~U>_x6ea}>^xT0+ES
zl$sPqI-!?X+SAhPN3ILsHj*eZO7fB>E7_7<BX-w45^O9ZL?wxkUm};Zwji65_j;O;
zhKOBZUL;FXl+S`(NlV&anUJa4)6C>#ioDWu%bphJbaFk}tWHtv(mE|^w44E|I$)0G
zvB?6pdeFkGQH`UY`czlzaezyWRc)+L({&oE$WhlG)?MBB;xty}sjkm}M;S}gi1_S6
zD<^p^{grD}C%}qikO6B+Ta|2Co|ANlYvjV6ixX8Q0iP)HW-MW*)j79Zch0C<gSL%E
zoK6%jT#l|~Qme@2RjO+;cSIRWqU$N9RY@4-rJP<XI#@F|nCCZ>H7hCtyds@e+9U|m
z1Ygc=%d?ABh1)+E#dnl&O}WWJ^*l=0HPu8+Y=W{VvwI{<8ef>#th`{^%#VoB=$goB
zlp-OcsY!3<q{!+OYej-I*X8VTEFyd(527qclD4GrdQP?K@H+Z)msf4|kd`yCRR@xX
z$=IT6MC5wnV^uD<I^br>F(P_}uy0NQw?M39ED?5lBFocs9cEdTMy|{=b{fYvm7HOm
z#3qw-%OhF2Sll8jT}i6MCT*NOY#zC@F^SLoxl)uYPi^P*E1%ph@`)(i_Mcm+GtA8t
zN==HpWeV3Va^;09S+UvV5MQ4uS7h6B-4yxs9DZ(xNN3Jj(!t_PeGP59DR%qDYia%-
zT@MSNM*H7IY1<^f_w@j*i2vE$->aVgczLkD|7ia|#Iq#+$FspwFMvq{o!HcS59kGO
zK35l}-GklR2mjQ;f50H1dgtZv9HrYG*Ftm(f3KG83xiYsFtIvCObz_}R7{_4!_z2M
z|J4o;_!+)=7Uw*LXa>6w35b~4)}wivLUax7Z$C|?%s#{{!Jpe;4-HqH_WJ1X&eiU7
z_>b?Pz1Quw;g|n{gaMAHOp}Vx$$x=JG0tG`zjR`*r@youfQzZTbh!RtgkCQ!sv*c}
zX_!+b&`F0nX(CvXlnXA17x`mEjFchFd0P6ig0+IOrD%iI@dgVw<`-|xuN!r+JRab_
z9XCe>6nzd)&)@ZrPd^+TAHR8fcCqQ6>pQnWmCD{#EJ&xEmA*VT9LRrt`~B&w(~A%1
zZ{A#dIO(6)VJ@ketD3EC(*~d+np7B6wdT^~hs?aBRBe(wM2?634@ValN5?;%o`2}S
zKKij?;Cr{9bBjQ1nr{t&w(muo;G%%#<OvHdrO@E~&Aa}v|K@DtL|OprB0AL}z8|R?
zF7sGUvZe}4Nv8$M$$9_X>G_BA(;xf8i}RyR6LAF=i-@@xm-`Xb-bJyTkgm{D;+>xk
z`~S0Xo@;<_5sAuB-j6K7O&rTf6Bb-bp5fWiVEEIUi;InuXaTH?$W(`TT~dWBMAOwL
zYe?<$)4{9$@zI9`i)U>iYV5|wKdrwkg)J_)nPokBdRy=pb#^Zd8m^C7Ju7buc~d9%
zf_lN-HtS88+d{vnvsD;02cG>CL>ro=;eNq}jcu%qHCztRec}cinz&Ecpl$AcQG-p5
ztPC22yM<&fJj}y$dL+!vEZs*p?=7F@{@<Kz;sEH1_^*TRe)azE!xx8-@m~+}+}i)U
zu_#=9jb+8f=HJ~R_V!+WVBPTpx_<2)p0_-V>2LnLzsoTvYx~l2vhmZGC6Vo3t~!qO
zmu|yxtf`clf4RUb_v+2rk3YRRKl||d=<Mi6WpE4{t&L^wzxF?^F7&p4KRu{c|E@aF
z+x{Qw+{D}dS2!{eMN#F1LnQ$B%ZXY~2>e?ubYD&Jd4{2VZmvs>2Ati@+pe{8YD}9S
z#;IxU5{_1l_!a3j<~qmIJ&sr05rO&zt3J<S@V((ggKJfnDxtRQgodVe?Qn({RGAfK
z`j7BjhA*+;P)1H}cOIjmd>QYCi)kNEYy6u%4f?;k5N9K~KmW8^|KELC%m4Y}VE-}y
z=Yu>IS>wju-cSZQH*&E+73nv3u69RQB4;eP3(A&6iV%N?*+WH$)J1avLoJ!g0z$~t
zYbv+8lB&KMnm;+B6Aa&6;`ugwV=e^ieOK$XA^*##Pr8;;)%9;vx8lJII;^aj)gEd$
z&FL2E_rir{!P2TFTx|wdy{E44lxt{4eQ<DV&D&|ENKQ*;fIms%vf{VfwZ^jG1c`Z^
z@?O&P?b3L*P%)_$b*4u(!*h*4WEvoB;g43~ZB7#{q;zq?Rypze2G{5Y`JXW%UBv3I
zZ1ly?|LyM{RP%qm?7lpFl>ZO$gwkE7+$|hH|IJ1vd0rElZI|PJ%GhPQ2a0iAtaH6U
zalS(*<n4ieDe^crcfgJCm~kBGw=P(`zKT@(c<5k56iaf2PcTYSLh%sCOw0WL)Sd|?
za@crm?=Rn7=}}sa8r;w4bW7J#L+5{(xVAq^vad!OeeJw69P6te9ckXs9}r1%j{j->
zRgalM{`E42eC<{4@mcgV>3<^IobCUo)%xGwi<edX@8Gcexc~PcPeoMt3uCL6ztP$%
zR{ww{L%Zsl^=Fy=pNZ`L`d7nBt`7zd-1}1zqtqU`wgou;Ehii&C!A%+C^LryiL+17
zPA@*3AH8=C;iO(<__yJQqm$SDGkZn)8J5?KU%K1J&CCAaxcp+!KPf=)`(0W#D)YDp
z=j!DVoojdUD?;;|1z*R)B)?uzH_x&Z>q{`x;<l8Af<dCSsK`C0|4P_3y+%Aa8uazw
zc$Ufe3E}z=W2EYz8E3!hlhfYPRoY1{jnf*5#8=%QlZot}x5(VuI9PP;jA8xyMKc*o
zoX)9>5L~%pCKouUrEhRDA4+rLj>KCd{ko!|&EWr#WV~D2_U3%;o(;Z2&h`}@S#Q+s
z+x<i7MGfn}Q{Zi`o6h{cs=$i%zx!gpdjIp`%NH*n*Z+rjZfzefNY|&Ah`KDgrJeXt
z?i{n@TXy6pEWX6ttc$-2Mtz#8PW4O0BjRovtxWE(J+kXP4fEd$PAfMzU<$07|9da%
z`QN&a_dh?#vn>0jTk)2t824Ue?>vRSHsSt7o~HR9+%oq7_rG*^U)1LR;lbf!{)Y#7
z?w<cKWRtIu{ISNRJ^0-Os~Hg%WO}oK00pAu3l81M?&aGvE^N5z5|$Dym3ya!Pq|pn
ztLCo<jj>B-Q*u;;PtE4fP4&R$WGODqU<SV;Ka#$vUxY3YWrgayN8L6-djS-sV*V_g
z@f=u-^R>=})}PIALXb4A2MM|y@$%US^EcyjAC<kR%MkI(Q79L5D<txXxGu;Hvt0I|
zz3+o^$DGZ+*9rN0&~`6JNZ`KNz-ljw-YsM9(`Y(BSmDbqeeJ>1#pDYb`IU`c5xv>}
z^bhM2Z;<~o71s3IPz=~g`|ss`RsQcCJnDZB@~n>kDx#LEg)EcY%_^ima%laP<D1*8
z9N(-A2WvC~Wh(p{BU90dU36`Xxg=u}E1U0k7#$v98vD?n&Ly_#>n`!U^f`*6FBH17
zk*8t)=TzUrl%|`B{#hgbr|$oGaqt-b`5@0m<9|4|K|Z&R{%JT0=D6@*EXpUu3m!DY
zr`q#ld`~65r%s><qG-%`ydvDkA2552`FV`_d5rn_1F1KU&x)r>{}bl&_l=zZTBZNJ
z*sJM(-Q7p~??Ils-~ZlV*Ll4qLdlHKcA<$GAJoG3(PYB$1W6o8X6pKLG{I4lA}#}d
z4s;~K+VG2Ya=8Ev__=MvUE15=e(sp-6xAD(xH|k9d~}%v!r#GXd)<s^Z&#LXaE<Ae
zG-%xX9W<dYT=74G5AFtBtDH2x^Tq4k>-%WKx}_IEKQ`5O0ch#Pf`VbgP48VbGZ-ci
zMvc^#8lO9axva}<I3e<myr!x?vf3l7t;=dx1Yh5g)l}6-R{PgswF#E0N=k(O_ZrD~
zs)p=qujsdX8uY&_l#)a-t#bp$Jh_)DxI+Ki+wE5KKfQc;_~`$8kmrfD8z&N;rI^CA
zl(EY^gZ46^*@ku?Fx${p|9}1*x)6Q-+<Ky|z;DJZrwR1FgM`E~_#m)!A46&9Ld$o|
z)gWyXOMQ!ac7O2p73~cox36e+TW?>_V5s*dZ(sS0C3mRRx6;-c@^>JT61jJ-{e5t=
z%>8OF1i@}mh0*(+qe0&)0U{_##xO<VuXye{eJ0sZazZE2d2Y-7KNYx2Mbr`=w1;W3
z@GpDZ|HC$XgKvnCLQM$UW(lHa_%~lfqgH~%9btg>x%+i|ej)&I3^O7Gp_2{_v^N~A
z)CM`l5HrrP$e7-^S5+XMA}+z4wRJ_+H#sH3eC+7?yb`_OkFPDm9-q5Ee*N!EaXKRt
z$~fM1A1n9&cVAT2|NXuF$MgRW@;re7k`i+&Kr%4n57$#nLEm?$L_>z+OQk<|T2J6Y
zi3yQsI=vN$DNa+Eq-<m|ED}1|298rC$raXlJA(I!Caotxl|4ilg=ZPZV{(HNxF&K6
z|M9#7Z)iFPMs-aE5@eV|N+|BMIw!*qL&-R9J%M93n=uOSj)#yCE?S)lkvsao2K-iM
z^bfwH|La~%Cp+pt?oV+=cZ!D0Rh}>=DHg4*j=0WRTb&WQY;ASqENgB3pVkw2hd5!m
zfd0v;Xm#u{s8)w0810yHoc;Pwruys0&;Rq&qm$RComsN^K34gE54+X)pS}IVgU9**
z5YH2EH{`;xTK!wC{{>rH{h6BJh{~<4UXxzo>lk%{Q2q8}v2CXBO8i)C+ykTOyki=F
zk2ocCqMG*YBn%7sR65b34<t@F((-4_*$fa&$z+PTGQgEWr=%5vlwB9EI<3}|Cot5$
z5;$fFZnb>-M8Iyh`z^2xQ!wrn5Ns^35yu@EnEC8J#4N$8hR8TZ380uWApqH!Mqp#m
z8{WNEYqwLNV6=LOA~;quG-gzCmZq5RSZ@oYY(iq4>qzu=b|yql^HC>eGoNv^NIhyi
zEUmqueW${MRe?=UwN9L01yVA`@jOm37*ECwQ@LK}t_i<Iz8`?04S^7bvmb_GfGWr-
zl7MeACa@@~S!Wd>0p}Pc?>Ui5m!G>2o%KM|o*xg_K?kgD0NOYR!Ezt8FGmaaMv5%&
zw|t|f>-I%Jj-W^Xj`4Vkg*4l@+b*g@!11teqjzD<IQ-Seovnwv>;5q4{%v3Ne1gPu
z#1K!`YbYmrrVKdNc7-4k3(d<%MHmV2oJulNd_2pLB%>6Yg*t%x*@-?F1y{SB-Tgmr
z7nKwBYQOXH&)a}y+<C6}IH;$}AO2Z!)oXN#LF636#}N|KkK6Du&Uvc-9TS?&s8l~E
z9B1lZbba|zUr_RKlwOkLqcY=QgfVrp2`5SvDIujjkZPtXxfFD5bC-4$>ja%Eu@Dgv
z3)0l6)?JK*(`Ay6kRYs72O<=mlr#gjUdQkQ<M88OPnDh&v)K&O1SjxzlvA0j$uY^X
zknm<``Bo4$m5Fq;6=hgaswC9hNWQl&e8r?rYF#kMIKEQTK0&%Q$rgaM4cE8;2+YmV
zbfPf|N?$X6nKG0J$d$=ipWV*}E*M%G=g2lx-yEli%(hGM`P)IRarFgBJkHZ0mfLWm
z>8yWZ89(o|T0f}Oz-D=MZhJVr$x_BKhqwK0py-NBkksfNWto5sP4Kos3IocrVxjt|
z=t0ZxqL?Qi6(99IQ|VSD8g*JNy}4jlM1e8<oDzEZ%d>Un-E%$bXU6azGd?q3wXdr+
zdMHtrMT(hbc;h<Y3jJ^QV843)Xa8XT@%-<DJca&O)|L>YWHOc4Sp8QUbwr<tP?8WM
zF;|l-7Z?&EBqyU>;si!1i!a?_7<<onWu;R_UX1PakxH`W0&@W|qLAV%tSkBh71GNU
ztzRfXIhuQTI|0BtU!2k|Ai;?a(M~)Zg(9Y5!6=^Eb~Q3$PU9(Ol;t9wyGsOATS`*8
zaz+E3<*6iDiv3jsx(}Qv+3&yU1)u{LQ``iB>e1I$ij<t<nZW6lS~R@cfD<cVL&AAv
z3-jAv>m#<U4J*v>Tw!XC0|}V3T#b~7r#Q(q<o19{QCZiq_5Y*QTCV)p75_Dq{x7QX
z|E$dxIAL+FbD$`hx}H4V8KrErGec?x+0pnEM)320MqB<ak0-`&O7S3!iu>n#s6NZ(
z|I6Lo+Wjy4hlh{;zXy4gteY@SOy(Oav06dEePw#LJfEoYSBUFnp=Z=pcb2bjZ~nD^
z204)vEMiVFlb@;mRxKblsc*6PnB999WYGgv>cp1PEeoHsf5cdd5p4m8DZBn4@{t4Y
z0~r_Tm?kC(O}ntAeIG#;8;?=NX-TxZjtKBba-)>)%n0XdS@2hL6V`l7cbOQ&498?V
zubY;}v_1E|n!}8S077p{=@*t-E350m3n&6Z7X`8&DI}VdX`oEI&fe{@yFimWp><&a
zxF<fw-EzN?wJw`AP`93<JC5su+8ZRpJw~+z-1>uBt+okdN;e#p@mX&`?X4**Fn-&=
z>p(Wt+z{UP7(fry`hyo%*#rWl9IJ4@Sy}UCu0eyEr}d5lyt17yL9K?d|FGBH+wC6i
z?cM|V_1R%@1Dils1aT<$<BYN^c@4^xJ>PfaiRF!KoI(q^;b8aht~jsH3JYp)0?Sc7
zCg@J=(Cpz~gEGw<4|n8>^&0z9bX&|Mduy#3%b;JMSyr@i59Gs}v+u+tu^^FaU<pBv
zhkbCxtpC2~tpl$xy23C@5xvx|j9jt=OB~D2niNv)AG!9|V-8itT+$oZJS!+vXNSGc
zUS~H-r^~pZ0eOigUk2-i>~ITogDuND^F+|b3d)2Vq+f_L20<4aXO56sP1@yQr@ID!
z)TyvJ7OA7Z2`-^5!KSD^>x}NsEvl`^?EgmGwYGv{XDq=ERu93K;-KcvHqJ{;G;QLk
zJ<U_gl-5-g+8lQ+Bh4oGjAKFmaSusk>#v}dM?e?;QfyS|W#jzgXjSK#Zs)~X>r^8h
zHpeWD1lR<ZxIG(r4^9c%SdU7>qQV#En6Rgfb4^IQCJkrzHk?zZ$;P>-PK?`dP)LJC
z$vWQhv~aQyOd)U|;qCdWy1)MX6|k{u(3h<vo@MFWZ2&t5zc1YmJo2tv2V6;$uaK+Q
zO;{5@p;>$pg1Pxz+mYbvOJc`wim5ayza*>S{ZNPukPz3&5>zr(fbpb;&cJ^7QYe)=
zz8z9ScdNuAq)c`>y_;Oa%d`G9NmD(~W=J8GrgNBJin(eDg`rEfH66mH&${URbBJov
z0Fjy)d79eoC$j@RXF0EP`=*E8+vc{w2YVE^R7G!P)pyX2b0OJ`{6hy4_^Ia3@;03F
z@st}guIr2m7ZN0y;f{&!XS!`eSw_>jj`{*(BHC=c7)+7gyD#GId{joTaTh@6_V4QC
zS+Rv@(>c{-UQ>h1_VUycaG8&Aisd<D(%fxQ5O|5$x3z#XCZmM#yNmh1+Ljama6-6F
zqqBNtTjbmbjrK5cY5)VVe|bLI*MI8#8aC-Iy6M4gcM1M3uvjNRQsO@}$UE@;+_T-j
z#eb;<Uuy1NxChqcL!%!Un`=`bG*CB31gi``Gy$w`yEgJp7v3D=fj;-p$Oo#~+5`yI
zxy=y4_Ub-&ObFKn;u9=GFic`(2tJfiy_jOaG|3pDvd|Oa7z+~vXG6mz<G7=P{nes5
z+}F`-Hg*dq7W1{lbc28l#PGT(9&?;1O$Mc2lW0a6ijoi%trJ0O1og;mt2rPcSWI+m
zo>d|oX+Y|J9)<)uuJ1fZGyQ%_Qfxx2Pq3D;Nl1z#RUUi=_-{4>T?I@X=nE*-E79d?
ze{8fRt5E<EU{eEc!!jkzu1n=8N}7N~m$(RA+_41I=M9Net*i3-+<|0}u!eX=Tc^`H
zV@idcA{q9f6g#GD4V28aisM4oA<4Np=d1%v2}?|`LEUR4nz2Ya@ZL3}ah<C5UoyBx
zL_$s_F{h#mV1H#J7!yjw6pPN&+w(=C6gBFA%NWFj!rI19h`4;E7y&0|EWsk=jALEU
zgQ1E7qhO0eQNGL(wptQaD^rb`W1OaiVzTINO>USldHs$7*k{R4h`9Vthl?qllQLjZ
zsSWD20DVBd1O2i3+p=M(_^MK7h(_231t<Pw2EMkZGxWggIACf|dKo1cB?(R*c)0A}
zCrBcFm0mDFeq@kD;6Ii}!<ErzZEZ-lVtXa76(c69t|EZGtgp0MwRf%%-$}`+2#9Up
z0rv(G*4Xs=ba=&LloB~#NQ+W|GCkg75NHmldNf6!>e0kVZDniGaBQR9)oZ^p+f~5U
zWkyU0wLWN$K}JqxT8NN%s+uqX+eNKT>mn4KLMs%+N<`1EC5SX%qCk{64%WtK>D=Yp
zzBx%09_7)OcI58VS)L`@#-C#Nm;_Y)=uT^vZpcvUAG$&$)j|F<JxvhDy;cNUTW+px
zZCMkMl(8@tqmFs!7-nb=jO%}tC>|+8+|zXdC7qykxIc4Z`?&^SgoTXoc+9x;FjzBH
zS)e?RWpLC`GEkPdWN?XbcCX$$l|@b=BqYm%ao#rZ_GGM2Y3Ur<)qV|c*~3?hJA)+G
zs|u!9gfptoYo=sIq#aS*nRGM+n6i8_HNs9u>FP6v#W_9wL86H;$M5bisWHuG`cFe;
zo9HZpwqu31dl3vxyCMX_vdgBvCDV|N<q?(SXslMw^7OYFzS)L(g|Bc5syL|fQK>>%
z92o7#o_?^W^k}gx>E%Sdo??{B>AX0aVFiF@6+53p*{MbQ1FsY|Hv7#L=H8SfbTYs^
z##EYsYfmscxj~hNusBr8*VSNlg?X{FtrI}_Dhen<v4APNhFKm@i!&~W>ZzV8W>+%H
zr-871KSew-r(d56h*5@OBIhNd?sdC&(V?B0r|r6KnX-F2WBVFZeN8Btq4da!z~xl6
zrNI|pPSw6)rkSdh&jLBCC#s_b;F}oZ#EPU?<|qv*&&G=?S`|pW8sV7Duz;Lep4X*~
zhN=%9nsYfy<KY-5kZ0u)c(I`Yu!ePYG+wM2j69ogl;GnjjxX)@l%@QsxsT_qDF9)K
z@{F&PFk(Aae`vi(DS?G*V9ym9d%$R~9e8ie0;d_MDz2m-fo=7H+514eyA)*^M%*p1
zYK;zvt907Ui41q3Vhx?D<{qi&R8F`S1?ob<AyG<!U_|8?(^{%mNHuCMjSiT*vv1%R
z+UwT6M{7{q^*L0_c3iuLtU~)DR8ki&p$2DW>!WEro{FHLD)&@TenONgA{h+cnPYu}
zcgMom$cPsPk(vmI7OP)HS2l+iOOR;Sh!XKA6->!_?I%K7aaIUzgJ9Nx&zKNe3$fM+
z3ULgYlnh3MCV&bPU9u8bgLitBX1O$w>jUW_@08kO`hMsVJ3I~Us#DZ`x*-=$kPp^0
zyq;@LyU+$KP5V@0eudJy%SsmkRR&6hD(eXaVeTX`Llra+nW{@{T}ZIReCAhdHkO!%
zXE<?uS#$DvIceW@6j{{RbhS^$D0SBU(R)heDY*GXe1GL4j&jL{D7~sI*GJAR0V4QV
zTbsQ@%bhlM4urB>!?t1lMlKVM7lUT$1r6BT=;~IVr&#JOw1kM5QHo=2E&c!hU)i*<
zCW{t^7!=bR)6#bEOgz_fI2UI5(RmBh{E}09$T~1RYs=0ZM&$0xjw0KMPPQ;$iCRs|
z-pRKV-()zJI7#P?qot{B8Yuj31Lv?)3}1I$Lao)BA9F3grA-o{Xz9h0GV`?zCBi0-
z(dW=nc&_`I8So&Dg|KNX1eV)2U5K!0EIOUebAwFPOF@L1vIe6(z{s_4e3*d<v>MYk
z*i<YWj~J8Npr>$^?Vel4u*p5F3u7CI6d^A5cA3J*p;nSGSq-8|iiLw&iDm_|wpY#h
z_L;sox>a)1)eY%8(z*kGV|m#RJ3}<r!)HPFkW1#l3qdQnX|}e`n8dxUEhsr`5{8X0
z*#xs#D<%ZguB-{u#WXBsI6cY~D>KaCtI0ZhU`5c3!qD5nZ|E`O38Tg>TvAM|d@stv
z8w##8_~K<L>S}pB>_Li3?g8(HDJg)qY3&&Px{}L6_&<!|b-WR(+%3Ej?V2}2t+MBV
z%fZSu%WKAeP6DTu?huK(-@-N0v6T`=pGp{ErKcFRYHljKrA=B@5Y;>Q%449TgV{A5
zutcu`gi&+PRX74_HE>_SURJB^wlnL{S1mO0sdZnJtP&I(3(nXv@4O@yGLJ8fqX>mr
ziFS%?MH&$8Uf2FaC%F=KO*_VQ$|B0-ROh~^x=n*gFv3%GMVL0MjIhwRjuo<cLH9<x
zGpezYNF5mJgi%iZS&wH8I3PNFM~TC$l5qBE+BmlOdyknnBLeKqoqoYm7iBEj+Nucq
z02dr$QUiZMXGV;hL?ksx1v7<1k%B0Qj8MokEp$+9lHX|xg@709^=i16Q2n979x*vB
z5gpOwR=BLmO%H+B9c0U5=d_<}-aXySq1Df2+Eu@<LGGICy9CL~{roe1A_5Wmp2+Dd
zB;-#<u3NEQ-_N(l5fGup{;H}6Kb04R1`${Y_o_~2(l>p)%tttuDI}`-k4`!kLe544
z>fb&qo!Q_Ovg%3KZcDFftshOWwMCiS+FBPTw*_-Yz&5tPt>ws{U5>@+jXW6mOVdl+
z@;YV`RG|*Okq5!u>Wfs0f}ki#i28z3lg`*gU>olVqd`+971oVBFb+AECYb9jVz^Y(
zHWff5%*bS_H}EKqu@J~usG$eI%s`atru==CA7YWuV2qJertD~LH$UeJ!jI7#_}_;I
zBO<r|cd7ixdpT#;(0=WdILA7%b(7BP^t!M})%6xy2)3HzC~m5ONfxH9g(*vMkz)~G
z5yQC36e(~0I$~XG#jS|AEl(D$jluW1^vSb~)j{V#W*Lg5)Aiz<b0uP{pcxy;xOo)#
z!i1y6><aVw*O?964NI0{N`y8e-y<TMoMgoS1%*MCzKy$Vk#|fh%Vja71ALGKwb<!w
zXN)Jts^Qo=UkYWsh_x6alH#PGKGGp9a*8M<I_x){hb~QJ2Dq}?Hwy{YW_{u%r%j;N
zD~D(^ekp8>c4gC|0s)~V_t23}XIeBgLvt%>jZ4d?emBru>v%ESMvTOrSY(-p?{KAu
z&(C4AE2+0C$~#2GBsN7LEVE=56H7sbs#9W|qkJ^4Y~pMivJrbn2h1>{)|J8w<4Vmp
zVxfo)6ea<&j!Z!DrCP7}9IiQ$-r93xb7Fiv*4yYNC#kV!M*MJPYKXNSkRm?8LN@e|
zv>uj_#2);x?FM4X0ni@<$CcX3Y*^ySSr;i|XI2rbw&*6-Q&T&dVw6NTH#Z$Jn>@9d
zoYi!kv8334(=mfeyy@>kpNL>3BAJlewP^6L640#DCgDLcV2S9@O7~%xcA(9QZVPMk
z(;N;{#UUuaY~2cs;96y+7kPxO{@@&ON@2HQC_c-$b@Xh5$sJ{m&uj;&u8qf23tlDX
z>KzsbO^l}vjinuvhVGq*Z=-et87pl)%FKo1Uj0YuHJS_mr?$(hihjN7N@d@sLAE-X
z()drTw71~|q#FEYbbjlYa23sjcU7TQcL@X7+@QHIOPP^&dh$3|sq^hx2WO~jRQElc
zdrws^qIcQYYn>0j`Eac2=9!r*KicD9iHpEryysx+xk=`0LaFK!!Wv_y9Ew)nUx;lN
z0eeq;H!j54PJycOrhPZ`f!%R2qgI*pv@*%sY@o#eb7hRaA~RB=?6I#GY{S_!Z!Sh-
zfVqw6^0k)`*Lv2Cu2wkjO60ZMA#QI%Jhfs;xCKdxAm@JzC6*<*sb5-bU8+MZ!Sr4J
zCOB+iZ08K!=rErmRKmfKVIH{R5I5mc*XG291>FJK45TbvwdTa04J|To5dqz%<++hY
zjU;lty7amm*7H_rd0}!QI~f<50_AK$Zsx8s1x)m+)Bg!oQ05Ygbxi?#o>I?Z)w`X^
zqxxMFWrduwsw%F-wM@(~xzlR4T%TS+=t+(^q7vi8Oi7z<>3Hxqr16iwl$*IOE0Zg@
zfV!%PWl5UYblN&%P}!#Cm^Qs)Fo{wZI;fTS<H1{HNfj~rPPJC+EWffbEc&yZAa28H
zz!Kxqz&B`?rFa{5yIM^bu-pB%+@tLUmAfcH7$s}$!aLUWz$Wh8tl5#oX$CVywD-wX
z6w)rtZUc8pCJryVpV-ml><0#>ySky+26l_GZ8hddOqE`LjnmXz9btz{8z46N62&pj
z3{m@U6z%oJ12o3lIyZQXd=vqUnUY4<?3?8&(#io!<2*ITsm+j@Sc5|R88vDtufTU&
zdSW5TOjCA-Zfbkq4lQ%i&JW8LbUVASqZ?>s6j9pc*n-_|*HH69t0_W9sE+}S*cJBZ
zC<V&tHHtg5NPb!t;0kbm_i}m5sJIBj-pts63kKs{$ya=nrHsgO1&d>UXTcaarrRk7
zQO9eRVYniwM0(3LV;~B49bv0@){<F6kP9`@D7!BDO7-z&A`92C7yD{}w~I3kyL;d2
zb&vYGGN-0$O}yD_Q2YjY^9>;e;`c}AXZ^Du4d*CH^-gn^o2WT;E2}|YAL_O)%i2`5
zO{!Lo85JbK#W^n*il$cms>Nc=2`i1qIoB>4tCIPs3fUmhguT>Lhd1h&sDrL^sbCQK
z%+S@L@O0_ScnV_5@-%TrB_>)Ix4xo-Zh_kyYB@q+&Cbo}=tCFSh^|p_%|db1t!mm4
zA3~C7Wy0xfMX0fvVTEhm><tFT5M1ohLLwW^b6}bHmcTm@9-U!nf`wdwoZDI|;@1#0
zOR-yrS!%7s$}v9e^)wq+s#s}K6+@>G(6xgjYqAj>v(CE(BSksY5j%2<X)$7YQJAD`
zgi_B8u8O&c&_-gGwpGRirwRPMU0s*Y%`EtPyCm(5C@A_ovbJ;CzZFjv!zSC>cx#wJ
zegNtKvm(;XottQijk8v{W+G}&>|Hai#{T3DoV~e#<DZVsemsSXpZY@>o?cw^&whmW
z{fnRA=;Gq&_@~noc=zVj+t;VVO-7&}RP>_Vy|wis>uO%97&({pA5b%L8fQs0y1zD5
zZFYTi$kp7iKIDCSe^iC2fk)QTh$_hk9#x`8m8d}_YM77zOgd4+<akty9+jd-rKq+j
zZ%iv{nneFjYEda;o4bE4_80oN^GkK#aV2ezPL$$>XX${B8de8(kR<G+TozncHB3td
zO8D9ZC-K?B%1-Y^xN#h(h|K(^S>=$Y>E|44)x{TTiYEoz5@cpa>zS>@xIM=3yuA^G
z>;_h_eHAGXR1e0D-!>h$OC#k9tTV)wqk{FpEvqEqkd_8})%e!V9NvOBA#eLLdqpOv
z;Jn_Ff%oZiM8|B})UdTDPAfTGmLYr#9LlF!tE35X^)#f(^9Z`zt(N7@Tb2@UF-d-9
zqgO;U?8rPlFOef9VhIy;+~t8IrDSqE&QrB!{+2UouE-@c%VkGzC~w2hpV}17aJ$zw
z=g!*O(3VJCmR`i1(RQ!BwX+9X=6~ufH(cM_-EM2bigph^wVj*4-D~g7+MhrF^0c&(
zzL@6ValgfgF3adtN=Qp591F*F$vQb6PxW2e`jT3!L83Y4@Dg4rrSf}}s%4l%<l1h^
zt>`crVtz%G-mI4YpuUY%b$q#2kN03bM};X9l^kvD8<KShYd09tX(QUI3C%dcAh>t>
zRZW-{3ECPP{K-`g0TzaC`f{atR=(TLUPc@ZIJ=qGhtIAN!69hZnufN$M7(R6Ztpnm
z4}2uT8B6fMC)|h>f1<>}?_buyYPh$_vV$8*HG1s|hkoa|a!np;<cSi@%Qzz-G__SK
z4AR6Ju658iiJG0)XOd~VKpCGTCNiCGLp)`Qv302tme&|l*zb0`-DrRB<>AZc3$-U*
zsL-HvY5iwGw+f4V=V1E%_v)AWaJicf{fL0a$RJZ<Ml&*l;b1+DEYARGFO5)Aj>x&w
zQ%aKC+wWlp*8xjl=xTW#XpwMvqZQmjDt_&|Egzr9=ka-b9-qa}{|x{D|Nk74(r^G=
F0RR;C%ZmU2

literal 0
HcmV?d00001

diff --git a/assets/longhorn-1.1/longhorn-crd-100.0.0+up1.1.2.tgz b/assets/longhorn-1.1/longhorn-crd-100.0.0+up1.1.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..7d000b8bc0f22e79fca845db9f1fe695bfe79e13
GIT binary patch
literal 1814
zcmV+x2kH19iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI^&Z`-&M&)J`X=sV;+JXnzuw^{g>CIvRwHYl7nm!bzsnpkWo
zQXna(>0-b8f~5XXl9gDo8zX>t5k!&m8~&N!3`vo4woJHS(@4Ze=Lr_dd%!6@*k$s4
z-+woonWyjj?WaF`dwLMeg5w}KIX!)Mdf*2q@BG;T@^`95Ps*jj;=tb;tKGO)k}zXj
zVMRET^9e!`R+#do7h$C+c!VECAQZVJ5YLgoEJ{GEEtZft1~x};l*r-D+9C|6ATu1n
z996SUK1c=W+TsEzU<p%Q&8ZQIc!D!>140tc=4cg6Vvvy_nKJK}Oe##NL@EJvzPOO+
zmW!&oH(4W2J!CLPILj!BOjk@+rS!n}J>T>HpJ#y=c*m1{57*99!~PYd8N~|ZQ6yry
zGa`80{!fl)Grwj3Z)c~$X#X#fTvNgsfu9PPev{taA5xp)Dwy067SGXnE)`D~AbBn#
zxPV*2h%uHF6ppdNnm;HGff^=3+Mv9<JOsf&fh-xIwmnlQ0h)R;If}IFaqQBX+j=o6
zW_StlG<=w&KY^w_#fWAC7PS$(1y?nfRH&6A7EH|12eu>(CJ5P9fO(Z(#VmwRWCoFL
z`%>^ct6}vgTdn9B+o6>}geZ~fFDLUOk;;6?Xf80V&`h38xKLNMv?-#A6(b2-<`j#v
z`~)ExaZPSlCHKY?go^f>>eHe*s~`l011ko^O7p#@a+{&Jz)Ns*q6AWG@e$$~u(QvX
zHz(JPY=kVc^6&>ls>;j+&$Lr1^|z_)yE^@x*26T-1Q@lZIlE*0o=tBF&{#Su6=D=t
zx!g*S%tKMk@=8!47XAH?okMYK=02vM1z`%rIj4EbssXWmdabZ3b+bJol^|?cWHsE@
zmjqCh3js_SFhKm)xG<<^2|_<4XP>c3=E$=ec}1NXssz8{@epjrV?Zjw$^k`0BF@%8
zXApV1!sSH+^0F|vPu64xpqHkK3TxZ2@uUf;CwWt$6fd7M07TatHUKqL34Ydsj_b+b
zNGZwFiv*b1;|obaDx7AM>2x|7>3LInUVsVTDt;FBeH((VMY;@K<aQ{!1nlK#(c)-P
zi62S&m6Nn^X3ER4bb&gQrZ0%R8-N)Tc{dDG*ZA$O;i)cv5#O-kxR1_Z&(7f*l(J)M
zn<4G{HqN0I={koZx8od2z+UGdTh2jN;`i$u2Ga6ooO^?5KE(D`x_oJK(&_kywX7<s
zqm}K&%5L;n*DK_edELgwDuJ$v+02fG6==N%wrUyJs+2tjU#}<lY6M-YdUmYyy|NQ*
zEqItq#X!mdkfN%zA+BhmR85T%h;wSD*T&5)>!64;+n*aMQI(h94l5~#-@hH&?}y);
zx{+UlMuGf#dJuFVC`-9J33n}&jy#L7iasE$6pj+YmPqlZqOhxOC_FldJ#3+t(XhLZ
zYNG1xH&g3CyS<}ozVvLXTJT=a0i@+RoLZy*cs2gxy1T22h_eXX#Dff7G=3~5?NfM~
zEJ<gPxPaSpo-@?|)SXeUpc{x+c^cXUauEz6ECA)w(Br0!7A|P1$@`qp_@dp{4qJ9w
z9_kvV#Goz@8$csX?}erdFKyePeegEKT)F(3k#$ywiVaRL2eTFhGb?rE-u-d!0&x7W
zAs1e<m_(Wj?h{Z62tx=ax+4+^N6_Putby!}V$Ue$_eGdp>tR(3Ij4Zx#=7Ma1d55o
zA%*w|n0Z#4pRximKbMq^=^=K!Mz7YYK#PBFS5`hI!mL^`RHqS$v&Z!7_OYW;e@~Bm
z{E~d!-8{F=DPf9&+pzSy{rQ@(TVFfe-BzTR#!1@Z@m9@|()UW~TW!a*4{DxTj&~2k
zzC2_@&~=$UaP;3I+~lI9!vFQqvno+{vPscVL_4^gG3_gc9MX*x`?3c_2^JlGl{#|=
z<k}M6I4^QObq|eP{9aC#ZBBKojfDDo3Du0_lWf}Eq}YnT8ldKs|DHjN!u|kV7Z4+R
z?UTLU<LHjCWpiUSw3%D)thR)^?B#yyuvY_rEqhu13ftSOZpD$m_R3#F_dAQBD}It;
zxc6kJyV*HX#@;BS9rw5fxP$O#Jyai$^aVrflzNm^+F{We0VBKYm0fo7>*cdon?t$H
za+(8)G9IIQLMh7S<~;Yj=&Tu%4gA^j>(?T4&<~%@B`nB{Gf6@U=$5bR?efRZ3e43&
z7aFQThE>v5!<=P30$$<l%&YACe%9|!jr)I#4`&yjK6q)oTa2gf{{}(({@+P(?2q^V
zULyUcc@_2yE$k&<WI`CbE+m~RwYfBFLg!lTzS}XTF^y?VV;YwJ4FCZD|8Lk!!vI78
E0FtwJ_5c6?

literal 0
HcmV?d00001

diff --git a/assets/longhorn-1.2/longhorn-100.1.0+up1.2.2.tgz b/assets/longhorn-1.2/longhorn-100.1.0+up1.2.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..2019e12f7a899295322b5f226e27332e74ac6f2a
GIT binary patch
literal 17251
zcmV)vK$X8AiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMYacN;gdI6D76ehOSVIbKHHq88g3-IsfwA}NXPI5LkY$7gPw
zpAB|{B%&tJ0nm~dC-<|w&+<OmJ18uTUbu*&<;;xw<iu1rmO`OW8w!Ptv+;xrwtY0g
zLd7#Y&Hl3Kr`PNCUhMC~zr9|s{_pPo^A~^F+27fH`C@N>@A=EW^mg`o`@4TZy^TZC
z@)S~G@t5A6`>GG_pX9-eafKD-OdfO)O0dEiAIAw+DkCxF+qh6XqD(5BWe3QSOO%N8
z>nT>rq_t8)grXx#(gP$gOD06L7E7tjGdznJo{|If%C_BFR2PvsPDlWQoJmEdt;M-K
zKpADlP3zZO@GF`U8I7+**`EG#wKF6N@3hvkBZ;nvkd(6n^!UHNM!WHgxEJ*vx7Q#U
z!IIeVWsAnAW;r=PNmfWjM5H*+T8kAlO87MAj4&0nh;#a*gX(IhgY!K2Gv1ANJ1LQg
zpt*u~4%3KAgi%VR5_DK7lA>Y8lS?EO7kEsNK`<I|f&N|$iC{z#8FwaJ4`-rOE)TZ1
z$5c&<VVv;kwr3_DFq-K8Tv36qV^h44L?oOk!W7g@STfqiLS1ulxjn@i33`@(A&HV@
zv%0nIglAm%caeS<!MiwT<IW|SU2~DjgHBYUCvqd|MB!*Vkr}UkORi|5KU0}V+KCVw
z$<AdlBtHg|y%X<zWhQ%yDN~p-BA_EO#WXuW!Q1~QAgT^RRRRwSc51XCc_9)4t*(UN
z)rv)gjVU9mmWJid5)w@@!($>=ttTf~+`7^&ix+g&l8Q(rmlPi2<dU*+M5lOMLhe`i
zPOlg5#J#^3xmiV@n_F-G@tC;6SwZ9{Q2-Xp|DESA_x9@Yf3No-|L^5_gpSDw7nwqa
z0D#$h=GA$GE+$kOIq{FfA6`WxE~Z#%Q8A(!(FKl4l3_v66&4f^Ga`}VXh=|wr6eh$
zOmQ^hg+Pi-^9+Lo8E1TmGplf@jObs;iW>{hIT>qCJv%_%Zl?q5Q<rj}nHq+zncoNr
zl5<HF*OjcW-kwq+xFBidDpDTRxuU79@YqXB{kLTXYd7wgNqg%BUAy6e&S}%J?H}$4
zd4v5|x_iId+uiBC+}km8rdj@7JFLo$mfrrhvk$K=yFS&_ux6+296#)H*Yx?-Zco#v
zv=fDu!n)Dh_LoQ+xw@5Z_Tt^x;1JYNEpXOrJ*ZwCN4#SRgYlFc3wlL_T~&Ckj&w6o
z3hhL~HB{?zFYa|ryORF4-gs=)29cYFCBwO#aHZC3Jg8oqjb6OhK`1Y>tj{x=%ns1$
z=!~nrAd)cE=}029j;K3zi`OXaM@DHs?R#AJxljj)6`5AzD|}>e4bACtt$RpCnCU7t
z-0&#FQXU{B3R1rOR$f4J<VNk+ik_1^qX|CZg|-v)z=USgbn3=-OfsT~d0z-Y+4#Tt
za6mGWC@vgx)$IHLjc_Inll+AbUs0(J&`&>is*7=64Wr%uFZ@oi!UIrm4cPU!eJt>l
zD6Lc5Z{#K?i6ZIIgd~@;nCkZ(yCSu6o)LA<xjLr8)Nt#pI(q#jSR>7kmf)Hn0%ECu
z>{x6Mh*Fe|!FbjPDe?;}#>6%dzBv*kB}`GA4M-wf37lp8`aGC}w-cI?A9+?x$uWW9
zq^4vd2v)>O$73olUtx`b^o*y(V$8yHj1}%<HEFzj#S@%SHFLv;Ar1IQ9Wq4^M<dGW
z9}f$~zrmT71{Nj8ka~SZMBm|*vT>h?gfOKkAuRR-Wps+O!z)ZPO&axLMLrfdB{084
zRN!sShW+5IsDZ+YCIi!vT^}XRH2|c~v+R^9BCc>|K5DB=UGR(uY)oMQ7W57yPtqf2
zUQ3NwzalIZQ7)*O1-;=y@d3`R{E+kuv$*;^eLEqnI+t&lBkIgzI;B#hW}v?o8D-<w
z?1+n$Gc&c7>G&VcNc(&Ni|5y@&r|4~a^{x0C$lpU1DLY6R83xCslF#TQ<IrRwJABh
z9LbX#wO?P27ED|AoD2(^r4``xC&H+lObJtOF;!L6C!A?2Crnk_=o6s<dqt;I)w(j|
z1tj38qcT^0o=RXp{eWxx;Tpsr>19JXjQN-VxuupKX}K2ktQ}<pvmzfr58n}{X@sN$
z%LD3z&?{rADewf8$Tx<Pn}Z3tr0t=Jo3PM1N%$2Jvu3GrfdyuYkks^PHK3#ZoBDT)
z;c9_g&?~HnSFB;?%<nfMb5m(wNQZFurjMn(POI-qM%Hm+HqgpiR*Uj0Pg)`J=n*;{
zY5M?OW2Us}Ac+dgfkEOuC$@QXjLDR<0a05hg~f){grE;U{rmw@2EQ}P2*N{tMNBW4
zrKn&DpK9tvN?SGL22b;hSSJudk5GgziMBW{$*c=65aPLpM00@d$*%>@+<P#W4p0~V
zbuY<iL=r8?&$wOB@QGD8$;UtDj$0Q*(w4l{$UpvZw~?bvOOxo5%yte?*ZcuP+v(Q6
z?^eI>cFV~(I_9UEd(%2PCV9qZ{)ZmazYP(rih@4{HM}|fRFv@M^xtvv7mWI|&bJ`W
zX>A9F-V#*E0%zGwn-|b^iWoP8%t=B=GpEfVUmGA*9AyMw5d$ce2y2lm6Uqw-O(zph
z69S0Qqb(#6vGGyiOmak-R+A->D4A%b75)`UB2h5J86xb83eGexB)X<*f-<U92DmCg
z*+Q~NCc1mAz-mh)c5{{Ta=PqDf@&e6HIP~jp==DT>xq$D2&cak624D$2aF^{N-Snu
zFn&R%{K`yfQiyDZh5`d_Mv4gZxJ32i*fu()3XG3O2qk#|F6*iJb4sRQ67TGO^#ip7
z{Iwu*<?@{lWn)34DgOu!U`>J%s{b|C9<pU%rbUXzMscE?b(}$%I*ZUWbC{;C5-^1`
zJcai3pij+vQ}75g&@FLdFmhS$K~cVKn}`$L1}gV4^)z4Y#5-U8wSyY{fUbhjgljAI
zhUPKlonUa9j@$?-LtLap1Vg=eHPEeVSgND814ELg#IgXyN2a}Nnq_FHM}Q4kXk||?
z2<uSr1rp8}SOy3ylyjlb{=T-{RVJ$lJRJcfR9Y?x@NNNlPBm?%)+2kZdz7G~nNGkc
zGN>dow@I5|W!BThtAXjwsde5BoN2o;QkirB*ue*z$4DD2nxHlN1lE9ZOoa>?-D9B_
zEM;Su$tWXZZlDI>+_J)HYU!;y-zt+4PV^L7FUX@urr5V!AdE&umZ6MFKzz=nq#<zz
zkZz$Ic4d(ymPHCOYTeE(`**|^X}$YqdzkT|+oeo-BDaI)<7pbeb~@4sZA?`_t&WVV
zgOwyH1c@xE$OF{X6}tvg*qI){VTXDoO4~5it^7x5(SkWZFqF1(HAHKp3kbrofpRj<
zKDwSzaPaeMh6180F<nUF*A`Aw!`^~|nr>_#cIL?p*kMSba>9!&MN(m*4C{{c^UcY3
zr)TKs<ox3F+tZ`NixYT@xG*gRWzGkOsDFO?<Ke{#`uoX0;7c%7OtT@|2?)_5H{IZJ
zO~5RU3ZW)Mpdw#N+{$jA6pRs)l5|Utl-kv396EpuyGZpa)a!wcbRjB1W}3<M1O@Lw
z)_EdV+_j}~X8es!9P>f}dvbhfLb9omj;7_lUlr*5<nZ{1lX#i}L{rT)C^I`hhOcWq
zsk(6;@Cc&_X+B_o24Ea?I*-s1XCpc;1VI?(Tr<L?&?+Lz!Gw33j8}Yo><7?~mZ@5+
zyrLNylT^1LJBC5`2YpAhnxk9!tgUIGNABC%va;K*AU{izjEW4#Y-Z984(PKOMh06}
zsiIn|FaaI`gm%(EE2{;neCYUMuPsQ%<@*R728`6L5ne??!~R2kp2`@#hL{eV#hq~d
zYfWsW{Xf6|>v!k2&t6}g3}SVoHnqpNB>t<n_k6du|GWQu@A<?2?|nRBC=lb<$VPgR
z)G0bPB<Vjo9m^oDF;!aLl4~@jtWb8(m;+Dr&G{%L>2>L&!6{0;0VB7N@nRwHdP$@I
zp4zQPNA7MjnKG&<&ggF>jXRwmsiX>Nk(2VI(5)F+ij^1RVNe%{=zqc3jZHi)>;L_P
zWH}KsR{3T^L6)rly_Y-n_|ND259|Mao{t~5pP?%{Jus>b&4`-i<ZEq5;ABD$(6jA7
z{^;mZos*j!O!SG7cSeyQMumtwwp^qQd%dc=eg*2nT@;m{!S0Vuz%dwq@sB3>NSAb?
z5&f<uIZM!sJ@`qdgJLwIH>ewxjcGGV|26;~StZE#p>2X0`nA9r1fwFH=Ky-#c}q;|
zP+sXi^e`kEk_2mQRq`nbVjj(aN0el#MB20hyPH@kO(l9VoB=Y9&jz}zRvxs9@pKVh
zG;~$md;#4Ye7!o7T+LiirbejyrHsCmT@;@i#l+M!&E5*1?GW3o?9+Y#vKxg4`w3-9
zR;2BNjGs23)y(=}d;3f244s3&J@56pL8I#fZB*(ms&)DCT^AQ>BHwin(8qV(FWnFQ
zQvWos{`ljMu19!n-y{w;P0*7P@dtqTWpyMGOADE;7W6wBzSt)$dFp?mV8n*%Beeaj
zQ|jP&NHXbMFhm;LLSdF-k)rRl!f%RbvJ6*bb(&2XgJ7KJHPh7S{U1O2c&^4$k2P@G
zyolvw8`uMs4~hAYKce!Djj=_)dv8zouU*uA50lpfz))ct4QHlVN9zOYPid{>Vw$Q|
zEG#YMeF$g?=An<OMvEyAwEg#X4ZnA@S`sWBc@i*za4x{RH2|(<jc<3?YJg<2<QU!N
z0;+M;azt(j?+cN&4r9?0SqT0r6$7x5XE1Y-9M>nOF{<rn9XB#?m^+oVVa&BH5?koK
zFVu>UhN0&REiX}-r3$4Q3v<z|-Cq8;=zmt@7d#`I2?t)H|Lyl0@xL$j_Vyn1zx#N?
zlOtk?lUNHvF6eJyQN@>E8E&}Kxuh)hk!$BXBb_NxIK>Jd_yZ2!;h|}#V|R_D=AjX4
zss>KX#OQa#C`$=bXkV{hQDo)>1kUMqf)_b>9^p@NqX?7WXEmUi@GW;}LYGPksrb~r
zgmp{7Dbhjciin{t)_vBk^niZqc7Lw4hJNbiJeA!o)FoHiV%5KVc%Hg~@RHV-5NRj7
zTXQ~aONCVdH5pHB6N2B&w#z?xDz`H}*1xT1)cgbyXJBG!&Zz|}0hiho=Mn~C#)*FF
zKI{Ixe3YIS)hdsP(rsr{s%A4dw|!NbO2IoN9k>cBGAc6ncVPW51#^g1GHG`33m=*R
z3(ny8vUZG5v2|)wDn$YAvtf~r$qGP8AEaf;ucckP-wj^&I!3QyP;+r=qvqzeZNIyw
zw@}xRm5F<tIvQ=f3<xff)Du}Esfp%YVc<3jDqaSnT@|)?15)>)<&`}Sw&05!#xh_7
z-_KkCgI)scm;(Xf&)}mCbF2IgK1&-3+TF5&#qP09LBM&?wE4S@7r>9;gVSBD`PKT)
z7q52?vGrli%8Q^E8-rGYS$Q$H{jgNnP22l9y=ft0XK2Bvg%A|Ef*@PpfPYczv&aJi
zsJv(t41dn;+=ov)##DK+D#a$8i<GiZ<~Au86v5?fO^FgTk@Fdpm1&0D7BKwJt(rVM
z_wX#%|A&;NTG-vq3|O}R^L+nhP5*!S;^qE>{(m3O`uhJjhBg+N0h)a7U<UAvoRg7m
z*D<&SFm@1Xnkemti7bY2uw0uMrjB(T9VQ7cm}*wDdUu2?1#CWo&@Iv89sq~L=bq-d
zPs{rEI(#JYMjQZ3&j0py8u>q7>^*<5|L^4q*S|LD%BAiD4Js>q&9w|CDDym6Qsv3Z
z+FGlAxWyWiIY|y6S}8om21!a@8K|xDHV+WD1Z>4%)cU#o$iH$UU(~67bdwNj<h+An
zV4ZKH7T;A?Rs0`#n$7Dv*f4<elNL+*(T0`FVqxCY!+L6fB4iF?SKa?r_pqLek01R|
zph8^VLW;{Xo9K@}4wjc!cpPGr)=&LZ&T6_+F0klG8<02ZAW+`R03shx=x{QfVwRR=
zqxr~)P?QFL7{(cXwI|HYVdLOKcWwNc23JO(EpD*at$<cP<-I{5YX{L+hPGa>4eZKU
z@eRTp9%Nq`;7X-7Xj@O4ZxHI11Mw>Z-&VJ644a4gZcLy?4-M6<v25oR$+=K6T<D%3
zn&a4id*15>EW>cdIu8&8r<4&X`+^Ti$YNBI4|sA(DtyQET5H>QAb!xmRp2o_rsOJU
zV5&=*)4kghF4cBQuC^O>a>0{DmGt*!tsp~HTg@vhwlg{`v*$F*37+GzJz4t=O{pM>
ziB6o`Rb+SYBI`a|v1?bn1c9)tChGdHkKdmi{%|trA0C|qO+$eCw}MZrQv(4W*5qis
zH;_23pxnS~?bIIaziV&CeH7<B4H|U)oV`9ifzfTItDGb;<0(1A)8?3tPrf~T^XlUL
z;N;@s^z6I${lkmz>)kGzrrIonSz+s2_gh^938`L_EI=6wa6=dY^|#Xgf~w&fn7aZN
z)StH;Rwi+?Y4Zcl4;ox%N!=B<-)+#k*PFc7G$;f5Lx=+oylRs*?Xm${?ObqNISyFX
zs=Pj{1GBi1-_frHS7dFF!efTMPIyMKqXnJSu~%s0cVw0D7we-bJTF*Qs+=NR0jf$X
z9<2Gc0di-OtRv)XnHQwUQ>@5939QI?X2?nKETe4v20l3oo8p@{47)TC2dKN#>wVen
zL{U`FU089*+_ULvqtMnjJxzL-fO0L$N)2X~69beaQjfXJ;&7Bv!W8iNss%d_c(1-h
zEviXP%P^ZEMy&~p)yS|8u1ihh@K~m*Sun<WrGUsjx3}ZrsXuN0zZO}2r#_bW|6lfY
z8vg&@ga7}2o>uOA<P?)d&i$rla!aPUHb-{=wGrw8`aJ@!V>WIhWwS8_{Hm6@DGrk~
zIi6Li9VI?>QzY%#*cIEWCw=k)Da-hE<oAlBU-&S(p3sa$Mjeh)pZjS+Ppc%4ay^<8
zf_~OgDlenVWRQZyZgOEy3zJW|E_~Zq;m9b-3!1DYt8$Il$cjkvk%}-=G{Rm)E@*8|
zGOK#4kj;AN5?U>9FUWu89jGP(CgN8_l)3lxB<4YOs|8IjO`%oqX=<`)MP7fpWl!_7
zaJimr9<C^HiMSRtTFu#2pL>Vs#N_Q-KL25!uU10JeA2Sjh{+{6t2b7vv5+_{a@e)U
zp_ey4Kk-<VYrrY{DCb!gQJ=qQDZgkWEOU)Q%CblWIm;HbRm*SYDG8#bBNsVe9?mm4
z9c7uBWC1ZP&ywc4bN1N^xNWruVU<dkRc#RiEVHjw>YCgrQO?uodO}#8sYXR53)_+o
zR?Oz+>CI#>i^^ER2r`tLlx~3V#niSqA6%WI{l*ztlUcT9lM6NdDCO4-keJ$(a#3!#
zTNX4vHxpe|_Ss~jn6l`as!5b#siKKVNawi7a^bfmrJd_?dO4C2xl#L39;CHf(0DTo
zUVVBU{)Nkgw|q*gdGG2IDZ=!5(KV)OHTJPA`<_<-eCoP7>{^_d`N&M(x<!h>3R(P`
zs4_y%2!$o$r9JuI97dM&RNB3jyvVXu$a7f&!77zn#*x@0f`(L6n?}$HWV%#5-69`h
zg^wjBVW3SQ5V?b0sZV3OlzA;qYS=;>KDmh7yL7t2T12uuOJXQH%bhYe@YR>Wl01v;
z-3Xg&am{|(QZ>4c%4CcVk!~Li(k?CNVSbv&mbTqezJ2439FY$Wnt#Km)&Jv8Y1m}n
zcl7`*iT~Q!+wIl;Kl^(x9{fM|@hph{@?@~k3uMy4r#2(yJ$iwh&)prxI6ynM5B_R`
ze~&?6&CaXgSy~}KYJ_N&{(cZzbAyxqG_hJ`Ocna+v79{KLXV?F{~sJ)=qL2WlcW$C
zil%4>MG{5aZ0oWj%TRQUx?g^rD3!lYcuM~0BAYazzG(xg1GcYro}&Nw8g+Mjy)OFs
zKT*mNNhTanMcMd2k<19m(e8gjzPiUhcN~E8vAl4){$z+=EiA4j$ZcVmTP@HHLfrrf
z7A4h!bK-^m91%lR2n&%_zAPcFpll`DWO=;F+`x?ap&6@2oh*(AxogMmQ6XiYgOl?g
zPmfOCA08dOesgxQ>7JY0(Lt5k-en?bT)h;cx;7lhe}D7M$*Yr#_vf!)U%Wp)J#WHX
zQJ|MK+t@-6K*KDp5vXp>-BJ+}^MX>1MeYW2G&p^KcyV!f^!>^C`_mr|ziXNJgWIpU
zc_6l}w-!LVcfw6@Psd{PgasF3sDJ+Y$J4>->$8m`X%4LO@YIC(Zm4Rx)Mqiu+A1tW
z9Wa#R^V1(s&flM(e0MsyI6vGp5|@l(9x~^T<!(r|SHUbsq${)#dFLmC)Bo8x&9%Tc
z4@Ffd?}nD(BAmsj2@5Vn&*1E^KluLj#l^-^GzZpsXlg>dDyl*W(RTCD3S9gAr2p#l
z=<xj<;n@&Gt=-u8x7Ec`*y5avkyhiUw*`M*XLlMw%k53eSLJOXZ|mevP|vwqYPAJ(
zTj=L?wrm9Lv5Nl$(WXW;+%4F&wT*RSO>JX$2{mnL;x3V<wz<0nnzl9aDdJ4gqQhLG
zV29FNSk!xPVBhjt?Efw3CJq2E&HuGq&;R`5`HP(g|L=V~xAy;TED9U0v8}n-{JS+`
zukYjshK}#i^=t3&z2#wCfAjC%U5*7^*_T$(ji0`)ux$5o*>SwDdM(HCCQ9Z0<s7fv
ztJi1WegFFW?EMdiXNTWugQMSSZ7g#Cb^mE~p*N>@(}NoI*VTdEoZd<Qsa3y=?(^pK
zj(ShMfh9Um6h*ajEw!-gPsd<A4#=;K0~>l_&vJsg=jPJns4w`<tm|5<Cd9Q_ft+&Y
zZlvin@LuCtBLUgl?r^AP%>gv8TK3shgYPZpSX`@6sxq`i=W+nsjUzdpJ>`~#!5`si
z9A9G2QJjL_?i5Z-`Rce^uBd)Eqw{b3wCMlto~VuF{{71e_doO+@gEQOKit<-<2r8c
z?ZthlOl>X6^oochKFzTpsQX`E@5DQQi+WuYAK~1@E>a@nzZXMdC0qO*RW4z=NhM#(
zJVw+t7nfxsRc&`vvR^MNJtPY6gxT<ofOQuLE(lqn{*J->3RP)JixP%LR-ZXDqB5^C
z-RjD?rhqno3e3g?eQ`-<Tj&dOVc)^mjb2+45q<m!wY1FuzfIkmD>3M>CdMlp47QiX
zZIDmesO_s&sqLwOqIvgYXyeT5x+(Q-I%)_IfO{ibn$aKJ*uji&DmGS=icRB>MY$_J
zy4^-&d2k%6qQ}lh%NMu6i?_G1np}VqbUMv5;;&H}*t^k|d9|H+RI#O&af_7zt@h)+
zh4pxW`I=_<facYRG+@PasLju>dJXVHRjCHS*$O?{qWw_eYr*5PWv;S-<}3+C%Sg|h
zPMk~Z<voVgi$or@zkl1OMgPmWR4(ZM7e4&t=fC%M_Uri{U+(lC{J;0|glZO~+%Fx#
z|ILRLHL9Vhbln|46V5NY2S^i+J1){JP#(&Ig!~5xUdkd#%+;tvGU9?n@YbETX)15E
zKJGi%7$=Hekz<0>j50DH2?tf{Z{V5K0+EkKugv+FouwY-#Y01P^EuzrwcOJApC+#L
z&ywu16-S>t@0cKPBeFxyYxXUsSs}<jt-tznW{O&4Tlyin)Cvyp&n@L1o_SB3{wMRz
z`TqX0T>smB{<5zB?Z4<f<o~&sr^YJ$J?g0Df-_p1_q!PlvCq?imAXd$EONW$GQYe2
z)gsB^Y<1tgKamN}Y@Q5TK#*SxDoA=Pcpf?*jCp-_a`FEB@U3fzq|G9Oe+=Fq9{+H9
z)-m}Y&x||r0F7`aiG6w6KdQdypB|SW`2B9+jiSiN0Xo+&57`VhmR?a-+|2nplIHS*
zIdzNNd2h1vwzQUlL88s5%smNzrTm&*W04;APvLJe&DHFf3i!h~72szs_%D#|!h0sP
zcG5`Wx57md%Wja%Wq!w7<Zf*o%)55Zkbd)`xtym?=Y%4Z)UKE-BnfK44UXnRWlgM!
zycMqB&^WX=xZEci*Sof({k{%Q2A|>1jwKyg2k!0L{Zr{hE%M(f@HW?3JiDtZutfg%
zp6@l{|6ab>eUSh6@!Z-zoRh8<L`0Jp-O^6HFL#cK{iyDrr98PL!pOy6BxgR&U|j!F
z^N6^c#%qiFbI<H*Ps{qZjMMVX4VVJU*8lFyoksr8-oyU?y*!JuFFT31K*hMTkX?HT
ze{RJ6i#%=XKe%P~9`66@?Y`LAugm}a7Z2<IUY_;y|Au7p8Iu1tsPq8+Zo*a#3k%Y7
z+W4Dtpw&x^U1o>H+cWOiK-(o;6<DfT1(iPKZZjFCzaBgxE>Ty-QH^{)O@D6k0NI>O
z<)um7jIT^FcXE?sCPNp9wnE|Vakov-odZRsm_G|^JO|d|`~ebJo=&GErC6EPgRF`U
zc@SUmdUWnjWz6d`9C+<0qzk&23j6Gd7j#N^p$<@Y&j;m?1fPBbSyT^DcV47^v&(Pg
zg^%-vW~2#+>3;mUv{nh+GVgoXM3_9z`r68R;m5gTQfYztfTeo<W32E1+zuD@Fz30g
zrIk9%+U>U|(p;hSW=_p&ACOsC7Sq+*bqQEqt<|?hYIN_DXuC~~#ssw$IzW%-FQsOa
zzwqHJ3h_FR{~Ws{E%IMw(whDoiUD3~|G(U;%m3Z|2l;<5&ua0%CRnsy$P&qVUV)N#
zt*$wIaU0Fyi=|Pxt!@C7Nv~t5OvZ^jXOR%0=!hoT=KmcHU+fc>_)xw0lGqHemt<D?
z97WNeIn=IY{TB@GVa&44M1QRi|JC&WJ%8SNSpWC&Y&8B$5F6xm>*%kRqri>||HY!b
z!f~N{4e_e?{1D$&i|=Y8C_+&*;v!iR?&S{{Kg4`J#C$!(eEo^kn}=t~)29DPA_ULK
z#!i4P(f^+JUewQjzUb{d#DCq(bIZsRdz^kw^p4kCBAiYs>z10B@j=dQACJd^jIkn-
z;-;=YzSt6#gMJD$B+9$!=Spx6`l)L}ow{4d{oFQJDeE`pI)?CP@X=+F34aHl?NxKK
zyHyk0wkeRILDS~%paHmQ&Ho5KxV!JITGIN?7q52?_t1wmD=&gxtm~`<v+`nY`(dfD
zo3{6Jdef9*XK2Bvg%A|ENu1yt@Gok87I{Dbl^2bI;m^69dsp5sd}t{nc;Tx3?4!Rl
zfj-k@xkhZ)sw<47RIRzdbk&FT^{~Dk*4Kjdbw$bbn(IqfeOO-)>+7F-eT|9IB{M4F
z-)pRrNf-V6x%JhDXR}X>{da{knrc?&wgD26-pLeP7XQ;Y|FheBi2u8%=aKarjTL&5
z5r&>*oL?3>>MjzcUDOT4Xcu+$e@~yH9%Sx$1YV#oM!aAtI`|r;G*Q6^NtF8-N<nwD
zXxm(R*EMHpZc)$1huprRy&LcL6-~6w?dzElLiob%E1&UnjasKx5?e>!8c5OtdF|TY
z1Q8o|tGy8r$|#og+HtqLuUmUv!ZEeiSsG<1O0%}z+^^*2IqaWWrCJ6h=?G1*{5zSs
z-kvBvP`Y6hKegrluNpv=B3dO5+9NET`<Km6^?nO|L2js2QnM1<W(A@r<X2w=hE{>Z
z9sWbzbNB1${8%C^2%1tUDI3SA5BrG7$~&Yc1SMPuB6AKQZ@LOfCRiwBvQ)UD`kR_i
zX+Fll36~Bp_~UbP|3Lo76Ov8om~lZi-N(}SpPlD5|L@-J{zLwkdwCwAK30kdCXwRE
z%s;xG5QgAdXHDQaPA;`|6?Yz?3r*~@$RW`wk`t0;Xq@q($*@h?cnb-VVMVV9<QEIx
zW0rOvA*QWl${Bi+3o@cNBt_R$P0)WljnQkC%@Ai$Q-g$ZB2Y#di97M};Qc^xK{}7n
z5uZ*uLq8r3P)ddD#AB+q;r|BwPCWcgY{UQEi^+If|Ihs?uh@3kkg=Z7h-O4~p2hMy
z?>vi#__FgXR@1!m?0-9t(2rP9UPyF$d?GusJqFu}X-e?6DJS?Z|BPE+e*K@H93KC0
z5>M03_pvPg=S8m`|F^sM;^o8ozmMk;dSxj99cdZX>HHUZ_Uv@37dU3>*|UQ->FDbi
zp-36L{ZMY3!*$~y%D^4OSvHGJ<8QHGl#O-MzMYg4$sQ}mTHrwXSYY5kBf+N#qX`{P
zh(K31MWEscql{mdui{SU(IaH^I&{QS(&_m2sYE-y-j|5ygdyXrL6VQuH5MdBeY2k3
zhlHm@*O0j&I7K)STuOv(OgrKu1OYDxoz6~N4#8;kD2mXL=Aj8^O7JWrV%z%RP{zkJ
zf%K5_V0(K^)ub5437`6m^JVIJ<9+Mw2JJf)9$6LG^wj9Y`P@)OM<kgg89~OgH6=`~
z*12oKhsf*&V1OYI!f^KOAUvRe)C4O;ZgMV(EUQ`n6~Ypo6P&&kRB2s)=03!$fd+m-
z57&N-tXhviuMfd;AHYKg%)J#Oi~FtK7Vo-!9-t%W(ZAy&nGmT=_{Nrt>XPVaaB5F)
zpb;17?>_EywXwVIUj*I1In_NMV>uaeEYj5)Dk!X!z966-OR9(jT0Shp$dD+QqEk)B
z(;O>0%!m=x0n|^9;b1Jf+KG4e{<>9GPW7w3_~l=>5K&3|RMT-#PnZAdubQfUz?THc
zLJ;&}h~?zN7W$ABBGdnlC`+eI>7Qdka{Vv9zWf0BV?PYDOPYSr#t0e`!W?fRsb)o*
zNr87-uT;&Kg05{A`&g4s(79#{5tWIgZH<ENVmKU>Nk5<z6RkQ>sqv(_8RDyTjK1Xp
zefRehttTaXIwdS6DS9(3m@4$*7#Bn;^m<_FR#Lr`sdBiLRakMRIn>N>zBev>&7{uj
zTyT^Na;2AjilH^d=YX|^u1N_Hf>=#GC_SQ}^feck8ONzag*Kd;tNTgc9e_~A#@#~o
zH%A$!)2+(+tgYa#8T|z-GAgnGQCsL3@C-kRN}k4@&bL|`*nIzPGY6gA<QW%4pf{&m
zh~X<b#tMdenCBAZcucm;pa{ZwUJ9xY8Xv6sE=olDLDSKxCn{(~;bGkAz?PGhh>{TW
zQ%2e4&reoacTZu}PmTFF;$mvNYM)nY^ibkFk2En&$;NfSCHmja{$Bn3_ul^gL;i<*
zc}o4Ssx4uZ(eXrG6a9ZM>L?tB(wvZBIn#@)kOZYvDnW;ZA}JbXJh^m-A(7DmYm!bI
zc?q%ChilGSNFpRkFhd!+B2dvEqEeo(fPSGF<#6WVjRSxoU#QkDP)brbqLF$yN<|D{
zAvl@Xc407b#*&HPj2AMSxl5#UTbfh4az+E37MY@XM*LM%&<9C1@Auz80L18GLfRnE
zJ^I>Okx~;fl_a~;Lc^;KB()4SM4TUNX@1*l9p#p_VWpX#E5giiP>E)|&@&~I2}uip
z+<F4b%23DF|Bp^*vGU(k{8v!=KdH+96PPXNm?wqLV7?kZ-X3OrxIM*Mf^5ThN+bB`
zKcg+b&f}5st5!THXY%g(e(KLc{=d`P-|N-mKlffd-2Zn!kLGn_E~tr7u^g)t9Jr}1
z?~bPvUH%FS5DN!JU3EvK!5Hfxmm({;iXtU45i~dX`MPhk0I~NVl)}fvcDT@+1EfnG
z+fvZ7^tU$+InM}Y9fahBU%!{d(1G`!j>>d=W0QoeTiVjTkD!W8&Q>4Og3~S#XW<7a
zj8eKir9x=25V@L^N3Ew$s>m?cF3g&yr7>;KeXr)=xj}%0trd7-v9+{16rO_-G;r}j
ztD!>SaTNzwJMnJ3d;8H{;PG0+y08G;aXiM|a<`eaE}IpGZaqb7&g-1o8$`n$X0-y`
z>XTZpwu!-1Zn&(DXSE5n_vbAc@tf0iC$gpHhQ@t|3G_g%K6zo4O$>lmV-@bUDjUAc
z6>!k-w5~b9OWXMr*lL;k_q)B_o!-m6ojVMEb#j>Bz$S((gE*ACQAX93yaHybp6@kj
zVsRrI$Ix7A_}k9@x?^6Q6z0_4#3+Z&n4q=Dq20s30%qDb9@eCa)f)R$cxw{Lt|5}I
zc6)b4#p=Yeq?J1iK9MxWN?}a|YY|BzY2+GMfRLlXDRRZE|Gw-kMz09IB50Ulb_uSG
zLh+O+lBjq^4C(d{UHhvMhpuvLwwy|vX9<Ry<ggd-#*2hU%fJ;Lf0_}`C52lIHQ26P
zn;wETmS85_9Q{O8(GR-VIAMg?YGD=e&O*(y9Rr&qkLJ)fK_QH%#1yqT4)FSvqT7nh
zzHcO4YfCV8##7>8^$>h2>S^z6<8;)9(>8kAix)|qW!TvqWi3L>CTL6$Nq@To2eS2-
z;K~mG3V$jRs`avQ+HtsQw``ZuODhgGM<}g>-vouYJsNcfDhb+H4NHTv!Y8Jdu&0ev
zOo+QSjiwjxt&5M1Q%(~Rx1pYJ{PPm?yb)RHQ16>U$bCd_&R;cs^XIP+AGrp7+2+9W
zJe#@AUgymBrMrRm-F54Lt7z>tbd@^?D~?YBdCwbQVLmr@AB6sr+WDIhrc8Q2#T(<k
zuYvTjl-KEkq2#&%7inWSef!~44XM)c?FKb)Hweuel*uFsJI9T2dD6e8SqAHDiuItf
zY=*{!5usbcVVII_4Z_vnbOz*_#0*e_r~+gZS!TDI%x?3H7oth+o1S)WhuZ@0?Sbq{
z71*|F?v@=DQt>JM4T1*zQgbJ|TTZ5U%#FB!IwLBiLW)jFY$EwNv~4iUSvG?RFGNlB
znvD%Z6Ab(GWsIGVzz8<!0_facT@yV^w(D%_wg%5@YjDxNoo4@+#gJq~opY|tJys=x
z7qER>3kl9ulv1%ioBz9QNdth6seqJO%ca^pM@DF%he@&n7^wZr(~*&HkW0rVIL9{!
zXlIeK<bsGH*_melp#dJFZ)TqC_U!l<TI`kP?lktmg1qnH2L|TK7zmBh%^|@m!S{^-
ztJkhPc&7(%Zs36~ci)2#RI`;45UO*VL4xhoeU690A=D5Ib3haYAF4yWm=Hu*nsdrj
zsV5`}ktW{FhJh(ANDP7fT4)aTAX3f7X_3^9d?hyB!XN`Syy_5-1WC0fgEOy5v=14T
zB~ehci3HFHno-(TbHGyaghCviRU#Z}kV)8aKPZ40zVPhs+X>Bx38OwHz+=-86^FV!
z@)gj3^C5yN$kain5>@I|@bdU{WV9u#Q6MUjO#{A#7Aav?E>$BYS&9_CBxR7|wnZSE
zEu>1fuFJz21I1CwTVfM!ow#$xwF*1ID(pimc3j&UIGurt<HFNXS_pG87lKJCPff2u
z-D@n{N0G+pt!oCxI??i9adeHTLIqRQoPa8U{e=(Fh%zcCM8=PAPZy<9)T#q6A`lby
zY8yYM^754?1d^Wdl*o`Wj-a3iLl;GyAzK`k<*O87tEFMJD%Q9;vT0f<7YlT2as-7J
zm24Y;{f#Iom6u;bXqeVH8An`cwL!m@2#$2e=yat2wqzJ8zPgl|q9L&Xz^OllL9Xpd
z448O``DON0mr;Uonv(RMr_26*j1`7!Q-cZeGlLaI{$q7ETp2i5Ys0TK*=u&K2{F}m
zH3Hyb){3<1ZeL-sozY<#{Mub(>@6&;wdvLI@QNomqiQx67nK54e7q${;u*sAV<>Qf
z2au83%GRP0#74I3*IqJPDPZez!zQGb4?r>4@TnY_2u&us2@{-M)`~k9A>)*wP*BSe
zJ-t>S0=mQjD{~YK#%Se?<(pG;YA8Im0~a(E?u1#9r(okx2>Or)SpDEmW>#)P(((^q
zVVXfe{}h%97UZB4p=ZzBT6^})nuxSI3S%)se7hiMif4!m_(!wip*F-lUgu!aF<LkF
zCys4D1ptObs)&q6TqqBNHB+?(DvCq}#|jlk+7eeBT@sStsrR@h<n(}~;(0L7TPC)i
zj^IQV<ioG`YiP?Jw3^=;N(+!Ggk4d=8Jx|`=#(luqa+^300CjV7*7ndgNR%>PgtJG
zgAWRir8#Q1#-b*yn8Ke1%Qn?rgu0Fty6#0VHQgE$2+J;7`W8(CK2nEF(Zi9JoYm!T
zHGH%E@`_xM4C&%XmyaqHs_ejMKlY@9J(0&su>|5ozn&1BsmZK7hG7{1kcwT;A@2m%
ze$SG^!gg3F{teDBvzgy(7}B3n_`Qmd6LWo0MW?GuZ$XBpwk)v$j47ou;a5bE6k!%H
z3lQiv1~Sh05ND2hZqG^1xL-UPy2yg$MSIE_iJ`@e;9K$r*Onh0oWP@uPC)>q1xqnY
zX7PHQr?qw95Mk542F@h+r(GyZ=@m^2oH^!Tr^p^1vh$T-rg7jT3Y>4XG^*dV5XzRB
za6NmFdJ=GM=g4(Yn?VOaPLk#{nw%L+X3^;8?O390LIhQ%V5<YuN-Xmc&*spJobVz`
z{{<-Klk)HoBb#LG_T<RxD<Zt}i?VT_h=ed@j)QmxX4Mg-OQWzjs+DgV?wYR4*c(Vs
z<Ev<(C?gV0_%)gq$)r4iXO@vRsLkO(pQOf0>IoL9Ih+4jq6FtSp=wqU1G~N6I#$1P
zOo1n=S4HkF+$XaFR(~+`cj#8^VyxQI$QNIX)l(z>fX0hyz!pHYaJWF^CLtuXN>rjW
z;|eg(NAoILqfNgWl7vr*L<O@_8cG|R8jeMqQ-j(@6NIFw$g4B(d_xmpU4ix4c)nyZ
zihL|^YOW`=o9PzwR?@yP1yER`Dw1m@jEqb4AHWH;*;*Pi_SB>CU>J!Vqqo+P;cOXQ
z#g+6ku%$n6ds~^`;K6xLuy7`UwkiVTYAbwmN{&13wSpDcaOl>oK&R}K1)5C34Wg2u
zB~WKRg`HKu;I!4&YIPZ}PriXCd$-s0cdvkL*XKYR8cE}l+#2r7KyD~r85%k>o3(B8
z@mK~0b-BkH^JA(7o#Lqfqd9ck|M5r~%>j$jg`*b&W~IJfv+j+4RDlGXxthg;hBYL{
zvyH*j*8|!@l3SN!&ZPvq$@))lIL4q!EvqR@5iXsIidVqu{|I&kFO-2CwCj*|D(&&%
zFC?k@WF7}MDQoOL-jGu{$YE|8UTrf0oc?{DWv5ILafP#{lO2j6T?SPO)#M37(%hJ4
zrYdM2<+?7lbx}$b5mPU*`A88Ko-ilLWn){y^GW+I)@adl(*rNE(N?U-26n-#OK|f-
zd~c}`*IMcTXIC|GedtUvB!iC)+3a2LE*FBci>juaZNqxHU7jw_294-N0NBiU7pw<@
z5e1w6VDd3W60pktzyG)D46#lYV1@)~qBqVk+rbn06xMJdjrf7ADtdjXiA@0!ILjJh
zXN?(IU+ieK9YZRZK2NnYt?sA1VeUfVY}PtkfNj%2xl_=0TMU}uo0~1D(Q0GoWu=`K
zo5Dup(zB(Ur`GzCHmwz8$-rUOi6>^lgCslBCfSihZP{c-(k9u7<M^o=Ox>?arCzdT
zL`5(n*S^_x30R=jn6{8j6eY-zbG3zF3D?Q)sU-}XddNCmw-8k_9E-jCuJp=kNfM^g
z!YtKhuZ3B&W(_iU*i80~sn#UoPGw`E>H1p}*D?ABFRD97Q_KqMZUN9e<cfRnLeMIX
z<!8^%xFQG7o}r41IpxIcewpw)YsG|sTFIJnC<d@p;VcbmqRlWfUO?;go)tke3j^=D
zd(Dox&_+CLWK|Rs%iqhg=ru#GH1fr(T-4R_<FLoPYMD{I<G7*#+NQzt^?5m$h46nk
zBdhpNb-7#kPrD8Osg|<mfs@qoHA`z|$BzbXcIXhxrl-|465C2CXO9&c60N5gwQ6Q6
zJJF`BDu|mM=r$Bh>~65fxF8uNQcs@Qdi<bx&NDuq#ns!Lf8&gN{eMGeVF-Yp-T(3$
zd@%p8bzqb?@MS@8!Dt4>egkkmD@nkS3VzM{JOz<NIWw1nh6JI7llzLyXJba5*&R{c
zLff*j-js@wgcD;>8nfz0FBqgMl1t-h$6*S$?J~6+00R4yfK|sxQ+~~?6Oc!Ys|h3u
zs{0v(IT?}(zM>rLJj1)-iq=we%<0}Jn?_UD3^GOo$gbzuvE4Fi0EZ~VKWgrLRgo1w
zr==iv{C>;9TQ$Mx%mv7S<c)HkK6_S^J;7K=IFbhVb2>9p#bj-2Kq|Q@9CA3!kjyDV
zMGia=Cni%UU?>E<R3DbZy#VX?4fc?$Nd@VcrMDW(iqv!;<648a%=ZlY#pd0>?G#%7
zT*Y1e>k8;@xR@)DEDeY{gJWcvvbR)CUSX-eH)6(0nPxzgJ;#M9D+5$?J@kE5KDDsG
zlDXGaM3d|8gO)Cd%22AC|KPY|$>eA$U&<7oCPGH4`c@=(QN8B3dN|gzXN;?7&sK%W
z?P0G8*v16hN;{#`%aJ^}QTu%?@RTSbs&P#abdGePnB1s+lvj(jXgI-MXqr;}1!pGr
zyE(#QoH?8YO_^Pq8?|rzgFH)#fEXKesh4dg5mjhP#}kNvU?d?@Vq-9e4hgdYaRyEK
z%e~(xvY4U~!Ae`!!<pUdn`sC?M6c2Rd9gpFYU}@0%73_%uV@8j+%Ac80=EFPso+k{
z42#q~fuX@-t2v4irW!Jt6~TC!@QjoRX~`8egsUy1YV3?d)-~vn<&lNzVgYRoeN!l(
zY0wx!Y=-DG$3~&ke<g(wn#I;ZGbWkwI%)8wiRXol@!98D4Z=-Jo)JbRSha64Rc$`I
za)N@wNSD5i_imoE4s`b_8-fT)tPpH5YF(O()EHTUSYJ?S8<fFnBTO@rme|J-1E?mL
zp%l(dWV6u2s;v@N7F@+BCE#U9J?FI9CJ(A-T)4QD_K-_$52XeHWfgDLA>@888=B&o
z<+R4b=I_Zc&|E{nt!*R0axD^B<Zyhk)Zv(LW@);*jQd1rS@?=hX=SVB$d|9LYSbsf
z2IBZi3l_O`FW3!Oy|&6A8!vwBUaUc!LXu94OkqYK0c+g3nB~UX6-YU#5}@3`2+kA}
z=wr3`awYpovBCVM@C&vvA>hieh%!DHX9bW&Zwt6O!Ax4_<-AfgJ^?WdZx7GUPS3tO
z=tQt;c$Rvkyz9<kneV!gKinvJ;7AHtm{wws>1ae?M6g>WNH(*9O${8RB*P$aU{Ll7
zBi2O7mXrJej;IVgVP51LqgPb8hmXl|3sYXwJSV9J_H7#qVa?x$lbh)<h=72OH5s>!
zHn;qH(`#_qR<W0&CQJeLE~{I{B~6$jC@iyJiBZeLG_!GLgxfhA&T6~5HWrB5i?M*3
zEftH>+oBOiEfk4?!rYet!Ie0<)Ec9hp=&{vcmFu<cx;@$cKgAJN7@h$IW1SOo-5GA
zGc3kLs+RsSSVAdH?b%h^ZlEYQ08U3pkXr2uK{s8ys}9OIp6Uaux9CLMV^cet5S&Ig
zH#aezjvw2LC$vDE^0eHLhhq<#PT{+RL!G>WBy(zLB^=zZ4r26Vlb<Q=^Hjn)^nQ_L
zP1n=F=+w3_IDpLgc3m6=<ris=fg7q(Sz9K4z*d8Io_TFD+elh}DT?*{ZXuKE(wqR^
z3U1~wTOh#1wWiVRuskbkT<>_K?3}c8?_B;HwcP1Q+sjcdh$O5G;=<WAo=N{Fc*g3c
zcC+eIbKBn9V67r;b01rM%f=Vcdi=hzx~*%_RWu9URYi@u3kblbGB2c2CJncP#pCu)
z+-8s6@d&m3`bMbp_v^~#0VF>1cHjN)Mjq+9MQ+y0clJbk>JAak--NXF+#>TeQKjkv
z#2R-(HA1nv;h5Mi0`eaFZrmv?y9DY|7`&(Ko*m+)&f{@qa?9Gts})q>a$nwNrFB7D
zchH4P_jv`qc7N1uR?5egElDSkGz)Sb@Q`C!l$-h$Ve2w80|zsj7_ZsJ)#E8sd;@WR
zW$cuLAtxemhGSvkC$G(+Q46{Qv>ixQ?%kNA12)z$)DWBExfMsPD002J+W<DK<t?+b
z!d!}WG0ro_tH}-B%3WrRn}BO)fm5cTEEJKe8sj!41gv7+yIsk{=G9nLlQ;;mwuUUk
zZ<=FIbS-JN*rL4!qR*`ZW;IN^(zi#o^@7|I)q+GRzh)UX%W@I6wP*sgg7eX@(rR%Z
zw*wvuE>OWP8Eh%(A$Y43AtUu+6y8PUGkQoLf>Ujsk8BtZn2SzQ>j~3T@UH8I@~#{E
zF1`hYRcR6Yu4|!r*R_VS5w#hJ2e--YHb>kxn>)7a?#&XVBbq8nvXR?&+b&~6);n~5
zx3H~ofdyuYkkrTlo00UW|0X22?|dmIE?nkPS8xuU=^~a7veaHV<J~6J$ZAkixWbtW
zU<b?bsQ*TzwLIJE>^ZI6i7OjP37;)jb~DoFsqti!8$8W3vW0efb^>>LUsijxz2IsW
zWgxxctzG#2R4Q%g1Pt87#gHsVQ%qsg!Bv#XYJ)C}XhO$sTsEr3(BNs{S9I5#mBC0(
z6SS=+0?UauCa+1Bnd{Z;bb-}t&j8>gA-O^7>1&O9xSR{l(#&`P-X~||jkp$p*4sBN
zG7K6i&XOWCX^6~}n&no?T(d$K(hB+-L^hF%PVM@+X+&VTVbz>k&rmPkLEF$kE1}5B
z=JqqR)9V>*UciEtaFS<)@Q_~-KOD^qoHDJc1N4B$Rjok-E{M4|vlb~(UKVHX;EvG+
zN25Xub#jwu+`6giV?5oSGY5|7w#!L`Qv+2Pt|+eg(ST}3h-%p3oQI}ai)MhJkb0pp
zeqHvJLE0ax${j<mYv>8yD$fG%?0yN#7V~vg!A#YLOtmb}hiSFnqBn=P{|J=j7HYwq
zI%kFt$&l<$Rbwg2l6@a>CTU8_{0J@}TC19MGuiNNs{)J)0iJnl2l&`N)xy!Fy}ljX
zmJpe{-*cXHf@Co@cy&W~yl`bac1OGH5#uo!fOd;uzgLd!HM0~U36OL9aNw{qF|2D?
zUPV^Afb0GQ>H`^5&|saRP#$<OE3Dj6H6bCv@m(i==OWoqo&(E7Sq3ht@W?sOQX<uy
z!MTWnit8NoKd1ch%(^CO=`Ucj%fu<@VwFWzPMsbA)DBWTs8(={hT#N8h6@I9qiRA}
zT-8^q=K*~cd+^Y1tAxAhBTBLqz3bNH^0`?B@46LkXIMem=b?4jRGq5HL=$Yf1!`H#
z3i1=s1ellc*6zG<TZFcC1pyH;o9W`33qAM8uhH4-3v~4T;n{a5=;Hg+0UDfKT%4YL
zhu)rEe2)$<E)I{rKRHG}zJB%Qhm*l3&q3|i6r-KpmGvUKpRrUia{C^CLe0pTITh9D
z?%Ghj+11sdU}I;K`jB@h|5+8H78+SeBdR6sdQgcTRH7D@sAWC=GwDPvi{n8ldQgg5
zm7<1F-k4U@wut_n)S^nJV|Pb!;xD~)r)ZlS7PWMfkYLa=&&n}TJ*^JxAi3^wwJdU7
zHAY$~P#LckIH}LFTit1yH#R|%4AZIKsja0NF#VhpP+feXwqpdywuExCjrzn^;=&%L
zd)nQ|fb6bmuxA=+5Ofb_@2G1!?p9{X6<B48YX{bwlUr3u!YQpx_OkhHoP56pazfhn
zC&$YSsKKf61rzVnP7X*0>5F5tVb~b7O@B~Li70KQ#R#~?n5wxJ>Zl5HUOISN@=p7a
zyQ^UrC8A!GV|ppBe&NGcRJLprK0a^9Q%2<iYKh%V+(WI63Nk7(EnI&sxH6jul;wqr
zA>3gL{q(WR@RW29x+V^)yM?+`ey5S$J<y~3<LAefIE@vsiTrSGF=>mEpUy*PxZ5+2
z<n%hLZLDmT%-WY^WpnAi$g6@6)|z$UvCCnMYghrj#|d6YixAwP@AW9k<`LcL$Y^Xg
zR4TdEvV{ckd`2TO8%HkquDwVQRA1(6DzjTPG&PeT#YB8GJGYx|eqV9{O;@)CeeQ}4
zk@AX@=d5x_{~~R8PXYM?2L1a)nqX;b#1Fnde7>`5Ga?jIpRo>BCaL3l?rgRjQFc$h
z+6Eksv^#ZvdbYf72l}4TIH`1Dg&C27QFW@y1icBLP6<nm9<S|?u)gWOK}WCwNp5m3
zRHRL&$Pnwh?&`CAQo~;b?e{zLdUyjE-Nh_lw18W2(Y|{N%X#r+x6Z9UJMLC>TRfwm
zpCIC@+D?pKYi0eKO48PZxn|>v2sf&BYQ0~gJTxkHwb`T+qSiqEyKa%2P4F$7M5ad2
zDI}M<q8Pn7tsGydsP+>gNQ~a(E;PXEuhK*Wm|h7pQ3Jeca%*r2OM_5D8=UPR4}32P
zpMut?5lu&6Kwo19b73+gKvcWUNU-`+f?T|YfRU%*HI~rapvLkXp^Z84FAVnmpG}rf
z4|1%>h^??F`-_f^&0Cta17iQu3p6}QW4yx>Vf2gS%yLC@L~x38r-DBI_^w-s>|OWZ
zU3a2XE)TZ1tC#KC=!019!L^8-#dwN;;|yQRIN{T6MWm|U&-<?X$K(5D7~fR1ZQX;_
zxM4YW*I7O_TKfdbG-YF<M`4ePu5!1~$xY5BK{(Hy2NutWKrhiNj#HOoR-nkW-FBys
z8_9r(E1D3K<146d5BNGeZlxaYph7z=Ot`Gw4br`#c}#h?Wvyqe!`4lJJrzuXdk3!?
z&WQ42kk$sjca=kcrNJ9q;BQ!L3GunP<uB?Belu%MpY^c>sq9>90Bv`Hdjy#3kvVmF
z+V^bsjHjd@<_OgTaPa$=4Y2Chp}aXomK@wn>e=hoDD-Pjl`GOvD@{~jUPKuIqM5DI
zB0}mocC91G-)q8UpICjC+-RXoRW{o~$%JddhEhYKt_fjiuh;AKqP^XhFJ3;K>wSbm
zr3Vs9!=EMIY9#WtgX#C*>tCAFWv8Z`5#&c?22&wMGc)}`e>IP0ks}PdoRTDkplas)
zd=<0Y?|+3ihxK`i2CkO(A<kniAkqS^_?L(0;dyu-o`+|x=l>4?0RR6YRAYGnfB^uv
CH`Js6

literal 0
HcmV?d00001

diff --git a/assets/longhorn-1.2/longhorn-crd-100.1.0+up1.2.2.tgz b/assets/longhorn-1.2/longhorn-crd-100.1.0+up1.2.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..b2ef5c97ad0058a967e7b92ea1fa9eab6b7ade28
GIT binary patch
literal 2648
zcmV-e3a9lSiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI{}Z`-;R@3TL}K{lWp20M1!w1eMrlVa=E8x%>~JzU%YlyqV-
zkx7B1oceD2?gL5vp(x3*BHtJR#23R9d47j~&hH$N6cf%?F&Atais<wrCPK}&WSzV^
zWSY<C^Y`!Gncw+*?*Go;oqc$<c(-`-;r-ipZ_hrwnlIkIpMQ7-^Mh*9kus@>cr_o4
z<u~qyB*GY1L{ZM<asm(%MH0T6g+!?YXOy3YC=|V=7%f2%7RD%Ai^VjGkS*avi40F#
zi!icAnUWBfP|iBJl?vCb#RVovBu;fTr$#8E2}$X96q0hbgw0|Sp$r90mHGdPNkx)G
zf{GC?t}i9ra#2>FO<KgMZHh}EX`0Z`bj4&-NMFq7v&C%wmn>b(-pt-ijy+rlPc{2j
zxK0zIP@aY&k_RJ#-S&U>=EK>UXa8qsqy0Zma!rY(6n`jW`k$QL|5a);+$<*dltoLp
z$fV-yYm___AztDwWz-nU8Wo9%BAP!E5@2GO1hhfT?y~>|Lxr+nfXenvp%|0(Ovb07
zc0G<=YIB=+h*=XxRv1l#?GpZu$-1K$)l9%bAF)|*Q*lX&S}J0}#1cNT6=gU9u&qGz
zSI$aip?o4!40YRAf@f(3s~_2FdC%AmEd>H3RH}bEnV+dt=0Tcdf+QuH$&)b`>Z+19
zg(S9OBxS2CA)+Wh0gxfr<aSkXZ!`hO+iR*%^X6<80V=YvVo+=}-)kzj8Hx+CLN_Oj
zaZM~f08f#ffBE$N?M*Ekz%nZj?l4qkW-559ol2p<O-0{T>BqDhrfDkBs5Q;lJ>w5-
zdP^~hq@z+UMiG_CL4sr!h<uipf^xC&pa0o86h&t4ljMt_Orf~oNw#L?fY?60QA8EG
z*`AO}P`1jmYHsUmj1Xo*AX5emf!`VzhSe+qxRacHAu3+N%xW~t>r_w$_!W=(U^5;e
zsF)}R6sQEwTA))5XS%|t%NpdT+~9t;Ces7GFjdH{ZO_KjI-s89b%oYs^^^gix?aBl
zsGth)a}PSICW9lTAkSGS(8L~J=^CXX>vS@mPA4Nh?@Q0uXu`LWpN0KDgrF;tE<@+J
z4T>%RJ2_f-94$)mBT2t-k`~TPc|MlTQTx*LC6)I*Fe57O`(f%Dzq@OAtjnLpH|#m?
zqjNa2bGSjJ?AY37Nc(??bErhR&LPijIEMnT(>X}bImlA{ah*d?THcRyzmp{EV|yE2
zzOXszbbQTPHl@_j%8p`X-}P8mZ^#?-cZiLZ0$mfcnGFle(K-!m;~ChdkUa)pFDLk_
z1znqJcC`6k*$B3-d5}rPP|6;VqO7zhuBfAwO$}p=vcycUy_;LqfsixXpL;4%mY2W0
zE~UKw^_SQ7`RiZny3yZyjRO7c@j=jmpe*DbB;2)7I`YiJs$>g9DH6t%tw8a|qOhxG
zC_FldBP^j7(XhLYYNG1li>Xzh?XResCmqYG7QEAQAoW~_Q)~1eFUEh|G*?xDIxm6y
zc#ys?ji2*L`xu@kOWJrzyvExLo-tJe)SXeiLDvwkvUOlzkn>;&h(O4sp~rn2EnLt-
zlb<r0M3;VFJ8ao#d7x{U61}=Sr~!>MeH5C`y|itE_Q6AlxpeszBkQaN6&svR4rU$&
zGb?rE-s5raHIit%Cl`KV5e+pLJjAGC6owE?bVnr!N6_v_)<AYfvFAy`AM!A}(!;72
zaGoGxd+U}-6cABKf&`;eWahVA{FEh#Ib2dSri0i?i(cMaffoPNt}J~_NLcyCQ0_(m
zXS?)k_OYW;cTbOe{G5E;Ts*hUDPZz~Ls+_PeZC@W?`ea(eMLHHoUT0{_iB!mepE^y
zv>fAa)I9b&-rNlPx=s6_>oQ&7@TWZ7<f5R$KX=fxDo_uyNYPM4JGhK7?JN3h(v1}R
zyc<L@5e<HoI`aVJ>Itvy7delbn?^2vC#OoEQ{8GKp}t%~HRJdwn>H6I2Ju%7)a>#<
zFpMDR4$yT0F|yY&+3P0~-cz=!FRTVObMVTlC){N(_fdnrYWSV(75Iy*ZncrUj>=wr
zS3C2e%a6z~(z!3xT<RPN<7kB8M?J0q9w7K>hw5UHu285=sU4i+heR#aM{YSPw;bfy
z<&)nu`!btlGzSt=9>D`m63FEKEcdj?tR9Z_Jm~rDTb|kLuxI`C6=lkqq(Opk%iDUp
zIP_V9xf<v~eKkmlihVWAKGqKK5@+-&NB1e0M3EcQ53O!R_eM@42l6a6z%J)f724@v
z9PM_vn8-h|*)C#qGcVuGXs*vBMxeOvxee7rXPLPk^4?NSk%F&5R&%kJW3tn;=R&BS
zZ8;*Ss%qmjR$cZ`r_|DP;}8RcRA5R3M$hK02I<o3xkl&l?9L-gzY?)RRdX3xs!Zlk
zN8t$f-9z!H)hU$t-L62jID(?uNdHHr|8Liyd#+z(DcF&7>iUEcIFqI*RUlpnjF2fx
zk|zU)r3jE13RE3xRON1}V$}y%3dLrC7Aa2>bJ)z0;%lJG)PPF%+z{G4)X?`3MqME)
zffQna3t+shW2}EAHT*)W&qS)5EekO^S5NMjgh&O_NC8E69KlXpw9y;%_XghQBz72v
ze^lZLZ+e4{4@_$K-QK|e&cv-YdV`~Sg9{y`J<a&@Zx4zvZ@1-#H5`|H>;${2R>u3Q
zVE8A`>R4j0_{YO*sxqK2Ttyxw!W!CP_}Eor<l|@HV~>f4b8svBcJS^F#%(3sk!p`h
zwKt5UGUlo$)ycftZf29da38hr_iP2Ktm?I(`X93uXisq~CFFh{MYcjcb&)G4P^nti
zG&;|f45RCjr=Q~voG=r5EdId*=OUau^Nt6@Zo{bwuV0B%J!-iZ$HDJpadGF-xLfTd
zk-0n7s?;i=TZm4kJzid`#X+kJc><!D2aVi96cK`K8_%f1bxV~_Ma?53@Aqz5t~5~!
z1zW<&zY8w>uO*g0o_K{r!C5cq0u`a1RqEf{l^~qiHT-bfucFI7ZhG+^|8HjU?CBS7
zP)R%8C|gNT+^qK)f`Wg=$UvgfxhE0ck}Odtws5(qPol_f$2i}Go1TRSU7K;>W)<m<
z2YEjJpi%*4dFfe;`$;jJt*Ta(r_#yZ*CpM=JWC?2AZKRx=)}&^6W{_)iivyD1+EID
z>V>u3wAgF&N^l1FLl3&<MG$DlpD9_fsp*pH`=u^b!UDPa+DjYBq<exlH;T%yQHzGl
z(>#{fBX^IOmS0cp9u!ewmpxP2Umu-HvsI=a6bF$p2)2MEjBWqj@u0I)JkW#f6+tb^
z(gd;ZgiA4`w_DSPiCfWE-9Bu&|Fw4i@Ab#?%b!2a*3n__n0@U2@5N&7-~YXM^LD)d
z_c_uZ>Q`Z(!?nHS8%(ro&xO;*mD*-EJlHzdY9G5DV;a+##x$mW>Hh%$0RR8jq#8>A
GWB>qYC?Jgh

literal 0
HcmV?d00001

diff --git a/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-100.0.1+up1.0.2.tgz b/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-100.0.1+up1.0.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..20797a0ed6c73b4e8af2049da9e1dc8f3fb8d87d
GIT binary patch
literal 1137
zcmV-%1djV3iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI*_Z`(Ey&$B)S(bvI_oVv}RH^<$IAX{d{O9$-jOr9l96iFOO
zH_ou{K1i~Y)Rx_(p|cIky%^?EzaQ^(|0n{@3#1;Du4gO~ctbr-;&@yD`Ti0rb@W_G
z(=>fQ95%mcnr{B4@7|pp4Tgi0;c$5Rc90&WgLkK==@Cnx&HM-n&I28#&*s`R?mr@+
zwejGk(Jo6E<KRJ=ywAaVg?(v`Ig*!ii6UdGSn1qWNFh*X?2V^@Z#uVVsL)y9n6Y-T
z=a$Z6)w$WYj47$ZO{bPnAvo;Skay?Wis1yT{DkDB(HUEuBw+2`-$6g^pCkeuCux1N
zG`g6wUsjK^ad6&LSLjS2jvsI?wQRhUe1&sy$B?G|v_JSR*p};`e$(BuGygqSR)I%%
z%t^Rs6@vZwKR6kj4mR@t^!@wS{C^R7m?B^$-gwmYKi4n6cXg^Q21zNk$aZE#QlSR{
z9_sqBQBD{uP*r_b9MkH#o;6DHWyVTGn=sa96O@jt;5-sHdM<O<htl2Wd*Uqe8ZRdk
zY_t7=vISZ3wPzh&Ovf$WxWQ{wRs{mpLDpzpVaQ+J1NEAHywypa2L-hKY{Hl&bVv)l
z)}=O|^^X#ja2cC}a+omYxUrbA%XRS+31h1o(J=K^E?5j&Dqdg(?GYF=7WHUy{^{-X
zi{+ZMPF641r)_2JrhDn$R|^DRoPon@QkyEqbWjRr3Nu!h^DVVs)+RYmQs*78hU6`Z
zb9)6k-zH{EdaOE@ze>B8_>qSOB3N#o`8E)a2?c5|K~0ep`j}3c#rN|n3hS_n2`jXl
z5YFXIWY8(nLUKH}QE?3~k<Lhp9LG{nOzgsYJF-?u-c++I6TH;<H!{qOQ3!fND=TZr
zqu2)B_f#2XNE$u5b={6=bu)2|L?!jLL(-9hOBoPnpg?n^X&K@|=OYbj=_Pl+87iAn
z`?2X3hh~YLf|b$I8;Tum8vSQO<wS*CMva*@aNE~o0vmx7W7JbR$nJjE3M@b>m`Nr5
z@^_<mZQH}}D61Y}-II`Z_pVmB3A&?WJ()pjk9l*$+ZNO{$S8O-<)Avl^T~YOq1s9X
zH{%yDtAd+}5j$UXEEcI>#26zwYSEJ^_5^HqPl(B2h!^O5a}(X!;-V6|57L!Wd5a&<
z4*Y&vs$c7U2R7;O9E+-U*&#VvwVC~a+{c^ttr4+@MN4u49#>b+sBL?FZ;n38tbu<r
z?SvZ>+qKhvY&SbsOu|e_et}U34HsrQ?uE}o-qBG&h~|q4sL9?j<pr+6ok_Kj<O8V7
zcA$&tk1vt04inQmEOQ=waF6{gG6$&w;m_zC<Wc8(TY!rSNHgF+G(%a(74n-)PNx^Q
z7Mm|#;sLnxhH8gBSP8Rrjk)vk>Rqru|N57H4u6$bd6ifB-^kwq00960%`bh{03ZMW
Dc4s96

literal 0
HcmV?d00001

diff --git a/assets/rancher-aks-operator/rancher-aks-operator-100.0.1+up1.0.2.tgz b/assets/rancher-aks-operator/rancher-aks-operator-100.0.1+up1.0.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..50d0ef72c1cfc92021c8d98ed967d7766f8ccc50
GIT binary patch
literal 1643
zcmV-x29)_9iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI@-Z|k@X@6Y}#hzvu4+u5<xG#w1Q0bSp)8@6kUwma-_I24M^
z#9Cy_5aqm=1^M3xS&s9~ZF2AR(%TUJ5=Ws(k=BPIsc4q-6t&ML<f{TTGfH=FQl?EX
zW0^dA3kt(99Q6CuXBdXtpHc5JI*a;Iuix)qMg8b3j4pe<=nTR)(Y}XDGEAR^U#)A~
zxc?Did9DmILgf^D0Gt^n)i~hH7>R*UT~-?9i<}ITGKRM8;&YvR$e7`2s{oGLh>^gg
zncd2kiX_22hK|uCc3N3-mLV04V+?N4rx_W{TA3BaAVpq&ZvC~;YAO;We>~MOunBQl
zl0nT?J`!UJ*o4-&r%|hrr8B0eNvJ%A^FMunUN8tkpUEO+=k2plA|v#zHSG><okm<0
z7(>Q#HpUEd<FP{gu+%*5d8{a!uTc;NJugAxS`?-lx`yviX2319VWc!vF0kw(AH((E
zAE9;ud8x81ON}Wg?smt*q~$Q+Dq9-d-B|1^c91GHM~XfFU}=pnqc9A@Ao@dDIAh)$
zDF3I_8vmzEmPl`Q0PKnXVQ(<lj{p5Z{}lg^L1U?gOxn=zV(CX5u~M1`91Ajf7DK1w
zd2B*=_1>_YB4cB;4*(hqMZze{*@|b&WY{={se`d+1HrvkpPlF`EUdofYW2*LMA*>9
z<de36DY?0(7)DGIo`S)fQ7irpW`$%1se60(^q0rLd^TUBV=w+MdRzD(T%Gd2<Is<)
zgp^GY5-g;eVFD&acyPO-N(&k&H`&E}4uLBXuA7_#77Op=dcN_L3To!Ak`3BSHAY%x
zcI3tl+*Iio+&oZl!uU~W5B{H1lm%)EO!4KZz&`w6TyEq4Y7kwX@P7=N&%58iRAey_
z8W;(QW>(;b%({iA7{fQ+#lrLEa~~2Mi5#Kh5{2i)WeU%_P8B-fFBTP}7(wuZOCeo)
z5wzwO4S%6UZbs1gJ#{<3Y$i&==1XU_0?d=0=lAyXZ<F@mzYf$|N&ND1U?2VmS6le+
zg_pgn6aJ4u6Okt|)W`3GlDN@U&_l)pR+?04@t>+o6iog|bxR~e!xCngtpr>XU@P-~
zv0tN0iB-GF2Udu`YE>2#!%yeuKi5UYvT*=EofC46hU%ZDsE5_?7|r>&a4rQ^pIjp|
zXrDeY!&CcE7Kt7Dc~{LwbEi$`PCsam_F7e={Y`Xs$uLvysBX-9oA-Y>{)Zw@L_Yq4
zFt88*{r*<{-|K~gQ~rMxIvDLcf#T0@KeU8_!{dOG_<$oja|xDLR^b8cMyuA)L*?+_
z$W7IFbW<KtPX)(o&Q+P4UmURB`z`%?v<LsLD$Fqdn(LrF_`m4&``hRLMZb5#|1oGC
z|Ewrz1@({3tAF97cjweW_@M&1ovg8tf-{OC@&E`W^17!8P~9N?gAGxV8vvN#`i0K2
z18J3e0Lx8U&t6-iCAlGJk0^lU0;}hZSaI7HC>$FvwJ@_Al^gtQR;or+N3tjkubNR^
z=GXL3LcKB0Rc@HbQ8!EV+e4Eh*Lj8cys`e3ax8$wVm@yQs<kF=P{|2a&0AP3;#XM>
z8^dC;xsLl%%6laRpT+RE(XBG~8VRfD>In1c$}3B|zI%GQf4+aX``3@nPXN`0gKI3+
zOK94}>uT3!JRT^7UX*fscYuhxBMrNyZCihOUCr+{ULj<5Gf~xDTg?PJN915WDJUf4
zxVB@bN|qUZUrmeG)@UVH&9y}63O+Ls1nN_c2@GdW!Mfs-Py;F8&l*!kDST3TLXe`y
zU`?#=R(Q`$8bcQiZ|>)aWS294wd$a#?p#;o{Ancl8+^VqVS|;*p;Pg?M2#%D%jGNv
zqf6Xty;jQj&IRk1CJHG(H<iVe!QXC48kVMV7)Nca9Lr<h2WN!fGHq*8eTB{Kk!aaC
zlM<8a#ia<N(v%uO>81Pc9$$BCF%ey3_e|G%SZVrgxYvoJUC17w*;Q$q+q8~I->U>;
z2>W5UxzcLJZMy;wVA;Akb#8uD+LQm)XCZTE;TPtB`|7{wV!Qr}qN~&W?@?&uPbACK
pZ>w6`PXAu`4^B(o^4`{+=tL(v(TQH7{{{d6|Nl(}CTjpJ007@;EU*9o

literal 0
HcmV?d00001

diff --git a/assets/rancher-backup-crd/rancher-backup-crd-2.0.1.tgz b/assets/rancher-backup-crd/rancher-backup-crd-2.0.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..2df0ca98c5d9c36fe7c2e5bbf2c63e8a25896a6b
GIT binary patch
literal 1702
zcmV;X23h$ZiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI>{ZyPrf_p?3);d{v40otr&#W@HFF0SkrY11^2+`JS8LUBhD
zYc9!>T){%o?_O}Zl2*IiKe8R$X?Of!EXn!t&&+UUI8vCC6{!9klbb~LiHcrMR#=%}
zgJX8`FcgMics?4X|HCjW{tsUb2PcEkU^p5LhXXrqFghQGCn$WN`D-cB2CI|s-g6Z<
z_mvRlTo`Pq;CkFch+u=6SOx?e!yusIB>`pVf<iP#nXY(;t!NYhAEQ&F5;*k^;W!2@
zF@Z61jeP}LB#MCU>y0)Ld)X8)z#96NeYb|3zV@)BpFn9U_!zB+JuKz!a~OodpcjEA
zib|6<z2n+o#xyc3K$GdEMhl?|utBeKGP98|Mp#NlNqTI(_2FbsEzl#$WB&$X$*=+a
zGCPg?UIh*Ie|~m8EZG0+@a(L!|Hq)b@nA{e)&RF(I=K0tw&u4U%)#J6?}qYdj3$XT
zBA#Y;dkG85X=(*A7#v}P?Iq%j$0?5vc1FIp>7JHA>_{9%DLZB#73BuhM6e`wS5Y5*
zKl|y!M{HJO6ljA@q62M&!b^BBGTTFFJKI5%Gg567<;w~rx4P?%gdE83vjxC{GO%3v
zHCUrD{clp}W*iA*cQ`XJ9}dB$`<_Oq?coPRL3#?;GzM*OEOUSt%lzIVY@lLiL~th+
z{mcLV{Wh@U-@G}U0**GP|M@kDL2JCsFLjpk`Bu49B9UX{Qvt`EN*W=jT)BgjEK!*4
zl&FW0Cc;8bSfWkpgLE?A;W`wz{xSOF&mKZ+%xIJzhU*j(_{GO}pU!4v1u=Gw2uUTR
z^>AB^6erWpE&0Y+0#4K>bt@CW7j!uTqMRHL$02m!f$RVz7O4YrEQknhFy)jl)7Cw(
z?OD)e0j_Y$dn%|?>t*DW4Na!V2$X0@9pij2lUDN^;O;;YZi>^#l+!qg$7tZivlqZJ
z744ohSwWPr`khRa;JcB|odZdfU0qIr4kUMrV_8N;=rY3<N{`Wtw=s=4U9QZF(!iO)
zJi;nML|NI*Q>D>k6rvFQ*Z#FVvci>CToO+h!*d2>WCN>0XO&{6xM$_I2Dm0jOY?->
z_?4@1r&}TlBC92sRU6E`z+8}dS47~E6tt|pM*~bQ?hLUIECO|BcFMIi0JwfXo83?w
z4%5Y^9&IiJ1I)c+6f8ZO*>W|mTg-n0V!Sp{>QeA~LKQ^$3H!yXt=9mP`GOX=_&yRS
z?yz!adk<M;p$1})<<wgh!`fUc%r)KmZvR;~oV11cSz5<_XNb(V--%ZN)>T^4z*-ho
zYgXftTMNb-t*pHwv-D3XygBIEMuV+Y$O>!5vD7PJu1j05WaDtVW4kC_QI%|Bu0gFK
z`VKfKub-)L!SxQR+OZ{Zj8*B{sTl7ONTF$$XRinQuPjq=ap>B`6>h6J@nt*6TAn)N
zdR|nU|L@{!xYv7NL;nA2a8}6whv8t@<^PXDUoQX8DNp?)z;Q`pF)!X`iuvgtH(j*J
zn-YwHn!*AUaB}G8JuyLbJdl$|h12qSG@tKjWT=RfYq%7o@17o4UF|>iS?Li|Rru#h
z-|X|t`-qVNNi(`f77E-FmPGIa<&o#aDniAEz@;I9tBOyY^*obROkoMP@~ER^cn-`f
z$W{xgkH2GV$m;4=D$v>&)H|v?spbi?y+dUVhT3Fx$X!bc8&R1Wwgy^bmeeh_VZTSr
z)Z)?M5YMMKha<dkd+WLCXGxXey;Zl0&F9~&n}ptYK&_WsvE{lvW_!cm!Q6JdPk&=<
zZ*iOS-(e?t_NU&=u};nZ5VChhwf?Wj+%NmXF3;+yDgQG<!F>zBP5Iy1s8s(Qj?TOM
z?=k3$=6_as9<~7N)O42OrFV{-%T*5hx%S4&t3&#>T*b|>Y)>Q7-=y$5b)qWf)2aBL
zXX*7&dad6iBVgd3$3<dhU=O_H{bPKaRVl;PZ=~%j!Iev+OD+^#Ddov;s!KFdCA>68
zix+GkR#%DaDv>4XDv_lC+~YZFP>wA`&b&`$T`BSy-hXr{@;<e`%;`@=EE%L4(7rU;
z)%(6i^5lQhtBcDYuYx#ws5zQ`|34VMF8=<1@M_fMe~&@`LQ|&!S>A&t)5~7(V%JJm
wSQ%ti*jQg)_~m?}Awu&F`h2KGpM%cmI_jvSj-EUH6#xML{}u!PeE>KB08JJ~PXGV_

literal 0
HcmV?d00001

diff --git a/assets/rancher-backup/rancher-backup-2.0.1.tgz b/assets/rancher-backup/rancher-backup-2.0.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..4096a45203f05a90c229dc8c3740ed394e4ccc80
GIT binary patch
literal 6879
zcmV<58X)B#iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKBhbK5ww=zP8U6<tjBCfRFJFWcGD-Q6mW<DKI(nZ#vfGIc65
zNgxuEu%-Y80Oe@n{P$CMkOW_nUy*lbg-XRD0dzNj?na{lG&!Q-9CLqy!izNN9?ub%
z!3r(n@9r=4dcEG^{=WX(>-DOC`}@y_-}U$VgZ=%%@SxZKuGio19X$UIdiO{}Yf6Pg
z{JY+raa9}lZ;}wDOd?4b6{8M7h$M>HEC`X5F%AgpqEs@UP$5wqkD$yhe#oQ0EszZ7
zja5U;C7BW&<@FkiMMNYqTKN<$@CeRLN%&r45REldNs*uskHEb2ITkGCAr`(^35get
z)tDGTOlbPKF*o6CNg^!#*^-YS2UwH{@^@Hvm;FW{S^q3C7lhFfJo)?I2Ek#_^LtO4
zE8rL-fo<c<-P>3}ge<`$SRjgKc!8;GEG1W}P#C8|V(v@E;>Kbr@k6#q7{yf9u%m>$
z&6=?sbWoDykAt8W^g9t2At#B{ug+}u0h*AQ$Q4Ki3J|0TAR4I-m5gJMbDWPcN|Km_
zn)`sKloC4Y05A%OuHeUXf;q(!i>w_T5-Ln{DHAd3c0;ABL}01byeb5iq8qar6J5)q
z7H=Syv(5!xT{0etQO9?2i;fS3PB{{ir=d(a?lca^vfTWK7TtSE75%?Naf-z~PXHVA
z|FFM*Sk?c-{{Bw?ZzGWfnqj5+IZl`$lJQl}_Z1QHS%Nu|Olfh6W=bh&Ip{ok1TXLu
zrLhDtgh?7+U<p&kK~*Dk1}Kifz=A1>l|XZhB#vOR()yqcj~FV-Fh!GCO(Ihi3)}&C
z^hg1SFqH(wV;piUU!esCG6jL<9*8+h;|L~3*(gy4Hr2mPVF($Oh$wXfN5706U?MQ!
z-!Mo8hSQ^;;GD&H4<bgNNCh3_oCuf_97jr{Hjps_&uhuDbC%BMc&2rUelUIJ)Sj|9
z!rVS!8YPS<4PAOXKC&+e6*x>ee)DoXz933Vlj$n!E;TwFPmS6fb-Ne2TGewe3q>~-
znESJoM7WzM6(=O7(qFPTU0~5w08Xcn=Y$xD$OdH(vcZB&632F60m0eZW4I)84hxo2
zd4}X1x=X~nF_~Dl5*-KR2<iiEhT?Pz5uOsNa4GgcGkhE)Axvle)qVB%yoMeq2A=OV
zRr0(&xSW%44iOOwrGRKf(Sn4ajR2+O%~WKdrPNXYPZbkIhS#5g;&6kArg6Lnl+}=d
zNN@;57+7HVGn_Lf6!SUI3e1=X08eMhKuv^4zl>E25RDLzfYA)j4?mvlY2N+6@H)YC
zEKzvzEC7>zj;EOC(`3Vdhm3|ek)mtKZ5sARp=yKQ*C0DkYS~EjY%xA7mck{Xx+iRp
zHg>2IcY&o;KV5Kkr~pma67ShYD4QVzDiNPy2?!FzB?;3QaX5Rs2i9aOiMTCmnxSBs
zU%6}<=&xzK0%e~fLSgLCq70ZgW|zudA-^k1&)$mvzqU&!F`IP<z5ZXiz31Kjpqth7
z>%HoyYTW&zepmG@`5lj7@B`^|I<uHfP;4!68Eef9U~F2eW6$x72&vSx7JdaQl(8w;
zq{M9jop023KN$3aL8n7mgvU6>p=5jnU%qxalEq4z^=bg#{nqKA>6B0+S0-Cvz9b<&
z3PUB-3Z=Vz&_xnX7$<U761P8wsq}|T75h)(MG_;$m>=diRty}-<gTXR2K#S+FsRyp
zhx-Tpo&C3s^yQ0h=U4EIn)zU7qz~LG8V~%hUpuNGnL_Z^tPqT%%9fIi3M#Lba6;u2
zyg!MqcPjum7C3+K3VJY&YQH;QzI6ZG`GwGkUFIuCW1OHU%BNeU_>GaOJp!O~q1c0t
zDl@@q0x<6#ji_d#OU5r^h9UuBW@CzQj-xcjk)EmMOkfve=g(bBVAjhz(^r|k1Kc#q
zhYPF}yX&)1N?tF^Mz*fD0jE<ODueJ98(aM9b!Lo>z&rVrqS&i;O(Pk?&H<%?7I?A5
z{Fp5g#4&h(?FapRzvn@4j1sfNCs+h(k#4;L!4E{*pBl~tOB9r6%EAFt8r8LhT8H>J
zGc~gzou+ZT0@ZBobW$sPZ5afeUoc3X(omO|a5#i;j<|pc4w16+1zTX(-=OUYZQ~12
zt&hoq$ZUX#fTwod^5WH4mDTo4g2QJ)eYA~UJ-1E>MWO;;^mJf6uG&_-GE^%1)K9V)
zr_(9<tZgHw3#vV!{UC;BWi(kY1t6i;F!>tGl#0;=#~aDiWxWRZ_5UQi63O;=Httu-
z0*O(G!TWz6cpto*w}~wlj2b!{gr`iWDP;(q<9HE>x$z2(;L8^vG>p@zt#N@t-&QJ<
ziI)~d0FDkcjXug9Vk!?MNrl^UchQ$G4OOn-Q_3W+bV419ar8z0WMu%I8;4;qHnvz}
zCuT<7HM_CeR=<%D;}UD{v4XdQ=9XwDvR>=C?a*xW^=qfW;o2?KS=mESYH>*xstbN=
zu>vwCtCHYU;LRQ4+PSYBfxTwqEA+ME85X{QYl)jDhTeS$ndvOGM%SICS0!Lw(bijQ
zR&7Aj#RT(>8Y5YT?Tv`M%5djT=NXy`l@Dzd{pX}s``=nloW*!TXhi7j)?VQa_J8ki
zI4IlygWmJr;m-cwM!Fz08o{v{>~j|5@6BMBc7ON;g#k+CoN@BIwpW9TznD3$-&tUZ
zA|%nM18~DR0_+53oELg_ZLSyRv+xyALL*Ei>?;T&o%|DrQt#-Pri@Fv`x-PgDSJzu
zv(H$avh-^`Z?PDk<Ed&wtuJ%z*+v|S7KC;HP(ps-EKSyQ?Ur<4tNceeiP>s_>D`Y5
zY+V2E_bcoF=l$oso&0YjS(8@H`Ps@`3<K+l&tEy7`aI80*;7Pf@P4Jg(qrumgpkoG
znWY@VgvmLGp$2~TwzMN;w*ac<iK}!_k_e?=j8whI+3{`)=Q<*N4{9mFp{ku()&`P3
zDe=+)y%u<V1yUe6G-PJdYQa1GqEcMKbZcCHF}PH!92PMtoa699q>HW?mPX>KHUZ&r
z@WxUZe2)ayJ3(Go41J+ZU#(ocXBwlJqrt(UNEZc02Yj*&uMa<2hHD{b1Ehb~CV*Q`
z7kMWaZnBy?yeQe=DOVi1xuPR4wu{VmCg%C5_=RA&%Lk`h&AzWHkTKC3|DS4~Lz}J}
z6nhQu_3NmXEzzuo?<|euGZvF@HG-q~60Jm@kLj{tsf_&N|2jH<^WoLePbcHEqvMl2
zKX-_&5#bWoPn(pRQ!GRH;^ZGkKfiqQVLbfs{n7D{Kc9UVzj=Lr^ux)Am#>eH-kiRE
z)ks4dtCW^^L7lGBC^m6Vv)XN=`t0O<d^&z}^6L2H!^x|o?_Zw0sFUkCKz$3;%Zr(P
zs-F~V3wJ#7UEC3P)qPygL1G9>mcHHJ>$qS=eS~WzwPfV`W^Z-9;~0^}$SD92s#lvt
zHD8prc0Jg)rJb<6WSd{IfTDM}v(a*axCm82$^Hi|;x@fn<AoaRY#+|i#o5l>UGTX3
zeN8h`o3FYAznyB=d4Agtd1wRa51v}>|2g6jrZ~EXvtS$S|HJ3C^S_4&&v)zptt8jt
zo+$gYFuDJmP3~Z8`-y_)3v^SXdkuzGd%M9j^|B3tIb#>z2ofe_c8+<^Jf+EuqX^fF
z`w@<@#D1b}6>kLkrAWgN;|NE4Fu_yCv9Dk2BTt0U+~`*{v+49DSr9pbe$7t5z3tiF
z!v<EEYLk&si9gF?V&Ew~60aCNXH1Sj@)Vb|eioRIpx^8D?0b%tP{_<wdxe+!=yq+U
zERou{q1d9|OXo~lfV59I>nz`r?R%?kgpzffgSf77Z1=V8shf5yxl*oTE;ks=r_)zV
zo^dS9neW^ZVv7Y*;`+|Bu)IC+eCqAB$Xc=Sv<IGUyQ*Lr(e9I|H@2l3TB82{@~ekZ
z$+Rh0_OiWU7nuI)*@Jsuz27>%@0ZVyXG*2wp4;h{>+6?lpRV=F)_sxp)7Ag(oygPJ
ztV8_V2`iNBc)!^Lbaod~y(`Ovutk=bPjvPSYvC{=^jjUIC9DB(!lF!B>p}!qfUES*
zO9igf)*M|d@^3zXcjKXKZ(zqtnw1LA|8@NN>-Gn3-hIW!hhl`5t&h8m&h@lvm7h!x
zc9;DLmMG((GZu|4yPL^u$3P{6G2vuMVmx#2ILw)luduvi{G$Bw^z69&;_UQA@uINj
zjNV9NJc1`br9z%NM&J|entrKltx`E%=7_Fzewrk)zF>x8tJ4}mJ~3|*ow=H6L8vi(
zO<JJOBRD)b7#?&0roza|J%QsGMXzbRQVshDiLo)%iY_Vno_u&>{LW8mtV>OA6FRG@
zKsyk3XI^Vl`TB^t`v027OU@}ulAHtE0C>i+$Q!3$876$QN{U9GQeDhGotOu`{%c+T
zCnCA8Yhau1|Mm|KD(nA)!~Sr${@+I0vho(m-SqZ4m8pg5EXz0%A&QZ?o4Qk~-&(0Q
zy6m4+RqjJG`!3Z|yZ*O3sP}+lll~v{YWn}+`N2;AZzDCF|7hBE^ecxma?|LnN$_tp
zMO1g`wtGSYg&`K=Cl(dT>>Q)$7fvL8O+&5z^QF7dm9=dy_iC*5;c@&a#iH0lwVRx#
zNrL>2tLMMT6oS&7$m0D|{7IkWE#*Hmn3^uP7MCkpif9^KT+L_ED?b&5#a&7R+r3+<
zpgQ^2g1Ot{d+5}v|FaAy=*ey8gH7ju4-PB(f6!OiJN>_fRB{G3T*1f{{khE?<0h|t
zm0Ns)WhZ1*au&y!>+91>KNhan9IIy!`gtW!=Lo#w1gbq^Vo-S&msfRC*;{iq0+5&A
zD9KjLVx)DBHiO}Dg5-P;9)Ez*-yqN?Ztz3QCgAA^72Ry5?y$eF+M}rH{@I)@)3c(P
z4<2VAur#2Z`DReN!1mCC?xa@vFQ3r66OIk?KN$A*tNZ_l{oVfmR#N-%xK@+T9BR9f
zjn{Y*ZaapaiG=k!L7!6G5t0)+dts@r8FFF>xkRf@X^b+XOEd?5QO#(n1M5S=eEFhH
zM#6Cf-Y;`ZZEOo2J*OdT&3NcWt=R(vOB9pBhHpg$i&RLM;4F4V<TaD*j6mtsSk^Tr
ze2saRg|bo2x9=V6uL8ggbyI5fQKbn*K_H?iH)T9OVxIK`TO>%5NsKdN7mz3gSFyo|
zvfP-Nz+WD?SZXw@cA7vu=3N$)N43+wZ*ON2v}bKAvtr+}jX93S78c=zEStLVg;Y~(
z1sWNmF$j?<(h{FY!EUbA-m9hc!*2O-_tZZBmo~reWCU!q|LgbvdV^j3x2>f6KBRNU
z+jNy%E4P{Os}@a(pupMoZP^EQPbY7N(SZElN-MR>zn-R$#Mu_OAM)Ft1>WfY-QTaR
z|9AU;+eweCxXdIxjWLC%F=NV%@YbCS^1yRWv3TIAf6tylPcIrCnHBMrr8H8j>xhKX
z$q;IZY%;xOk3-kQ{`Jgm)6J?nZi?I1SL&r+*SHPJ(Ql5<POb73PDwI_ITAnORfg-S
zWMjSXfZ&-e_kSwnl!{26x|lPsLDQ3UW_;L#$M`c5Qm78MFiR9Y#h>ybx@jd!3j6dt
z`*nQ&!UVrr5FrSi1#o7<Ls)%ag32(?u}GLc7N)A$Ff-=3OIFl`IwZnm23{7zX>IeI
zhliGtKXR(*|MQch7eAc@i|9UaY|#IQ2ZvSv&v3uLi~qir^r#YWz0-M<OKRpLxNA)B
z_K4m=r(+^(zEk?)x2IWv%^8vNbP|MY(cKV>_?Z*)Qm>oIB0FKBNr<pSBo;xZ<Ezx^
zJbLs9e!vpWal+t~PFd&U$Bz>v<~o9uhNc6>WrAUPqBZ8YQ!7oBy`;dEkeyn6sqf*I
zk!7m19#y}LzS~g1r){zC!8b<?O;CAlTCYR57S$RwwT2#BkA*qh_-2k_%Ho(^YW1&!
z!p3^~F%yR^t6nFFqXm|ji!5wYg$OeSisR%Q6P~*~OtkV*r*j2o84LipGJCEsitzO2
z#TDdns;@d%ex974rRS^871ZuJUx8|<xpiW4p_IFUU!edh(aexqg{Lxf&axNugPzaB
zzOLptXRq?!#ue{S);Co@Pyoj%=W3yn1&9-Ak}xiX0-*Z#CqhqO8;XqaV{tZmG_T;*
z+PK<f2W0?Ss}KQ*0@Fi+ViRF6fbj)MoUqzJC@>yjZi98@QMf@_qY7Zwpf?3(?bWpC
zUADVqaDi814?dcW{vYw`qi*a+v$>(4b(1}BU3;^uGsW+lwLC-=CRl61TquJo;@o$7
zZhmAahVZ?Kss8lb^$?DSdqA1A4n_4wkKnT^*piFW9W@KJQatx;ey^-O`*ca<oKUyc
z(`*=P_#AiRN%m7wXWNo7rkz~4u3oQwd}K*D+y_iU7Ac$bNXKkm3#~*~0k+N2Xt-}Y
zeyPNQOtYEm$`OI4^DssWSOG-NDHt%vV5-j9x-_0jefA`g0x*$!<}3xGHj&vRD}_|w
z1I8gD9EUPq<@FV!v$s}Uj9AnOBEnqa#}Ob2AFG%6KY|_JTu~(~YVC%~>5($wR&3QE
z*(l&Bj#uSK;IfIvEGoMW);hr^d}Tw_m||dEno4I+8alus>ss*aDIGXBM|p6h19fMz
zQ-}Zb$XGr~317}JwNdq&0--ysSqd6(b-keNCg3ZfGaoNWsMx8Cgdj8OCoIyJC%cby
z@Yw?Hm#-R|dm;b!$aL&nAJNFUqX}2=?l+Ai4^?oFt;t|&q=-u5J6LSn);j5qoF~b&
zk-92`E2_nbv`|at&G`#)XLI#Y$RqI#1lA2T1}mL1zA&B0s9AT*Ig-wjIkVhE07tQ4
z!0$#xS8|NI3#2UYF8+*^#Vnp>s@|E(gwBEmqGXD-=fEmnMPzPLtIqjZ-;B{tfV!D$
zugx@>xogbJHC3-^m1@E$DcRo@%4myCypgV!ikljxse9-(pPMS{f0QV8LD2%=qYq%i
z`hU28So{9l{x1I8cGBAQzp-{o%l{B1Qpa|)Q>UE{n^ym>hhWOtLKPHw&CD>?h^%?6
zCw$3ZL1tXpJQ-A7n^D~0LD1S9A~Mwn%w)5V;UA2{!Z;*Lx^~VkGqXT7Vv3P!+n&|0
zk^xIOyi@a4p=PtCztXdMCd-uVau9s(VwxFL>iMAiEGTtorpFDse3_DegH5eveR$WR
zw{PVi(dX^nxQ5*v(MXM|s-du_iT*&7({s7n(qmZ6NZELpS<~d2_|zgFVQu2ZdFLxT
zcZQUGEA03ez$YvClw!Wh3_^#3qq9>zCu6<`2?{SXip=X=Kyb}tiTFg7n3CAUFcxTu
z1rV88ws~N}sO_voQ12|unND44zVcIu0HH7*`py!Z>8rV>lmL;2bF~~e`ej^NY47Qu
zggW7_vTHQ~yf6npiX)JF`YSt%ny?!8zS@dCn54>jz+7AXNC#T8w!P+j#n?;CIf?Mv
zMT$8bg;6-SZ8eZH^W2GwZ%kdZt|Ls}o=QkK)+1|4x}@&$Q0*#IvuZZPdob7M>KDr9
zv}Q?!6HFsaL!y`n%S()@#U-*KB*IzAWNu7ML%uS7V4WX(ihBE6=>e{zvzYG(IE-qx
zGXz>%R$XK~<$TplvwA9QyM$VYIQT->IcB7Zh+N?rMGNm72{<Y0D#^n_7UJJvPfH{&
zL|4a`B|6ls6~L~g!H<wcN*(!D(Sr|18TpD!^zO~mk0$fuGee>Y_AShMMt_LuBIkRx
zT2m~R%Y)M&`r}OsfYSq3(H86TAp6E=CS(da1r))Yh5F-K?w2+4e4_qI%$NFeZ9do?
zJKdgax^Wt0v+FG)Ia}v*0Nd!%mMr*}GT-i;D)!$s4nL!dn|>d1<NklY^8KH|;Gn<z
z{?ArY?JPdQpCzVxPrKOg*B6348^S`I;~D;(jKB-LPB}J7o}-u~-&cR^b*gAC%G>UZ
zpxdtrl#9N1E($#M+=E8>m9Fa5fX0X_zNX7JnmRY2YILkU7*QwAiKB0*YsdTzP}<P_
zx5nHEzY-Vc_I+N%{?O9!pO<c~|M7k6|K9V1>iMt1!C-g(Yb&WD@A#W4=4J(iuc37B
zYhJ?Z=cR9>+wp_xcDzx$-dz5tF}~rYuucBI-t+4H&tY%4JO8tlbe;LWnA>ZtRus}~
z;a_D8>YL~58WbVNRYStzd1FXq7}_w|v*XTnPsl#HaPm3fSO_=Hb@r)6?SLpkm^)uk
ze8uD`bwZ<?!zS=fNB**b`3g8jEDGIezuVRbxf!hFDfWK5y9IXRj=K&<qo5Zkxo2cI
zRDVX*UcImBzlS2|I{LUSBr_ua$tL%Sd^6VeS;A2B&F0*SWIVny_}0zCRbg88QJl<M
z&{pbJp?|yO<t;SSJr7VD$yPtyFTHho9(wZHr8}pa+kdkQyoL2&Z)g8)C4D2Eub5<w
zelKNjX_+~@zz^ixQ<xuS{a41^H2yc2fA=8Ua&R40u+jg&|GXmq`_G5F_-|WD*OUL7
zh`!4ouGPmcu)jdzoX|`TTXHL}-N)=y!Dru)R@W@e*srN#){%H~5Vxs&<2uzI$xP+_
z>r~#j7;hZltcQ{qQ8REtB8eYgWf_&nh?6DeHkwfJIv=Tq{R7`F0kVL}-b0JYA2!`w
z|7SI_d1dnquu1<9tMQ))2ZR1#r~kK+swyZu-L_@ptjbg^TZ+|U`R3w1Zd+a#$2T?H
z>iw}5OLZgK`&u8=_^dvY-_#X-jS+lkVfz<Mx7PnR@BwVv{}~L1)%_neCG7P77Sg@#
z|5%se)%(Q1dLQ~%?^A)f`m@H5sE-QY=N3_cU4wpHp<=uHL-)Utv$lD6*~Mu+w6pcy
znwvE7n{L(Q^wg{QSMSZ&`}A>J-x4_E6F*hu`PMden)}R^y{q>LXaB^Z_U_xD0HWbM
z-aSq0X46v{d+w^;l2BU6BZ*>G_5joa^3(}!LeO0fTWG|eb?C4kRZh;~l3idbZV&mr
z0r2>?3Po`N4I0rYL^o13Wq*eUHKkMQ`nJxhx)rM9vz||J!Wy`$ImA)}7$<1c<DHeZ
ZOS`m7yR?<`zX1RM|NnnexT657008g?x(xsT

literal 0
HcmV?d00001

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.1.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..4ce92c6c0532c56f0b382abb37fba71fd1f9d054
GIT binary patch
literal 5106
zcmV<O6AkPiiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKDLa@#nPfByaIDY}&XR+1@;`YoqaH(TX#d|SSaGbuZ}TT|IB
z2PRt*RwTdxpfx&=-{qd=p6m($Nl_GK{fI?7Gwe#m6ah4V20q;lfNToF+zE<?OJ(B*
znL7!Hm^M!*L?~xY0{_J$P^;By4SGHEx7BLp|F(Or;}`8-yVGy?`n}`!i&nee?et$j
z>oF?dM3GcPyl8!MUHQ&^Cqx+IiYUsN9M%9_qKMDOj!TsC(V@IaBE=h&Nkx2r2!+$7
z;R^4^fGBrT$iYRS=!l}17B9@^Q5pJV-e4raA)KCH!B0sAh52<p84?$Vpj*R36hv{+
zkaMXpC@jL|5PZs_Ukg)1!EdRDvN66DhUX&9as5at6w)P3HgDU7<rCT5qL7rcA-wwY
zkI-=jPOH&+Ra^pnBogB;7s|G<oSKKa*S1X!#kpUYEusyV2O($3)H?Pgq<>G^d)uy&
zFwFdPTF#*6p>zcemAUt6f=ki{WaP$22_j;QvauPrlsiatBSF<1jNpJXATW(?P%u;|
zb)#(`YSh)-CrX8K*lfC5{YWQnv6+QZqLNLYkGX8>252s}8;-mk*QPk1apB2ft&vt*
zdq}M5Aa$IU)2=-=44;gO_5UsLBb1M205<6VPHWK1>;L|sTj~EY=q0?v5s7>ScFbYK
zMKNTY+DrH}p%SPB0>7MGyl;%S2#8YX!HD{(GrU9BCj#M?2x=9B;&6iyY5;pcnc^_#
zkpP83=o5v~snuve#%Qb$m5E}}KLG@WTvElwJjHP{tA0!-MaHSJf)xE%E@A7LB)J+|
zF=e>4oQ~7eTsY%55udN;5KtkwK(CQxO)r+%^}9}|Rud?BBwUn3xVx_byo7%sL^2}2
zKL>#>4+3N!Fs`(`WQZ;u&B2RDCM^wwc{+oS<Q75c!614tT+XCRc_a;McfzTQW+2r>
zSA)W_BS(D6fihQUt0Tdk5a!yyLKzjVH8iqYDmV*}DG4*GCg4+TQ4H_2DMuh9ccQDm
zpp0s5?7;a*k1co{W`r&EBvUM6wztYOZp3|`&nO!k?mlHY3-SIPNs}Jv3K+U5B@y!@
z(|>^hH@!!2BjL~CMi3*LkwO8l7NUOT#7qOKjC1o60NgMdLc7%p;@<%VW?0*uw-+?-
z;@1e}wk2wedw7LDx_Z*;(XA=&>)B~sD){`bT8)fGlu<Re$zz}25I=Udl#h0bS+6C=
z;w6r$RJxLS-K555@`EvG=AM?gtNiuzGtRJtkWNcaM&hHe-LuBq8^VbA5)F86QJ9v_
zh+uYD0#t&!@*@{&2ya_&TYp?*`8%Xy`=4s(=Jf>q5QTJ9xVI~?Y5mt}cXIas__*Dv
z?0*?_ch~#@&X|k@Lb{^TCSIb|(2@iQS}n|H6BGzPH1F?gcXthKohU=7>xEKUvJQ=V
zZQyhU=h7~3oDV7A-%^`aFIcnL!n&w7hWdJ`BAe+t=5Q@yCAla?N8tS3dahQ<CTpQW
z<(d`?1!Zak_5UxM^}QINFERa5U+qP%N6jB<|Dep{Gnwdhm{H#c;(4if6roHR6K>Y4
zpskENs_85@=<`{8J7a3Jxt(z_^*Qk*xIFT8R*>!ly~s!7H>e4hnB`bo8BLRTtrM>^
z%x#|<Fhy;XvI}Z$i;U+ujLYg9I2xg=hEV^&uj2ak?bNq}`q|fr`1K{pJT(&jn6yd%
z8)t#Cv50)!cRjd4|F^WxU()}b)^Y#1(*I>pPH$S@(1{&Gi~2@mX_qMAOuL$tjUAT@
z<kE3@(7bKerj&U@_{hBro1+$>A|6phyPB(eF(LOFF|Rm1-p#waOIL?0*2RJQ`<h-=
z42`!MyWPggH5-uc$qo9_-hkyjyyimv<d%>j_b#lHd&azwQ)a#62871vb*YSf;8b7z
ze$>?_{AV_Kscf{J{vJwT6aG7$ZVvzL&Y)M}zYNNwdl@n*s!y$>a^(`X*p*+!cRWW@
zgvS2ON4v8w;<al)*<aI5;I!s?+iCZmR{i&atnY(%#s8oz{8#6HrO+YpKiC`pg9`s8
z)AsnssUF+bLGa(J?Ee$d<KjP_BkS>xQ&~9x&xy9j|9FZe;=kXj@LvW!F8<>=vL65A
zDOUJ@PP9G#r(Kz>0U8q`JY?u?rwlgYzn9<t>-M|V^B<+q<Kn+)j;vP()9!=LK&R#O
zD`jwC+7JIBihxQ<Z?`%V*o^=D`oGuiw=4XYL5IWtVvbZA;Q7+__!m=5&HxT?{|D{L
z{+B|Ji~piIvL5}SS`0in?T7z^+y73tvj3&f;qbqW{jW5@Q`0{9FJb*ZXjl9HrO=`9
zzs>r86Z)&uz{Asi_%Ff!SI>W!LWjfuW7z*n100%m!hdJK4S?P8-yIxR&;OP}kB<M<
zIr1R<I}hUjZH4~>)1LU>$pP4m|9;;7ciYwTf2Gg?@xP@5P-%dtq`mOJ;|9PU_W!t5
zJ^xb*9Sr|lZU8)p{_6bi;It?H4{!em75>Yh1LFTN?0=;J4osWyukQ=)e^W514fyZ0
zTlwdITkU@3|Cd5}{EHjnIwVpPF6e)om;asVTUn$FF1e3uUI8LrKv_*hKE^N7l92vI
z@F+~*%xx?ynmCG061iuQX%TiWot&~LH57bAeJo5XyeTl`LfNES6gP4RpX;tbqOg7h
z^(ge>D-V6NS0PdEq<&N%qtZWT_9xVRDpmboYx|iG%a`jbe6Eu)l!n3Lz6qJ3(+cq!
zXHMI_TZ`hDLPg@{Y(&Qa3A1uZQ(yh?YUO3{N0~0S6ldSzZ25!DgZ2EMT8CA%KW()C
z$y7L;{cj!j^Xvasr(3Q6OQBdtn^C?XVLl%0s=|&V6g7&~=`LYB626NNl$lk=$CxLC
zDAF)VafDt0Y93+@^y*;<zcq}K`VV_tXwM+y7G;(oCM<!@_varsW*k`7oh)y?5XtXv
zu9QtHSjjyo&W%$!ggQ=TlB`woSof+vUbN1{`|IkQOV3xYFx2_t;ThThTbX=oR#BVq
z?_uckd4TL2!hvtVfA_ez;{W%m_y5YFEZ(*MvGCj8r6a$_ZOcT^*#-6hekMrIRv~&G
zJK#^!z?e^_cbfbqmRmCgNSbM`QQT4&Ph6KrOnq1pS|iRtY=)%$oGC&Xii|T>C~!+Q
za4x)BlKI*&d0P5+cWJ06Q`pIb+;tXVMB)B^_+VB=#&CcCYPlsJBj5kXed^AKaN^I%
zT&C&9eO`z()2k%35~P$0!G;{ov?GpAm5E4dCzK^*x2rW=ot^&e^8C{;*H@<}AFj_Y
zPX2P1sVa_K_YLyPh8tcM;5JRU{&ez}!sa|si52}S_n$xf{L|ll{^byTi~}2Q>fcfe
zw(VNNdrh}a&#$ge-k)85y1KqN`*eAJdUgHr=gUv4oL_C4C$ApjeRcNtGd(sBwm4>+
z1j*gd+_MiSKfOPDw++W6+*&3)risW~hu`39#1$4+_5N>HpUy6?Kb%|?4|j1W%S<TY
zEZ3D)pr*UK1}Odu3H+4VA{O;;z$o*ODQI^VoR-2Nr>qt+|MQ<=NUAY`rjtstOct!O
zt;y8>b~#5Jo^1{1Boy-^OB$Sc|5~yEpEG$VbN$GBAg1OL|MhLo2Kn4e7!TS1P5vK4
zHRED>9U8rUO?;ov^#8kfgPYcW-G1Kx>vji~|5pm-H}vB1rfj^jk@vwSSquNb%FxUa
z{r{d}9YgLd1yl#1Y%Ea5yMyKq=5N^f`Dq>|n~3MOjJZCumrpJ0=SZ9IZ#KPCM`77%
z-Bt%|z<;~D691*wuJB(D<?(-`$9sYK|Kc|VNH>$BAxRA&_x&h<`UL&Jk(1_x^J#qu
zA(txoe$<iu6@_C#JY3D*u!k)T3+DO|%uN}&E~1Ct5!~R23v8I%=CFoxmg<e=Ro%BQ
z#suoAp^_EN2krK4T&EeKSc+F?^}Rgr*lCNu;;?>cmdj_o==%C~*=o^TmaJ3g@*p63
z8hozD6=crApuQ|Mdst?=r7s(y{{QZubrLBa=nPj&qwtAOk^QqCe|zFSKFTm2nHZbX
zh6bx2ZL}J?*bQ-~d^CDb1FDAb2mYAT9<)jSn*+XY{0`J6{ePT){-=H1KCYhsDTN;C
zFgLqrM#9ipUhqBqeY>I(#$Yh*HfFz(SGfIX9#2V*k8=l|_Ru=Fx=n7T$J>u_wEYuh
z9%bWaC6t@EP5Sy0N4g=2bROtl4PbSw*9%@oH~&Ug8QI%%%X)sP=!%`)WqqIrXsz70
z9=V72vJ+1Q#cmy2?@8>^!^}WEFa+^uAMHanTMg+0_}`@eGv|AY2=F^vgN^I|Rwp0-
zv3Fd(|6L00{`_ZrGP^$ddvfAfv^rQlHFlP3yoso<C>ugui3sbdbDz%5Y)j3d?o&(f
z`=;ITzk3AuJ@7y1R{mcp^!WH6l#2gBh5v7&UGQHV0ruP9|LS&E_WzHo=ReA!$Hafp
z(@E(|V24!(g@I?ETDIQ<?Ti2H3t->+{#UoxT6zC#P{n^Mg$|AXrN<r1(g2xCpIW}p
zop!;$Fwy<{JK6ph+u*-*oVWj-e&zp{LXV06>;u)w9EqR1J|yysg3dm*Sic+E2mia+
z{ulfC|AXVo|1X6Oh5wZ|FUryYmF?e&cE|s&(O<X0f8PJ^_NwpymqR7k|3PW!uh#xM
z(?0m$E&A&|_P^Jv;=h(drP%*6H9%$mccLBfUlalMo8v!syMvYIf2;WK<<KMJfA#I?
zk`4fhBhNmybe})%jsG1s0XE{lmp}jS^*dGkr&8$P_%H1MU|sClr<U;Zrake$(*po|
z+5ZavrO<)!U-|<8#gS*9TDs4l_QwCA?SFOtR|*{*|4(86t6hMtX$Sn{RPOxfzoAX|
z?;PjjKeyY}_utE*$Hadoj@f~+u4`&L-;I!;G3|i=@pQ}c{ygo2|918Lr&8!K@t+A<
zcwqdG%}LaEBjjgH8}Ywa#E)g#g#Z3Z{Ks~;`u<Bfl#BOT_@Zkb>Dxzo-28%UUjICP
z8=l}T>|7t8dW;{UP58ehKJ|#g<i+TQE4F^_C!r1aZ+BPXKX*EVYX7ekdTAonjbN<c
zwT}#5`<zds5b6)TL|=z`=FRjv)b+nNZ=eN@`}^8U6MF7XBOWmihChNwU6o0YsFK8b
z-rHzq{EWJd46{ec^b0lnvxuFX{TW=EF9xiZ7le%woKq5#8|qU<Q936d&tv^3Gdbx9
zCPe-f=Sh996~9t~vN1Ss;(Y%v*QBK^+KI~WL*}jhWn1;9>m&FR{z|2idfZ~3OD%eh
zU(+n6YfCK=_%)&eJ*ZzMSErZnBoKjMwqw}XfsaOMLaa|fO%Plz1j>+`P!75XxDz5&
z9PTN}s?*ejN}K4IX}7U^nIBILwP#7i`v3Cm<lV)Y6Fkmy^qc&@UMF|{)9wxW)%vd#
zdI^_y2Egh06{MOIPBq4AwNDzI8TSors9FgkV$6W`{A#g2gCtNfm@laSXFxKsU(-1L
zgn2MVrdew62cb{3M+Na`RzOXN0+%qjLGbvD`J8y@IknnLIJdgMMt-Y(`SPVUK|e^f
zN#S$`rwI)kFU~q^#zBMz%Xy|IG@If1)T2@!72}_TVM8GC0(=Y|umS(QcK-dZcK^6r
z;lC7GgMX=^pP1Sd^h@wI@aH3Iz++%X+Qh?W&Fb|jGJR{r1)S?Eh6=7?25%NRL;maa
zM5#~?o6Xs5=D0Me#NlGR`21vZp+=f-oLcQaxq!er2O};5qYt#cneZ7X4v|FDun`g!
z2|NOUBNRG?M*=>3+|AS*W598F(9|i(jpl8~`L&76d<4&EG<~OU>d#0g);-cz$bFyB
zv=p>n;|!US!&<EYpR>AVQTLdtNpxeXPHN3&d;<+w(ZLhKJUtvfiI_W~Z2Z6fqpSX`
zMPxx-$e(<TNFv<kBJUeeocmViiik-dAS0?!kF6d^h1%KU%yf@&52a3-YdQXPMYTI{
zGSZ`N_5X-6Dkn#Fie!6`D1TkqivC}#{u^***f!wAQ~*?$*Y4u$FB#YS%NxtV!x3dD
zVKzagM_vg!9>)_swNKgEdqX68$xU0@gJi1`PLk&7fj73q17bR>vnTB_y+LK0n|{Pb
zw>W0BrqOZMeA}&e%tmw^*%06cPx@}sizAp#s5{YY_3eexyG@o9F&wnfC2Vd2qtX#|
z<AGHi<dlX$nXNfx;6TwFCosZU8m7Le2jE6h@n8{i&qgz6ww@3@TXE8EBex(xj}nFc
zT#tFAhe7dpelNyLi*(_kES5}gvfAx6Vor+}33}O=Nf;@vVG*mg1#Eywn4$0Mzq+v5
zD9MdgNCXK`p^)*geT#e-O<$3)7R-r{Lg^-6rgCp2y8V^Rd3PiXed^jq`lzIav*{&C
z!C)q|ap0soK`-+0$V?%rS5x-81r}LZs5><q3-{b82$&J3wEV37NJ=SgfQ>%AMZH8c
zTyhmBFp@`x5kos8kjY4(73Akd=Po#-iko$>Zek*e9W;E9a%hmabgb)_WJM)}BHatq
z3V?ZL^gmysi@HD3+`8nE!d)!P+WMC!RP&`t3<x7*?X#J*H)eUA<g;=zgTx~hi#!>Y
z6VIcX5Apr^vS1}D_+m2;&BnnOs}K-uuweM*<l?<XtiQAz=K^dn=iJ)-59B~sR8d70
UeW&z)0RRC1|7;O$mjKKF0Ne~_O8@`>

literal 0
HcmV?d00001

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-2.0.1.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-2.0.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..23cbf569187cdebd9cbe7d6defc96956318c77f0
GIT binary patch
literal 1462
zcmV;n1xflJiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI>(bE7s8&a;1o=K5?7h?DF1E$6#-uI=SAPI`S_i;b-dNQ|_k
z@pSs%I|32|24igOT<5$m9!ug|3BLVSTF@Z*0`-s!Gn}F1iwN|?kn7;>WC5C-B}C!b
zp60r)dpR1Vzpm?6f87h;J@ZDM?|Se2i;;ikdYA5{d&b;-9dBcaA<$>;-oC1f`=1y{
zsR&3YX~qM_I1q$t?r<Oq(Glt`M@`~hU@&GmS89hXL=d1Hvp1v@d{a9_LWCv;j$>xo
zref4UN)OG_5Jt6^Xbcey4(+8c{@1xWfLMG*ZG@6z_UH`)G+c|A(*K{NAqYdmXn|}p
z{b1O=()C!*pv@62V;nPx<52MQt_>ca{rZmUc!Sq|o?Wdu{t2Tv1VZzchlwH7hJ)Nm
z4>rfY=lY&kj(^`fA9<(vKZX?}2V#Lwgwp;q&cn~fhTx+&cn~revq@q|MN>2?(HuYE
zy^tb}fCvc!Ah7z8#ZQ4S#^J)OB6?tA<aXd(t0Yc^pwO9Jp9&FUxz`NpmV-=N<1o<>
zmR$@OGhErg%tsFx%fm9o8s^h_^il|e`q9dnRjRCkl!iGLS|AA0wLy5Jg(TDy6(*6)
zXEtQtjFLA%i!pNy0VT!>!O%33cAhs{-HQ;fA<Dp>?@D1Q`H;Lj6BR>R$a$j!lSC2d
zr9+A!EaBc2S~@|+U`z?=X4TLM=pICQO24ccIsusn5to2&R}Gzj{st{eK!2?oIsr*V
zSDD(+!t&$1R>ao2w!+T2awj4*1W|d#f7Exj0LRE3!xtDNAqJLV6D9A(+~Hcu+q}I@
z#`TUh7bcnMJlu2U+gPzn7_)!=&4%y=M)2IJVw6`mpT3^omYNxhwaxY<RygU!xfZOf
zeq83L6j;@6#$*zP_CXY)xM*vOD?+c`x6bg*6Sr1;3U&Rh@GUE_rjbxu&6=o0QoWZ9
z!V20v70IgEn|u|brs+Nt-Fz>sf%Wl4PE-_!NDZD=6P_s*BFN2PR&o-(7gjbx&AuV0
z1_IS~8m=^2ff2HXIVh88y>-Y6>RW6sXz9v!C3nN5^B~?b^se!VY-n87uxj_HyM5-G
zkaJ77zN4BendR^r77D_smYi+WwaR^`L7EiVYIGCdwuqC~kk0)583#akcwZ43V|PIZ
zb)pfBl85zC$L_v;qyrA<VWSjn6%?Q~EGvD1FmVXWp0gWjt@NgZ)2z80Ik$gKv`jb{
zIKAjVt?aYb<!^Y#^{0tG<*~X4?GszgvLn{7C{d?Xl6CY=TakS4-7`&XV%=?9R5}Cf
z24R!^j(f5PQS)%NxiUQ|?slm?KJ9X4Bc*FQN{z2w2>C&+WBqScD(z4RY^neI??#uE
z`ro;K?w{&^$FM`!|6T~wV<GVUGiKUdQxRM_ecjSvjNHkmb)(gz2wo(!R1vK7ZBgop
zg#103p_WK!^5<7V{@grZ8+dqXfo~qL1w2og^zsz5lFMg^*D9u44BXRQ`aWuFpT*JN
zb+xQQx?a!K8}84s{A6ztdvsPu_+IgA!m&U6eKuDe^M9P3M!LNQY{~!Lg@0bj|Ngu4
z)BFFU*rD@(PM99EfAQT}P40ho*nj5#o&^3SR1Y9l_QZLIhPo6^TgxdMizz!6wAyu#
z?XY31-rCac;C+2(X?3q1(w(fM{%ed?=dZ%r^#AhWqN@Lw-s$^~qu8PKKO;<!@;^-h
zo76vd_xi`a1HI$lTb$Srl*kTQ<Iafo+wGU@Bkto55dY2kKmB<1;qyl)3ikHV_WiFn
z@+;r}UW~j`{qHFD(}s^-uh=x}V|)Rc7%hO9So@qdF&MDfvgwoB*IwbtPIj`BovhCO
Q3jhHB|1O^G^#C*g01pA?T>t<8

literal 0
HcmV?d00001

diff --git a/assets/rancher-gatekeeper/rancher-gatekeeper-100.0.1+up3.6.0.tgz b/assets/rancher-gatekeeper/rancher-gatekeeper-100.0.1+up3.6.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..ea69c55f8a80b3a147bc3b853a68937dfa0c7175
GIT binary patch
literal 10106
zcmV-=CxzG_iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKDJbKADEXn%eBEB4B#)1=p=B!4B<yE!vHj@y&hIPr6Gdgo3i
z6T#$4!Zk^-04Upy^ZxcX_#g>VltkN#liUc?X)NMv7rR(27K;TZNiaq3O^Cz`#1wh&
zXiB*BuSp#Ju%6WK_xlHXd-~sgzhD1%u>a)A4}-nI&hGB+{?5*mANqs6Cwqe*pueX6
zm!?ce!hh)ByRSNO-$)`!!X%NDC1ThC2#6#RoA?2dGD4rS9?2y0Xd)zuq9M$)ix=?l
zSxjUwZLA(3mvl@qEb2BE3#mvWa_uD~#v!~uJ%rzi9vUmCf+8gW4#9kMK@!(OV%%7d
zi6KNZ$*vl6Q_f~IMBz<ld<X$c#&qJB4f|s1n~%NOfJEt(3>ur^7$Fg8v6&yU#!B)!
zRmen{kjOpBSkzc7qh7$`lqHzRAvkT4l>UKSP?ii~w$mYLTK?Si5Bz>7L=kYBO8xDG
zg^Df$UZ<GADT`=u4Tlp<<WB;!R7j2_cG`zPi3N~TA|W594nV3adgnx7s0K`O7QvWt
z2qKn+kPt~{2$;+$XGx5S6rCwkqcW8;6~kU{Lgh3&_X8I9Sc-{f8zc&no`W6@6x4Yw
z4UF*Z&}u#v0;T9hY{Ep(CE0A!xxnj7#zQgec%VA5P=oHI<AJ~+<5XUE77|Rbj0dP2
zxFz8Jgv!n=r^KM&_xt|f-?P+^<V#Qg9~$KUj6@lVH7)=v<p18zZoek~_Xh`i8~Ohb
ziDMekfQTXNc1RXd`67|XXCxZJZoh9noha%4J59pZNpwAgF^L3r0+tBL2~Ff5ltpF*
zc}Zg`hp=Po{mNN<M1m>ibwVo0d4zwEh=xScWb&VQK4t78&!5#Z-qILZCf{Jdl2F4q
zSL9bhql}{wU_*E@Nf>Wv>1c|<g~_bdP(M4ED8Qa$gc4t;$nA<~;lisFIaSh&M8~@1
zNoE$!yoAR0XqqJ#Z|Gk*gnlPtlb1NdXb3M}{rXz{e2xjlvdx&v!!V{o35MgDl8lus
z)nN5AM<a#)Z^k4Ug5()?QYPdJyEu0MB65z=t72*F000=&LR&$7p)r}*OaP846I3#O
zT?oG3MRtyXjBE)>CPSDF{GGnPV?U)?6cr;re#PV|N1<eCnf(R>jtcm9?>o9ftzVR4
z#`NFRdrUcJ979iuRU=ikP^~VYIb24Lx-ADhyjSB&qY(`~EJ3=CaLU5Ns$%s~FOGyJ
zYDvOCE#ZE??D$%h@YSgE1SJZ!p2Z{~6XZkSSt4nSy%5JFizIwft-n-+7DM=`e;u(b
zk#_P8`u&d3ptumIf_8O|ke}GLI{<ivaViUzG2jDCnUJqgUNT-xPPNu^IfSQsd%GQg
z7$v8HI5pp%K7FccA&KPFeEOyTiykyinZofXB0{{<%d64Oyj;@>IF&RYirdI|OcN@v
z4f*sSN_trNs9MA^a*pBijMHTDCYWNFMKqb1*=;``Uty5x8EUHmc)CT~+FRstnWd7R
zJ8v+;Kr&v<0?-QX@m0!E&sR~;SFK;*wX2Z%VyYAaBTD9q1DHI<hw!2)+pNO#{g}Qk
zjZ~}TN|v&SO|E}ea8#K|kyGh5PWeluld0twRW~Yyp5}mrg;<ORe5^HCsL}ALqb6FR
zAL)@)oLGP!q?zueAKMQx#(GNb4|Yzdov43iDCVowYwYYFoKPcchl`l>v+|{yM&H(8
zrQx~W*EP+3fS4wSGeRS^LJVQhnMCZIM0O)6BfChLfq8D^&lygrkg9`jw*z38ip2ug
zT}vt}i9kN1YXA1}Q?3|<|Hx=0shVD2S}*!uQiJ|4F-{{QQS?4cF-nmOU#9oj3arro
zcMb-Fn*RS}cV}m#|35_PeEit^xpRD#k|YE<MNrEGu(AGI@3Q^Q&%IBdIv+oJ5aO67
z2wi89Q^mXBl?Akp;u{;HlB?kVVfK@%<m(x7PD6wnrHv*59PH{pY5XP|kLeY3y|OV(
zLjAV^@rWal2&Cv^oJG+!{F#wR+n0c(sRrKf{3n{$b$O}!P>2XP$ADx4L9iI%_d-M)
zl*bgKPypd*L^6gT8OSLW@aX(n56AOYZ&X>DOhBX<JoY;;#$atdrV*>-32Q9T->8I3
z8bxr9kO>8+0HT4n&@LNYRjfL~bX*K*o>>fPUS?r|R-+z?vZcRi42I9z6V`#V7!1>j
ze`ZF?R4!nxe7!Y*DW{1XL-$AF{V2M%)=a;*VYNknS6I-Yt(r8}wxj5(>1&zAl+sG&
zavJM`-Gvyr18)AdW<9u3>up2=gzmq0q5GkGhgo$PDxMERs<asrDGk}cEDZN6mX2eV
z083CTMWfi1H1cYZ3pP)({~~eJkbeUSO+rj0JOu~jdFV?hjDGUL^5_R{HIzm`jE0lj
zQyVp#22%98cWR)*s@>)6_J!pC()FK25xc}tt9AFV2d-NGcc1K3*Z-aV?vwsz{eOt$
zo*EQ{uO4~yW`lE-WYD>wNjQX~!tnRjmhZ$UNk}A7y8vTCzj!KK=IN;QQg17A+f4pJ
zC4H7t?sQEzzdsd+riC-zLa{5>c0G4rzXflCDaJ$}J1CJgN(m=1O5|c>*7c6F=}rz$
zU;MFas<_+hl&c-Nr1ed=MxeeAH-|NZb8=nFp%UYUZM&%;B&W$lZ6OJtV7`a*?9U;P
z+#u**JgrfoFxO4k5N?Y0QxaT|3C<08QDBx^XWxD7#$wVPLM$eq-or-+#KJVCmU^0`
zne;i%C|>&P{J$}fzM__2loIbgymx8~BB{_S*zg&=n=lrdrHMh_SV<3GL-+2(d-&g=
zOFjcN|D?F2a{8z=k!g$Jwr=II+gHLQkmUMN(dT0)GZqsCf-rLXQMW|vKYpD39i~e2
zN`NMsiHsH0z^Ssg!H%CHxK;#zoOQS1T?v(9)NPo9vKh(uC1{^M2RUd$<<W*DcP7b~
zmb_m_TDtx_HgP4H5-(+8ZnQSG^Hy5HD*un&{rdX9cd-9tv;IFsa@T)D(%N!=%EC96
z<mT|Bvf9_&M*v!#ZP;mj%GsDks1F~8@YByf<tJFSEs~}~`03-vLNRHuJoxbG(@(mz
z-bdY{d{xIWiu@3|*C@I=e~O$+GC|X1v9o+*%$7wncK=^1rT1&5h*5~@Q>oC1^jMs7
zI-?Oz@K^*Ss+=qWjKy!9WvMl>l4OE~-Vl?kAsp=Q@9yWuUz!YIU`l2Y4&fvd@+?aZ
zMaNi<DaY_RXXz11$vKT^uJ3qo`0}MHqssnE6z6l*MqaVxj4|0!bbd*b?8+^rOB^Oj
zAre`dMraO9HSps8(9c+u#W}FX3+IHS`d7-CS{E_Yzs%{E{xf8k$tB_8;pvNwyl+gm
zlmFIcPlAADNoya$74pBo-yhWFfB(t;M*crUs(6j%GT+L$Lqq0@!2fRKv)z^&7sI)_
z`nzu6OB3*(srCHNLMpuw(}-OwxqcgS(2Dv0WVe4%oBz8z8~e}0BzOLkG!?x<2s|%n
z{e=X8J+t=Gh$J`!!-3^Nc7u>8+%0VBFDyqa2<_xZt`C+Dc>}Fxx&A2H3+1IlfZLMb
z_C#n$hE{}FO^VjUXhDt~J3Dd?2kT+0?^{%AK9_LZsO+gq{fxrY&L@UGa7cnE3l|=c
z_+_ozQ}8Y{Y)i$KbZkS(ThOuvHLC_=QgaDwB%KD>&x<zGjAW9<O2?^cJa5?rCXU0T
zW0EV_#RI}8!u2lm>>^362kkS3iwjKdTI*6@Rg2ifi*SaO8oB>yy>RJw>lL;{;pro5
zxB5c&+<JQk<}qin7m#3zb5Ivvyv;R(X_j1gg8nsMv+##)uBoM&rxqKJCDHX<^@`hZ
zy$Ot|wC$kwl69-s9BAux3$A`vW$J34kVIypPAJKQ43YE7cjI5?kuc=XhIKUj()+9q
zNXl7^a*CPoQpV-n2>6aOn_D+vaZHlXWxm{BwD^R{%*{8e)9LHyA6^}v9KSg|JUVvF
zwA$HF5xRPCq0dgva9lsmsBIdmnYz*`k<(!zb^T%qTnN$KfmzgFQOvkI*Tm(*Gh-z-
z9Xc4-W%nqibaI1FpN30|N;0X4IbGt^aU=d|zIy3pT&Wt-873&iDQD;C4#8B)^f#2%
zQAzc1^bF_yRn5{~kS&?i(5TK@s)>r^E2QITbK?uxxM<&GSI^=k3s^LSw@0V9=%^Ws
zyr22uXzqt23F)l|Th+S0$5_|=LQPt@t`()7g>BGx+siGmM=X(eRe^c6%`s0w%}iLP
zkh8S<#Z&D%U(|po(S634{FO$SYYEP>s*7dGp|x<rFTea!&#@-Q=4#qdsr_Yh{n2#^
zo*(!!w;ZWrQsxf)%ajUdlG@_UibcgCc(s<|7H@8_=Eh>G%{ei{r%zxjG&nfV4@gr3
zPKVa<Cg&$tMS8W!YNC=v9@9j#)Nh;wc#53rV+3=H=OCw+>qxzNket%>G5XTG=x;Z*
zwf~e`1<x)A?Ttap?LUM5{$Abwv;Sm&WB+}S^zGPx<~eY=1<1W3^TljHjX>YkAmoVe
z{G$=iU!Rp|0kK+=Yhx+;dMrf?DcPEq--NYj?t;|AT8`@5|9NoI2K&JxyTg3#JJ}%S
zn^~}tTV@-H*u)F<&F7kR%Up+Uw(I0>kc(_P)qB(TvZt8~uwEgPpDmKe3(Q1yUe|5v
zE7x9ZFNs&cUwD<=>7l}?+GnDuU%x3=gUe=nEG6E#DWZFK;h)p&mv%VM1obP!Z3c8j
z{~Lo=i~cqSt#$^jw$kt3#;w&tI`6~^3GF}Q^mP|QS8JiXPU~9RA^mzRZEYcLYjvA%
zZ)1ULw7}(#dM8R9s!SxUE*ZI|!-9!9wozXjz_0YY$imk^@UPF>HxJ~kEq@I{=k8X(
zc8z_77QuPImskf~wsf@c2A(snqwb`#>*)y#aR_@meJ9Hlo<qAT>pk86m$vdOPWQ0?
zr7R4o;F%66cb<h4Twn-X<^R9m->cdGo*W!(?0*lEa_QpwgZqc4FRVH&{C^Sw-Qs3I
zSIwu!I|H4MAI*K&MFq^I0#(Z1crET1JTJKDADWB4H;2<T7zwL^TpS6XhUZNxqf>li
zLcFgD@k`I)`=r+L-$p~ySHQen_x&?tlB{$EUM2qr2Xp5?d%Fi4`Tr29rd?KI4Aw<?
zaWr)1miq3bwL24TEvTm?zX7kRS4FiO$j?gUfTgvaMRO!NuPL0Iu5I+wQ&+9e72-;S
zIq%N<0<WcCfwO=3(p<kud1@>FbETiN2=fqm>hCu9Kvu~Az1^L<{NH;r*y#Tcl3e-D
z&q?5uOimf6e`%dchoPXXbP6~!ls{upHR?yeQCE0NV-%9a=@61k+oHaM6~Ubw9iBxd
zPB=+vdG*z^*PAQm#{A<9`MLctu@_e(D$F03I<o#;Yb2$3B{4C3G()BN=7UT~7Uv&z
zxFj9uNmM)4#6xpoR!2Z?1|_vY{yoUjFt4xxzNXOm4e;qwUl}yL!tuL-E_1y$^<^FJ
z=L5K`qW)(<JwJo|Du6Mz0H^O)q`1-DU^uKnSPwoyu|}j!G|<CP^J~C<L3pJ`Mzkzc
zRQalb>y2qbBKjBd8k`Nlt)4*lg5-X4x9~f#r>E{3xRPtjkn@EJ*hrMD2mxI~psZml
zRLXyTn%@guBUsuao0oqORKK)V_3flP>HlpNf16g>fBN<JpLTY42fG{n{~^*X_5Y3H
zzfkdSYYAGkLD1pUYeLhwzb%xGX|r5!YRMc{ZUpTnRnuMM|2a)UwemY=Ap7ZV=fC|y
zJ^tI1{Z0Ijhe>z0|NO&{{ChM1H%x?%`rA5k=AwAXXm;`tx2`d5)#@TL9r{x*9F0Mm
zzV|>zn{=miANjvh@Y}Rf{_oZOe+~vuHv0dAq&w*U8^K=){?<DG-4=+=%CJeFIkmRv
zdCLrV%Z)*+<p04zP5$rh_4mK^_g|MStm}b%Eve@Jv-o;i-5F?^@wi+sPAt>pudr5Z
z#9x~o>GLfe%WdWMt1$}Y!+NG8{^xGE_P}6Z|1rL_06|1Ck!DoQ2<5Np<u?<Sd8gCj
z`dYhnz+NdZH#la4o<>VYsBV0N*ZL~uUyrXyP%cLKx#Zj-PXS6hw<rDRX8CMJRXd<L
zAW(U4^EpHDipk?EW8ks|IeV<`hO5rc1>FmRb6G5{-dOP9=<N9L?XmswuhZxGkJ??M
zya_==JRXnr8V;{mq5zh24<COf@2OiHV0p{Ws}`>TE9C#~od4(U-ofs-9{>N_lK%;l
z^()46uXNvS1(<7Q@fz?QY$8@35`U{}fr3@eF9nWg=<=7_jXUX*1*3fV>3`Ic0V~#w
zx_;L9PJQl+>%sHmm&Z;`OhTJ=kF{qR4XY3ID>%MEw$*aycD#Eu#o)r|Ik#iuKvnb%
zmwD!O$T>HcCCt_Benxeq7(($`IAi1g{S~IR_TPqEt)4kkUhN37LjUU@?9|`?*dJ`-
zzdcM^@cxH>L1)oJPfZuH4KFN>fVF3Y<9DFtHC+M!N{y{|ng2Av{NJ^_|F(ayU%&sc
z|IP3JzLB)-{h#k`b2hJ7-tKN+O;;BMK%M;k*N-2ep6#m~xG7#(?^>^b7pL7^t#5AE
zj~EI6K_Zd_s<aiZm2VXdZCSNiaF5E5A|R4yqwMVM?dmG#(OMHLXfD7}^*;F~Q0Uis
zVSK6lFWBEpnUEe$gd|aP>zBY+$p8KQox1<;&d$Nc|LZ~0+&le3zOZE062Fji*7Ok8
zt$^ohuUne?{tr8Ecn;hVvc`q93=in#yYK&b3(Q>T*zOdgSoNvoO?L?HteP+2T_T-K
zWp@Z&Z@=4+Z+vz=bE~R51S5g7AV3T;+&;%K<LDV9qdi_L)~e+}Z=*`+kGn*ky=9D6
zj{42%+-CARu~rqE-JVNz$gWDnu9cy`RO5GQ`6k~4IRW5yTF1+3H!EOac(Lk}x=aiq
zqDgjT^XJ3PLJ{&x)eK}*=>zT?S90aZEetccvSvN%WJBD^+cZ}RNa-{>7lhP|nH{a#
z*ZSD$(G|51D?`beV#{sO&l2VdjK)TpF<wV*ZO>yf<d>XE?0BBn9I<1`i=KCr(8c_2
znBFxZ+AKrAQu$aP!Mogv*^H<=qKnPhjzN1a3}?+6?Oa<ix#p6J`MbE4Vt(e=RT^$E
zu9%j0Bz}`a<c0?-Jg{E>#|2|qdO~Ws-Rui_8`4w^0L@%;1Ak^r>Y@K84>*?Y|MCap
z4U67--<PLV{vUf!c5C~;{=t(?{I3T|uDDxp^S+4PXm70)*Y4li@(qIT;;E=IPqFa`
z^7vP-`k%N0I-mW&KNV-T4HJsc=9iuTWsNO(6HGBCFlHR&6k(JSPGXeE#mGcdFUqnM
zlf%;&f9#qnuD+LYmLi`IwH%`mO6pcV=0-gsd0i{3@1NY_gmZFT%b^nEx#D>Rrls0k
z<|0__5aM;y=Or+kqytl9c!m?aYSn<T0v2b;=BMjlp=5gfh#T};H(^7#Df&oBa6u;6
zz&b^d3Ca(a6pu>!ZbQC1c?{1W78CgB0G==jWm(@=cM7Nq!)HYsMb4-D^=q45(zVk;
z@sjJikKI^Ix<gfc8@eG%LL<=~!pE*2&t&q!42mjZK79K0zS42Z*^Gu5s@^~9!f*pL
zNi*ql?U3OchVqNY1x$<Y^gr+2%}Gv&N>k?F;WOK&gP?8a!+ZY%uibVmq^eTUq*nl1
z*@9(>d}ND1hQEUwZ#l&A2Ro`F<usAwN8M|dL7WMhH<r&l_;J?VhIh85_mAfZ<I=Q_
z$#&k?<JQEg5kbe+D+g)$z+d3?d#5g5r5H#v>Wjy?p@JHAc=k-qeJ6JdLZ)Yd_DTUd
zuFP?uLTBpWP#A6l<LVPh0OM3%&kKs8vq~%f_AJ-r%UQ?qgYNQCW0h?)MvqqzSWABR
zj~{1>q<@Eyp@CNrNyYd&$3;mKyvoUbf!DVA?Phq_!Vq72>0V1(s{du_gp&}xfQLeB
z^mkJMSLlCx2ZMf1{~PS|H~0S@B&{j_U-Jz!&t;&8*y_3))gh!D^L_5N`rAS?SF*aL
z9YVLombN?JirF|1p*!d{8$IA%w<&I4_kGO-0`IyDBlp?D#u@_ex)YS$ZRnav9_lZ%
znN@#jJ4pBaU91`_uK91MU8VM24G)dO*23uU>62?wX%$SMv8y(=n7f#i*G>6$*tGQk
z{(AYSKGt_UTP>FBPCH&|ID1`v)aRbOwk+NL+;t%*tmLP45!WTldMKaUJI+aP!Ny}9
z<$I_%ILpss+fcb`O=<Hk&%D%`JA{3O<y&P<uUJ}#b_IqzjIj0>>H;3#;*mO4dX4YY
z)!*tQX&PNSzrC^ZLk&jnPN%kCO8;A`|65C2F=Z69++ho_%K!7poc(uj@MPov`5<Y_
zx>igiJc=-ZM-gKeSqj}{T4J~GQdH_j7rN@d$B&_}-}Twjo)3Q;vn<gzjF1M>$q*>>
z%<h8d#J$;oMCp_adWS;LNzyg1;@z*26DwDjH`Wv?x@^f@Q(E3aQ^4Wegx)KS=cg=u
zqf0JtZLv+hH*bhv3t)L;EdgBGs=ofu_>!jVW3!8%pK?mlF-(d09k27QA4&E`Tc^N(
zY|H(x8g!K+l4owu`7=~azYJ7=`>+jv!z(JJP<(9LtU&Y#|164V)GCk^#?EejkO4<$
z&jk>UxlPoEQ?0^)6|ws8B4C`ONSWSwsVYX%0;5>uMOB`hQeiTEJq=f)=lsy~zd`={
zO4l*IC+m?htM32o4{HAZgZ;to=Kjxvq%AllQX)?TNCt-La5=>U&NCWm{<8-&!tZRs
zTg7i8OSMxth$%)9Od@t}jLS5cY%2wwNIFA(%hLHylCZM{2~JEnkw+=VF}=bNE~%Wt
zzdiQhbrM|zOLR>I5~RqLdW3$*fBxpf8_76!w%~}xF-zc&qc;#zE;{~%%AWqey}aw6
z|HXUy|M`dMq^JIu{}i*NS2m;+@+^fhjZk!c_Qhq|`Pn}w7oDGd8K<3}|6gYd{ve#P
zOu&oh$D-q>oarMupN2?!rW|Mg{ViIA8|MGfKM!C1cKq`7Z+;xErH@tf|H(nk|9h}^
zu(O%}50bXvXsQ;wh)p_&Q3PuDd>)}%Q<4b^7;_fuH7QGl<Va$8eR>GL72IN1rb`+{
zaE?I25JM$N^una3RHw7G1@BJn;jUfRq2GTG9_;jY`d<GRZ_w{-ZEeA!s@(D5*m|0)
zZp+1Qf{D3}4>W<16-s(HGV18+CoH66s$2M%-Xe#k^+SO)3W$^uI;`%QE$PUqF=ib8
ziBSx@5U@BUl4`Z&+8%G8uo;GWn`c_&p%^JCq<49Fp)-tiF_oQfokrSEN+>B<`dOIK
z)jM#FfvwnanwSH&bW<|80}*g$CNWG&5=JN-*Ex-k89xh%amXs@-!T8rjt`%o9ItEg
zublt8gTY>X{omW!y#M+zY0I6<n(>bmx9C~>8%j9Cl);N+%sQRXXcVwSun0R!Lj<m}
zNEkY{CH-u>81{NB#l+gjJTk#Vs^xi_ovZz$!)lr{h0~mM<s6Mhoz90hi14n+d;chJ
zJh#P#ED-vK{@({xsQ1`#ym94*kOi3zW~TSAA2e3hH$2DF!D`D4K(2{vy<~3wIWmPr
z`XzcBMm_BOO<M_z`d-pd``y{`%j3g0#~)rDo*ch-3OK{ksY9YrF`bmXudO%mjFHlD
zfb6&gC{MxPKiVpPJce_O*rgg&hfo%pm9(<uT9E5s#<ZA|>*t@%2c?*5>G>Zp+x7SS
z{?9*mbP>?MAjFhopoOeeS4+{pqX(2kf&tfZR+wFvHPr$e8yB+qg#t>ux$a!C2u)0F
zy$Lf4@|Z;tyA=6C@(&aePB{rA4U`()d95EihQY9N2!h6Ggm6i&)rw*bsX+Dmk|jBH
z$CL}H!7dHhhCvOwjKf3|k^2>vwoFns<Z#*NXCRB`&aiWqnNb>P>c@1#i9}yaM<4=D
z)8?%$&LLMBWvz1<0_wtgv`rj>!VQpdI-v=P@?(Q-xSY}mK|!uMQHWb|7w4}&ypZZk
zVx^Jc4(DKDt_BFD@DN=K61=o4Za@;CvF1HRIdd6Rm5G~(<cvxy(l`WYmLi%2bMxiz
z&&mnYz$ljg?k>CPqI*X%^6mnGAX!QS(VOjjnC)8pDNC$WuyeKeJTD%Ud^o<sIF$;$
zS0(qo&Dp^af@G4#M8Db^U4uYrNb0P7<A_XP<awxDD;fFOqC>Nh(n1*zkt_U6HADWQ
z(B%|4ma;+3X-iNHw~Yu2Lj%cZ`4ym%b-L4fwcACQY2y~D`1ET{)6a>}Fg~KBM$2{j
z63+#dXoyxHBVouDoB2CtJa*;xX|ZB-IydDnXpwH<IU4bxsK3Uf8aB7>*U(ny28Ley
z1h*^xWg6C4wYUrH4(VYS+H>TEe5zUmmrF$(T8$*naI^+et-@;Vo+8}93-!&cwDuyP
z!p=^|3XZpf1V#}}u$N!OywLtW^sl?%*$OL3CQj!DEBD)4(hZCT{!ZWD^Y;9{zke^9
zwZh6dvn{Z4zpV?a7von<o^lkJ$cMqIyklHqm490oR`1@gWmXxi^uymT5{Z09qSc+N
z6?)9^&kU2`+RU%ZDGjEk9ko{S><%*j21dL6{(8_-Se0)~{*ilq3-dmEW9JI1m|W2~
zi(yNti3Xd(V_fK+ESDGpOMp1dufl3)O-Plr`jxZzhy>GBlIsTEk_)59a3<8!&Bl)E
zE15;IuoS*NJ%pfD!y|oUwhqJ!td6Exa`A@#wYqa%5`-$M)R%|~ttHt<tsD$hu0ipU
zJ_d#{5}9#)ya=mxk*dV%gvem}J554;M6wJkT|ft!bTF{{l?$4LLVF5nJE_uO)k5sN
zSe#!2fP7PH2E$)Ftro@@ZpP}lDXw8EBTeR!d+rX&nz33H1hdw;k`^|kX0c&yz>X$r
zS3BRp60COD$$={Z_cmcwiKMy=w_890qZf8F^m(va7}9kGR`U^EZ-M9yj8tc9({2~U
z2VT^<IcaHvS7B$|9G!@=tsz<Syjt=q#S*OIqD&jP-2#$zV--_*nD6_K^-G`2IzLug
z$L~*teH2uQ1;+$b?nCr)l{f3E9?hfhS+G)T)+&tdfK^?YT1?k<V->N<b4)0<ngTcQ
zl1;$e-PCL8m??D+Nic;Fle_OrJ_A-SafU0^b=&y~O|)hku?a-2>$PZj^y1a8uh%96
z=eLGSJ6DpO7JDp6*R*w9_pWi?II*;IvukWw{1%YFh^3gALDB|8$4q!j99^u858TSm
zOIqbsB$?=wlGU}BHhh$Ej)^Rqo#j_BMzdZ2z;C0`S6Q#cUi}8%XjS|gNMfP_C`G*<
zrR+}Vtaoc)ZX{ZD{?<7f(JqiEWG_;iW>G3l`F#RQ&Q=YZHij^OqtkzF!~S6Bgl^|O
zsPFxLtaEnu4^HSRtX%*6mRPAOMP$>Q?G#EW3qb@^3^RRnb&GTZqXkz2ZcjkHT^#GH
zg6-zJgH=&)U08kmv_=k;ENZWV+KrV{Wi2?Ze_oY=YEMj@T7QZplG9Vh=j}l^@K2oy
z#aVV)-5xErI#g+Bc=SvEm-W~znz2fo@X0&>&r0OrwPAMyqo;d&>)8i4V-=(1G!RY1
zx`7juxo%=9te!r7`Z;OEDdSXLA4Nn6eXY*v{M2SbpmMc#z9w2(-!^M+@&ZovY3<!)
z;5=65$g(^Dt#tm@J;o8vaqj)n14s)d<SUeyjL+E@@=dUquci<@M+h;E*tIc4FKMU&
ztMwagmvLRS^F<tJwuTNL-V%~EbD+Vh<*=5tGFaS;J~ga91Fe><QPs}t>y^Ro{*bJB
zy)sxWk>=IT=Op`j&|0@-=a@z`AnmpfRt9GAxjEf&9Ak=hB(p48=<qFUxa&4Wrz~`z
zm}!HR>$fG1zp8alaIj2STjRQEcvS3Pe1Sp0;#B>cDaqt(o0MNw>g}pH1fC_5#@Mr$
zphr1YCcs_0&J|Xrqs2N9%CTCj&YrUHh-HafcwAcT+&wyN<V1~<WVbvQzJbwTod?46
z?;I`dyfp`kTkZDOPOI?TZ_sdQayTP2($@4kRwa!Zv_C_uDUl{Pn~?eSkfJ#<mdJIO
zu^A1lC125MozkN6!ph1Dc|a3rRs0r^z^HiA<-XXtSk>NfS=70r)r(WbbsU903V!KS
z%v-w)R_h`a+-OI^BgIDaJk!Te=2DXAbhM|h<H|{e_U5#gfiNuH4&2G4rdy!6k&aPl
ze_`yD_lE)&B1CkC0<t7T4x=Crd-}ekc2A|_>yZy{8N}oQA=cN5f^q`ODHWak4$n5E
z#$t#{3mD~oT;+?%qwVr5dSk{t?E!1=?j&Jnq?T9`V2p_r{)CMzP<r|lSBuQWp(!R>
z{*4S|7C$la;lEhMJNcz8?HMhm>=LpxKgu8Fr9TL%!^n?njptXmQqE!~G3;0&#Tk<@
zGB-8cI>y)eO6ntQAXTNo-f0#PWYYf@??rwusp0+?NmGv_31eK-9k5mLpLh2M_50tu
zdxOpWuZKum#pS{3y-q863!!^XgxZUa$GJ06aUb+uwPNX8Zav8Z7SFqxyUyj3BlcpV
zR!Dmx%*lOhuY7bmzc%=oo6YfMZs1jL*~8#%;5atM4wi9v7qY-{d$(M#VbebC_Cs&B
z<6reK>9Lg9DWM>I?3*hEm5Y?dbKhL`(T-y*PFbRa_^{LQ>epnC%16m^JIq`ewYKHw
zkC;qoVolaMw5{=<)_H~&6E;Jhs8w8-`n}k2<X&4suY0a~RzOZvPwyPJkJ4elDQ-7-
z<*-#ZHD=({C}R>}j|2e<;gL*E6aD|cdPS>V*{bMmmHie4Y*&vJK^@04y)e;4A`dW?
zLc6P#pynq(W~nrHkhblm9Vq=*NO>Anb8G8(@J{<G+?r{(^sfIgcyI_Qa>_y)SWAGN
zAM<{MWI_}HbS^3$4lpz%r6_zjOs+vk5>fOhAl9fEmj`s%BVVjJ28@RoDvFkl5gM^F
zq6_39U2czN=^N-3x0VgoMO-h<wMS>q;n8S5h|K7*)nl|@p_wwmL~2*0J;Mouh)rmq
zon>?Ej0KFOX+*KuEad}we(lVepTttuwKv6T^OnFEFN+5ko1g|0f77`WRvpp%45S@D
z$Msi_V6DfdVPh#)eQ&MDbnem_xQ!O{5mS~$p@~}tlI21nPW9xlBTh@#&+}{Tm>i$e
zq__^*Fh*hokEoA6T;><wil!cG+B$WrWlI!U4pmuOvd61sy$RBkap&HjCb1**iwt|4
ceWQbJ(k5-vCRNk_4*&rF|Eg7wyZ{UV0CRak9{>OV

literal 0
HcmV?d00001

diff --git a/assets/rancher-gatekeeper/rancher-gatekeeper-crd-100.0.1+up3.6.0.tgz b/assets/rancher-gatekeeper/rancher-gatekeeper-crd-100.0.1+up3.6.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..4dcc3ba15308056e8c58480828132436b8a3bb4e
GIT binary patch
literal 5955
zcmV-J7rf{niwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKBhbK^F$c0T)8bSZhuyYpJKd>ijk)u}DVo}_$sX5zAEQni)c
zlR#uk!Wsk^0JKM$%zr-xfTT!DyvWy?1o&bZ#HG<_H2P^YNJ)4&M>(7kjn{|?%3&y@
z-P1XdI#`gHeRcmd8jVIT4-f6%(P&ivJ388b`PJUx-u}VC!O{Ny@mHh0qodL2D;PaM
z-<>H{n#iw4_wK7cxGy9T&V?qL3a-Xm03p$YiCGX5tr-SX?1m^col=a(kjcv0Vsjcr
z$j30yGR48#BAmpi5)$GVTxMD5)Iw>D*VdEBkSH9Q`UMd+f!!hr{Sl?2f{)>5Z!1C-
zN}6c<|2bEhFs4Ay5l%196ikI&(@?P0+J#;uI0lj=jE0tDTQ_-+d!tb>3ikegnj8c#
zgVEM=&uahFu>NldOHn<L0_a-*2S@w$^?!VD;Mf0Cq_5!&rzB+>+>|#g4I>o6*4OZE
zP8CoE1payQ=JjwYWK6Wi2&R;wDR71%BNE|;NJ=IQ6=(qygoG%C5m2rLEJP|nW1KLe
zQ3YFDGbSd4W%@@mG`|3xO328HmuF2*nzY;Dn)%xo!%iBMDv^B|*o_d1<msM!{P
zCNrZAg8fmj{{^kdr%Vm&znGofpXbODlq%54T~$Hn`X3!u*Z=-#^zz8B|EEY_!)3Os
zZ+-kYgb1gUBMjWy`#Exp?`N5<z5xtBeX<4V6oMb!CgE0ZzG1IjwMDf=Qm&^k_<w45
zaHj^4M=QUdn}=U=>RkW-5tIAc0UhiAXm3=v|Bnxj_x$>Qid43nCq#$y-J89wYs#ZB
z{EwJy#i&U{G%<UvGmbxggutQ0w<JdR^l2DMBpR~<nSpOgT{^qnmb2OL>C+YfBNJrG
zZSf>Y*0i_<P=h4^gE_J|Q1jin5Z8k-Btq#Sb%y<p`!7vql0=yOCk0~@5?-&?9!AJe
z<1i77hKs=%Y^F-X5HZ4NOC=bZPV+V32q<&Hq)u*_R32;VcmeWW?QfJfG{loI6e-tl
z8+wWfCo>DjT%9nLR4+~i*Z4s%`;;j^QEvsm6he=|z_aS3_X?#&FrzF#6kHR^QI-fF
zX5)3EGb%zA&j6e`W=PC=*0O^H@adBoOs4#8-C$|Q!KY8-mB*UQaz2%Myhs_lu#-53
z^XXfmFC;4Dx>PO{aZGqLE@cg2cS3o|N?blL*ltnD8BVJ;QHQ&s;8Qx=4P|7efKE|4
zPf4ldjbLevZ_Mnea^Gb}E^Ai`7@L+vKXA6FO_ocsY4d{U`M6BXR$kL6GoAC~2mT$Q
zER}g1j;ey7R#IHMZ%9%mze(nc+QZ>+>j5;1TcA&^Q6w%qeo~cD>h%j%8I)6f+M+fj
z#^MHtQ_2aWzoGQX<MUG<ZE8Og|39eOudKf>aq6C3??1N{>(gCRC;qF5`rZ2IJpVZ!
z)%`#Fhx;D?Jw>XWn>ah|G*<$>thJI3>0__u&8_IsG5l_I&c}~K_$ExHM6Rzwksyr!
z8v^U;Sw5DLGTDC#zM~9P@I4a~fI+#<-4`!xvxC1@s!GCV2;U?`&v)RPpG_lKbLCRE
zRL^TfEFVMODQedc{0^M*2)TyCe8V!PaNb(xsQMgzR-Nl#PDuE;{-1-<{_%?c=g^=3
zJV`3Ae>>GA)pH@~Zx$*A*MCz16-xwn%2K6KUJ8bNbwdU?x<Oh|Sf<QaE5@Xz-%F7u
zwwnDHKWOBJT9uJz&w!LjWr$g+FjZQ_d8Tz}Qw#gH0B%rD)EIu+c7BZQ9oU|sHh&U>
zRLu`(3~v9s(mnjN?V#WGzbhTu{3yp!wg^RK3uRrI^wV~#uu{`1L`QBj8|q+sv+4Pk
z@`&=;BhHdwc!^U}HfK}|javY#64XtRN+<upP+Mtm^{*;Gx7VQh>`HZJ7c8yyw;4Mh
z%74))6HY33Z}ujrNlx;Gh^{h`bdcb=sm>i0iKI7_;S8fOObJs)0tjQ`_9B1qN`-_G
z7q*d?m<y%fqP`XKx|(@@aazr|I6qrvEIk#LM59#3u>B@g`m*HS*xmwA_?q(cL#3Q8
zbHW$)d72~)W8|8!r9N71a@*w^1EU1CV#>#`SD>kwd>F&aqoaePEr6+V>*j%)%Mqj*
zm^D!>7+<oa0tAP!U4XsqJV#+DQEz`X=7~>_oEq%E%U367Z(ap)^bmb?;lI6u!+QMB
zXy2dzKS}z!DcbEM4-A0N=ycF?qJgeN(xnO`m@L*t(>?dteCkdO>%Rh|iBfdNhfRic
zCpv6j|NAdTM>YJne{^_o?AQNOq_Q!&4quh9g`NJ(Z2HfN>8}`<E2nIs;93gCjEEr*
zuG0xlQpzHfw(-K;9tB6isAg4`bcvep=Elrmfof3Lu}(IFIL&$uDwPV$bLQYlQ?bnE
zb=|t*p4f(M2BS*<qm=oYW)Aa&rIN6m2zMq&`7C8bmNFBG3gr#H=hs}^^6x0JNG**r
z6^aB4T;!0W${CpZ>TmW4OXkGceJY$|T%0P31o_Fu`Hu%zm27}Y478&hs8ijpsEzeB
z|2k6P<l;OiY9~@8C^f~(K}JbjDhCvmzP1fHu2dFK=6cNrhEX;G5L3`|sz74mj&SVc
zm~6s9SmYO20ESY5nv0Z0Mxbs`YLFO;8K=J$t=ULZ(~b38nY~J*<b=7v)*T=`f|x8o
zqG=aWUTPr=cZN4YB2YdRW0-55sPXRZjOu(Tgd&bpPW58fN;RFNT1d4U;SI7~MQ1}I
z!#UL$>Qv$`N$AiL%bmo<(bt9JV7tOR7g(;eG<bcPZRN0q%SI$!EUv5SMzLh3$uj)7
ze0BA%@H{w%JKipfswJBZizuI>bS0-!#I_aWQ6ebU_MebZ<Qh~uiK#a8_iKtun;8h;
z)an43Af!n|G)4iOb2ue2vQq;iADhXBn`&s7*N@HhQ~GjY$EVVR@{xPvD!WQBtO$OD
zib^A>nrJlQ?aBp}hSo1Qx9AeKcqi)Fb$K{{d-dw_9h{t<oxeN(;qA$5xVm_C3g4Z-
zdVO|fk2z~pgihtad7KET3D;w|OgRi<a*YGCnk3GUqcp`s5h0MNDISZ6P8UwPjD%2z
z+bg6|jq%DrR{7;d1`%qMvE|pTu`|E_@gK@HVfmM<?OX>~hFD?yo{5P9A`y(tSziK1
z!J2NHx$DxbgzHyR<7ixJkgU}rL`t$)Tf)lg^L1a|bDo2OhUL~(l?itfXO*%RiejR}
zdB<XUW6FR+hM~^YrQKkh=oNN^5yF+0+GPztge;9PD%@!ed~IcUC&Sy>-6CzR-Bx&H
z_8$c#3^CDW7cyp&Q7bvO>=|0&L$~{{?H8uj0&<AbRx)ecEx=t@qST5Oa66~rys8Lp
zDPwLf0yv*SoH9)lR&OP1!l(zMxa~Ez9T1!?KyY+|V0KV$qqqulXt`I~t1FZ{8*QCh
zfgY*_0IDY$O{uCHFU~W@Wj5Q%#d$Wo3XuvX$b?bGB7p4|+twmrEGufcljUZ6{f;w|
zkk9noSzri?(a>;L*?n7Z4B!%fP0e=EH0n-SajA!9fFAk@x>V#-lhdlOx|^^t=gO)V
zA=i^!l?GQM(?~)(yU*qQnxb5QxIt-5L9}bIkd6S}IblheePCt&wFOz3MXba5s}Dvt
z>;_;L%gNg_W44`ez&O#1df&DVIx)-ESO6!$Q^uN#a#56AJJ{|uR424~o-2%786PdH
zsv5P@$$acAV#l~;PKh;*eRqmr`>d9_%Pjl+iB*<ah@Q&u$_@~?#)X461~DbZR?7=Z
zv_QzN?`vGxLK)6!p|6iJGwB)^?FDK>H56ou%#GP(SURo#$%kog*W&tZwVHaaWGJ|@
z5xE5`mk`M@ds{ii8d;jt#F_;8qRUa_kA%^vXu`?OIp2Y|LYqIYK2U>|%zT^)RBwg0
zIS)2qN5)3O&F+30k>gHhnemiirQ1o&TotUL$^bhd^Kn^-?;3JV<ogL1d}tNP+BPzF
z2wCAqOLJLM_A07-;#>%fgcw1TTB0o|CK_ingc#)v!JhDUF}cSUve8`h+u0yr_)%Ne
zLnD8!&vUkR?rbglRzI3c+enMi6GhfTNZ3U$t<sCDtJ*!=&8)tRNn#}Tqfv`ics@Zw
zsI>c&qI|}%@{Dq4R+gGEEl>q!K5hszir6f14(LvRi#@cor|iJ(Tqvhyt!-->7+m9G
zu(KlVgL6J`3VTJq3+-+V)Pa3AxZ5_=(>iG^P(%QD6QxMrMDZqyH&GsDz}`ghCQ1i6
z-bC>xN-q=T8QiDt$hO-g$`8xk1p=qKkf*Ub9Lmq<B08O-wC8E2oC0z~C?gYwPIbGu
zi^5)Np|@c`Eu2h<Br)pBrN81?>xyt^#(nHUch=<&C+EU>elxksJglxQjP4=_03U|e
z=>#Q5jcS-5whvQx+CH3S$L(wG)Gdc`KJ76O!9y&cSkBW)5Q=!W)VrcHwOa~#&_Xb^
zo1~2G9_|0lNPt!J(GJ`qgoHz?(C%lUP6@lmYDkElze82Ob(p9APW{0}){;9+b90p{
zlxC`&B+}o^Jl@tE@<LuKpi?7JMwAUfP7lOX8MPL`xdtuC4N8@neAdLJW`B-Q25`a{
zsB}`Qs!?f-fXs}}ab{Q|#SM+n#sN6hy<>VckL;=clu)L2s<ct%P6w^w7P*doQR&1C
z^%p>{rLpJoy_-NHaY{cJHTp|_!1RlO8Vi^)F|qM*Bs6Qr9YbhxjUb$wRwT|vn<%&?
zS%91tfFF`vrCQ}|R=;hI@=7=V;&4)|e>bJ@0^X#`869AEQOgOU=Z<K!4}^qB*n!%C
zV^%A-R#s}6lIv>*gL|BG6!X#>Vw~nRvh0aH1x7tbxg;5>{eQ^^A*;j7_DLb>jPmxi
z<dRXu?Y2zOS!b!7iu+m)nNZ%-0=d`OL}TTqhzLz|s=8w$Y_UpIgqT=Oedn-<$>Kt+
zu}1qv9=tJ<F64!X9A&-et5>>9paJr!kYTeK?btjKf+6ASTaZ$$+pjx@-^_$prok$V
z%nVW66@(<6%{AQ4DMM>9TksOQ${D=0!FkQrUO&tpqf*(6{hCv+h13mJhIwyyw@|xL
z2<@2WmQiHveSdz|Yu~=oLgof#J~Qvn&+=V7wFl`DY78|*l1}vws5G40U22ZJG@o;#
zV1md&qPry*WpO`LD>%J8v%8wRB^QB6wF?nTd1Q<1xVSr+CPn<&t=aDG%7%Oqe(wU2
zTJ{z9F3Pd#|K(w8cZR~{TTp8KC0RFLRw&HcN-LR;l_gtPX(8=9JeE1>q;j7UmMR`T
zem>WheR`nOKmI?Dlid6sKu7%l{=sqW{eSz%dx!r0-%pbM81er(36FLU;7!(neNev-
zkUwm=7Z8{0*6#<D9)3pm1o9EJ-WSM8_xA?;y#ar3pxt`wb#EYFb$#y-<mLMUW*;r>
zqosYcw2zj4dUAZUv=2pElYA&r!%%%Fk`G1lp-7F%ha&k<q|Y%F$(txe@+OKmQM`%r
zFa!1`iZ@X@$nhqMH&J}Fw2zj4)M)8P3JoldJ^F_TZhG?35GvUD{-k#&@7`azHz+~z
zam-bsp8rKkKAh2qGx~5wAI`YapATpB;f!smPyC;IP5fiM|95Y6I67K+|L^FfkN<m$
z^rgrDIoVW!``aG%x3<ihkiXOAxAm5xelBw*#4qdLDVrj;ulPD&znH!vxFve5us%n9
zLpWbH1|P@g<M@0WU%T1T5y$72S$F)NE7upj_6fmrEvC-cvn#uB`M4N5v-0|b%TCzW
zGc0d20JnXTi?TgPP-$ZDw6gbPCl;n@Yqleg0)ST^#xO7&%J9X&g}Av8HJ9hMivb9k
zWhCi@(Qpueb-)n=*r~d9u4ad>EZc4=i$Wr!;+Af(ipdKu5p8tL82<MsGW=~c{I7ri
z<)>lx>qVaR*T4VeUoU<i{_DkG|NhP6nb~&ALR9L`Gx1#S@Rdj+vr^WO)*<0VP0*5r
z*J~h9yBM40s9te0VNJ-o-Fwk8V71`k#^W)SjFeyht%%0lbVLgt+D`~~I~vcY%VV4@
z$}_(SZ||~G<qlQt!kXA^h0)OBXUesJA1+Qd_ayi6o6MG9#9E(vc}!L}&pR}7v(D7n
zxShwjj%|+xY1H6D=#aE!)eQyAEVQP{tMvIgJCHA#2Ci}d-wHj4L8?#=tWh?wd-b3=
z4lII?A4k5TG;S5Is)w2>VQaWk?R@|K;o`&vY}@xvxM5wPJz4tYgt1?&cgobl8<Y!e
zw~@z|=nCCN2{^)*Gmu3uPX%M**60}<F`XIe#+Ynryl)gi=i==>+&)9zsIeZ4d4u+P
z9lNH**9X_9&M7Ob?_y2ZHa|ywbk{SW%w+C!Ua`(<eh^RLb30+4G4=HSDJ==*IuVhZ
z(2bmd9pC>u+TW}B{|-j`$Nu|YPm=xs{=d3xq6*xPc5mR?GV8s8Sr5fQ>8fk6USge}
zaFxzguVKB+L%I;%CxYSb9>n?}o85`4L-o!@?_BiG#rxYz^)=YnaH`kq>w8=-=Cw!n
zjfeKjdK;eGmnuHd(S3`_+#KD~<{4^=Xz3TqbGPu765E_}<}SfJp@<rzRXTx1^X>AU
z4RnOdbkuJPkr~>Nt$olOHFHOI=DHY}7Sj6!gtUi(v;~2*g?}_kV~^;_M~c{ZZe#dQ
zm^Q<I8so%RK%2#abiDuR_;9pW$A6=j{`>DwlKwdOFPBXfEPu5Ez@}oY81P+IsSyI^
z1zHeb(QzaG)5~5S=B-c<0Q>TRb)vpvcn0%%$mb!ShkW;lC#kKzUa=+XbXEI0w5nRJ
zF<m>(n^(y1R}Y|~Wbf7h^g1Exd7h)@Lh85eBthT%guTzC`rIY#anjUw5}c=g{A4&I
z;iA4HtV<D2Ny_wcCu&aJcR*Zf+>x3a?R?AoJwFf8v#%alaqUA*<P6t+wBgQyS&UAe
zEda=X@Y$Nr)c0)OG2@QaAMTpLMt-<LEpO(A+fXy#>rMCHE|w1aP3Z%oKp}FNEQ|?7
zc|>n$loD35>+c|>4|nD3)cOTaFVA{<&9ckn36bXM4um33D6>CNhxfhk)#g8Qsprnn
z<xAVBv8TO;*5GN&A3y6YwTkEvNICsAMWB(f_NEkN0cH{rxe(M_DKr+bKj~^bUYVrN
z=H6Ea6YqTmcpdLE5B(;d@~67x^|1FSJRJ6L*u!BDhdmtjaCn&tINS;(!J}c1hWj<|
z(XdCut;1S36CMqFG+av_4gX2d@X`;z0UUm)m|%~FJsS3CxSP!$4R_ZAkA_PHJsP&j
zqv0ZXG`wMTkA|Cw^=R0mVULDw@@UwmKOGu=?g0E}PItTivDte7y6*oUzO3K>-ya?B
z`}-eHk^Xr1KOX-*0J#O!{XT$|l09yP^m#wPO4-lxJpn6&@9iA)?+x&NLhmPhjQ0kt
ztjRlqzm4A`aKAh8j}PVi)%cYMPjWTB_6e3p_<+iv;PO2bcUik%(((TM%;{&-m;<uz
zGea5TJwGcxMo4+cQu}_1_wUcoQ~>ZTh9p%8w+NBo+Zuj&`}&_?a%_nmHxJoY=NNU{
zpBs#=?cP;kdk#rrl%=xF<J#_ob7YB8_SXn1l^J!WVf)ltWDp53ntX=#>xollm3jY3
z_wOmFrat&D`;^MvUjEjN{|=824r||kIDWZz;PKy6q%R%+)n)U6L0|n7Sv90rf4l<k
zR>`Yjx_W`n2gudO)_~sZ0I1*|vw6(sG26pownzA)Ukf^WhWDI3#n<|}P~BtVs^@;Q
lSlbu(zU*)9{Rt4Ahbcb!<kO?4{|f*B|Nj*oiCzHq002L8%sl`A

literal 0
HcmV?d00001

diff --git a/assets/rancher-istio/rancher-istio-100.0.1+up1.10.4.tgz b/assets/rancher-istio/rancher-istio-100.0.1+up1.10.4.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..00a691df0d89460586a79907e70310520d713378
GIT binary patch
literal 20360
zcmV*UKwG~biwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMZ_cjGp)Fgm|J{T2A+%<1K}D9LN0@8-VeaXU%R^x|tfnKw5l
zPYsbJ2{A=504Q7O^!wYtgN+0??X7lCgfo-2NU%^S0EMbTp^D+i9|LO<E(mR3j4>15
z3{S$pY_W7YozCg;vHG{u=@kF%o*bY2rF+~xJUu-=Iy*l7OQ(Buc6#_1)Y&EybtT~f
zv%hpUZmZb2FQnioq5=y-Bi?Hu<YR$DI`VuhL<k<CZJY?&A`urj4135<mpg(((&E6T
zz*;^FzU_88UdQYFM-q3vqZ6-F3Cjm2$dEvg0;;SQ5FUqk){5{1dgzs$nU(eAdmdvS
zdPq&*7N2nelghf3_fSZp<e~Cy%;=N^z+0m!>!Aq5J!N+!8hHw?N2oU?Oe8pzJtjW1
zr`-Vv+^qy=X*31K35|N_$$x!|4!u*a)9O5_{sKb4988CEOR}c^ZwYY0TYjAM&{?-r
z-RHF01SXWtdg$<|d;Eq}))liDddLqGE`YTJrD0{YgtUA*iD?9pFjQ~gnEYhBI_)-a
z9H&3KUbo{NHv-^3Be77=&d~sK;_Gom97GZ$F~$O!NygDV5o09ApyB%>^w2d7fgwTB
zScsVS+HE^9?GOv#qTN7fNEr%1U=nh#L44Vkt?f&`#yvw>HLW=Z!P_AnQEq_o>8NoB
zvwO+{-fOg+Y0zjP5)B#Vf+fC47&NLzDjjdV7P@LJsQ!QMMLwtG`TrD$3Gi)i01Np4
z@lp4z!2gdA4?BDQzl%brz(PFxj)c%d&1OU3QMzmo4sJjQ5{=~2^5K=;1O!U}-IFjx
z3?_66YOVTX@bA<bR8t9=)qwsJb-h#X0pTdn-$Ya(9N}>GJD?d&m|gdl`Jk8)s@A%B
z(a5(xlw7#cFfW10ZHqxnIT4D<nHjAYbt|pbK*;G^%hWn<AarnG`0pFS7-a}EKt7Fz
zWRx(yGdkT$;t|6Ea1W_3ErD_nJc#fhl)GF;DIX`?Ff`dU`D2hoK?ngN5h4>j0*;1^
zPU`TNU&X+Nbb@eX(LgOE#)KpJzW{KkaFWPk!bUjO+?9K1E}9auA}X2yj<`Y6U>$}C
z9t5xmhv7`t91$^22I?CSzUI?%qah3eq`9i6M#O1J4iQ2rRrClN@+klud>RG(CIpBj
zXqH3>Bd&h>bTW~X=e_><pKjg%;_qd39ES8B2{Hls3m(8nB$5-TK*E>?W|tTwqmg9n
zNdK)7bRqXpr_ne#c#8#@0^&&=QzrDs5l1)(^uTq!uN#3DoeJG+3^0e>b2%9r4L>3k
zwX3J_L{SfdR<0v0KO*_r+(0O#qt`HnuqSsaDK)@@A0`33wK9^zu~ih5TIenrfc@Qo
z5d+S@#{%y0tg2TCX+hyF4d9A0A=hF3H>$@KpGX{nYnV_0Rg{ZKNJSN(C1|9+El{T+
zAcP4BHmd?UJuFO5Jx-&L4sd8>ViAIwB8pHiVThAZT*HWP2~{#qgknY?X1dxkh|1d2
zLsdOLl<G~NL_}->SfEk8qQOhTS)ydHza_y4L{+a5Vgu~!H!+Vd^CUSy|Bzxo;>kb>
zR5^Z?QwbXCM-{bkBF2W4f?)xpSr6feMzaY`xWYFM>1-m!OI6EEuYPGBTCUVLA~`o$
zGdck=hQ$0v$WOSSlfE2(;`4sO!X9c$!LZj(MfC}dB!NjZYGnY7*z3O3!|(B_-}|QX
zO{Zy^*gj0buur0q?E{JWW_QfvZ>o9js#cJ?r>9?^wtvMi0;VC37#`vXFM?Qsz4>xJ
z>R&HSjHSUf93qs4-=~p)2XTePxQCi)Pd~Rf^~IIE{4Zb<D}}1vA43=e<DQ5&Rs|Nw
z|DBVQqk{Z@dUSHMm;ZNBK743DN0$*#7@*XiBIQYLMKe4B1XEzM`!O&;&)XkAHa>i4
z$(@BnfSOu)PQPuU*2j+xgk%-(T1$amDutjw?2cqUG>cw;CBK0vP=Dvz(3Se;(>^mB
zZ}t@#BJU@yyy}hH+AJzJ?DVskkw^?t^RK+!Tnhk5vDyA;mV4p;{key_ved1A985^m
zVl;%!tpSVdzo*^P;`%>3KH0DTU6fX<l{4T;`OlL=8fD~nrTuz$UvrPp_O#o$BT>*p
z7g}z(rXe&YAaH<%5-UPHfY69t^<eO5#9)L4v;=LbS=K{MDI7}qL7UYyV^HtRGh^lb
z@B!HwTETZb^zmbZC81Sya7?~uG>KD5uw~Tx)T(R5YfclE3Xtl{0LKCt&mIWD$RH6g
z!4Vk(7ul;ZmRh`1S4uuOCOigzK%#&|qsn*LL#5V5K4edROQ^t=0Ma+vBh};dSGt1L
zlPRzP@1dWYBM{9OsCkctKbC)lgp1}cb!4hAfY*^K04_+RMmUcML{mB&k}yZdk<k*<
z2S#{@NHF4j%t-(~c0SCT-?Qfu&5+{21)w{fR(bOLNnJlV_z5Fows=CgGdZRq@m*|V
z048fdB#5sqM%n0S8+_I43Oske{_FVv0CQ;R<<gqqc%w~Vk^FafTIBy{r^lyz{=bV-
zIJ_|&UXA-39OwAE%bZi2T1!rpmASMADJ#Yydg^^gLg3!_AswKmo^!nYy!p&K=Nc2_
zp+69b<SIvp=&_1YUu3CU|He456#;O;`ae28E}s9K9iHyxznzpV$$pi*!3tvs=15_r
zw%<l!E7rSfwmG_+ac(QNTY0)~>IWroWg%}ZFs2(D!>Jag)&ivlXj33nLeE-&Qmgu^
zkPgt@*Svl<1QWvLgfv>dI}ytbOcH?wiAMJ@7*l$eKetmgrZ^<Q+&YUoiemx~0wReN
zuf;^$ne9Vmxge?qujczXpDcw`toxUNF5?tnn9zuW&{Z?zdg*t2NFp4P-?g;fvUYdS
zzZk?J@o@@>3oKxmgyz9QToXaLk3)UpR=`nl8yX25#x$@sH5!ZHX0~I`rwl0fd^#z&
zV6+BPy8w6uLXQOlETG(mlJ;k1pfL@C^h9N#PE?jbxt7OPOsH%NcJ#p9b2B=*znr>@
zkWt50#a7kom|#1*q9CTkP8gV`b0-z)xFtvSM;ji%*T3Z6!UaTPO2cFVeu&A0TRz0n
z`IPB(=@0DtG>MiXYH5s=z0p1Jblm{T18G^JquDu4CLI2K1<obpKQp1$7XugRf5#`C
zy!?0AIqjV7<-c8&l34dQJ=)6~1s98fJQ@57zEDney1g5{#Lx8-ul;ak;~x#-8io>+
zvbb8`h~*}8I{I(R0P5C11Vn7f{J(_#|F~%XKke-O|8`P7ul--nvV!@4`PH6Z&=S<%
z`oFjS@2&qUl{)^f7nL88R?IiE{x9bLXNN`pe|FqG-t+%mlxpV*#lABKK*??0O+xEi
z=_MGwEnLyy#;m9-t&f!@!<fgdbY`v0@FnMyu#~&+6(ds;!U!(8k3+2QmKZ0)A=mPp
zSzVGf_0V+^o%8cZs)=LD#aqqgGRH^x`bQ3|_A3srNt8U)zfa;ggb73fhk0I8s;ZUY
z%pk|C5h6W!QA~6ai`h%UjG2ThZ@0!8JGLv=Z+lQ2nR^*I+Dhg*kvxw<rY^{S*C-76
z&0l`DCSA5q5G{kOWTYszxQ>a!x*C1_xXSvU&;PB*`LA@a!5*;a{O9!Otf>DVp6<_o
zcT(IHGm!FOwmSY!2X)H5FTxGfbc71GP7!L3A)I)8+#XYU*OWU97q*2L>W8`UQm);)
z2QnIqW)C%6C(VlY0fZo+rPp7xhXydD3|i`)vicGly->e+;`;yr1nE{Y!2TT_4quar
zR8+bRly=TIv736b6t>coK3?^$8$}3NBxgSl3FfZMN#Y)Ab`Q@yb(PTiR_n@<WgND0
zQ(wyQd^%}5$Y^e0-QZ~?Fo}TWzMM0rwy3*Fg>kL*$CTsy;X@@2>?H>D@nf&Diol}`
zU8L?NOnc5xi|zI0>&x?-%l_N*H<!+9gw*Xtg=x<5G!N85d3AI9>Yajdb9H`E2WatB
zF2eop-Sx#~|JB=@+w<42>(DcOcQ3ZNp0Ucwy@~!%3SSNWmI`lPU0=Vu?q9w=|J&=!
zmkSzPG$-e_cyoF2?(NH){>|&l%d4duQunL8+yyVwO0E%e%S&pj?E#6}eB6A|Z23w{
zwFR@0QfJ!<XYG*sIBerMZtJ_nyv>rx<Kx^HTF!c-&Jn7nl5ud-)pA{$$Zz!R0@aA#
z4+nBi$&D~qmnQ>Vv%XS+H#oO0t7&a2EQ6V?YOEXe*v+q4Vi=B$x*X9`;kB1*f3Dlm
zD%4p>o0SkSP#U%U=Q)w{ZH?_%*VMAvg}#%LwVvq|sN3o09~((Id(J>gB0}p<J@gi)
zz&^c6U^)43GaJAn{lD8So&Ox3?d89nl-=t8n;!63aVxgUzjGrjr_{R-UtL|~A6&h9
z>D;@`>-}0)fAS{bLh0*oX>?7gcv95=O+BmAKbfQd7ePMJPjNJI1wQ2npYezZe(0go
zlar&9qCI1Ca13zpE(&L|W6JeXNpl%Va-6?~o}_&BiG89?7EjjHIrru9l==LBbKCD<
zmeBtXPYz4xf5-d#e>*8_@&AoYj_K_BEat|n^)*b5Iz)mw%4!)Qv4zvxOM)@}bsNK(
zkOyGve@<gySWwoI)KgIemi{(azg2U<*CLUmK3yMwpE3v{zRveX+1{erc!Np3hRN7%
zZ5?xQvELiYbnA3`@p+DwNQRURNDx4DGvmGpbI!%Z!=9WVq(mWC_DKaIS3c4rRVq;_
zit30qFBy$5aEu2eB!XB1Ys*f}iBVB>Y~&Qa+7?$8;x;&q+6skoM_6;ttzt&yB8Q-O
z))mnE=pM7+{OVP~RrDtX`Xa<+vX?MFahWgwCDArcfELJqho{B(pNE~(!@d9KPRjb{
zKk3}~L?=KD%*o9bj(loPck0h_mO3rTQ^1z}dC5}eC0j7~r}Xcu#`-pX(Ebcy?K6Ns
z`4PaQIsteWeTPYyuuppXq;CJuPn69<04&)5J4eO%Plui3?mqtaPRjgsw{diUY>BNC
zAOKbIEB!tF7oLQbXy+pZILCUQo79i8)UAJOQL&dMH!%Y*lK+o8W&f|k{r&%)l*0N~
zaXVcXC6@zKUboHk1!HP^qia<#2X!f+#RV4J&Z{*v2ltvuhEZyVV)TIkPeptVp)xU=
z`clKWe25vS8|LW|*M~cpIS@>+&K4O(l)(#Rt)xBlk^+BA#pMIx;-icFO|Bgr%~HqW
zU+LhrL^;=g71Gk&tTjeEEzPO7?F<J6PGB|yaYdQvq3%iNn~r))A^~iQL-|bCW1xsb
zqEXs2Z5Vv5X@-98_vNtk?~(zq2n6tcOoM)^?et^HL|=BwO3>KXmbg2BI2BVy@X$j~
zyyq?5BZ;j&8npElA_1d?kDAp8sM`If-hVu6E{k_c`68wa;t=~*DAc4g1CV~R3UR8a
zF{cgtNy)&v>FP25!8ZHCCtE>j3)v#drm)RP;dEJ24#)8?>nt{RX}yYGXhl*2RAHQd
zS#pIHSCU#MV<BQExNOCWdGxUvcTpDX|K>ntvqRuT@_+ZNc>a5KwzvQ7rc_G!g+nu!
z7u9?6tjdQzchC3bFLT!al)(MY?tdSb;=i6A?e+hil+SzrTh6jA-T#)L_V>T{_rKTd
z^kcXTUXS#rTmO0fe|>rW^3A0;3AWnCeE#3<oE81QyGKWzz5n-4$^p7IGeGC#QyD-T
zjduw{KdUFdJT0Z%dxo-<O7{%MJeRBw4M>F9%pUM@L?VP0qnx2JgcGE4$Gku!^20>(
zH-sZ==S4#j0-`FWT9(*JYNR1Nm~eS^KWQ{>K&KwVaol2ng9)evO?MH!j}YNJ0j|=H
z1rReZ%gt*v4i1pHbEO`kYwhc!!{Rj#4h{}970^qFAqpT;E4)>k`%-tvsgP-%`W2!K
zQ85OFu2Q>>C80vWv}&+w+@`6|bapLwi5iG1MWUqU3zbStRvS`DEY+wvT5Y_4|GuF}
zZo%b2{bxuuRoZme7Gr4VnSpBQzfenGlGNELbrOeGl+Pn2+tFS4(H_alPJm7;k#96T
zwB^XBjDau0*$XtI37RBaWUmXKrAgt^3K@9=XPnSe4p8-6&J4*-5gq1UJoC`4Nuf3X
zouy5-?gV2*5$Ggo13-9+Nr(p_$XQKUVDhpt8UqVwXpoRFs2DV=-Aok{DrX)Jy+-5t
z^H)RFbCX8Tq9xG9^-J9co^@PRQc2ug(1vt)h9FYfn#3qK8$e}Xd;Yxf{!;ywQBY5R
zy}AShdQx@u2T%DkSyOdYc3pKWvyA0>q`fWN>I{53ipcMPn#~@HsI~=}QIJw3La6yB
zT_!Iv9}g&IK~s{|W)5sR7Bg*^R#GSq<1y|w)r>>uK_K_gTge5~pE{K&W?=Y>?N)v~
zFoRyB(bD;>8ZGp9l|HD^xWxWg143i0(!8lDfWtiRv0NpaU1<h9*+DUeiKK!QPY~t^
z9%AJI=b<0XT6OYl%8C{^AU)LD{@xA<R|JI=D^IR6lZ8ulz0uG=6r<#7E(nUGEUa*x
z;0TXwn#I&HA+UlMngAaoF=jLwjU^if%x5+|VPFTvGi%$lo8yWH>dgj>Ppv&eN`IE+
zfX$^9ytsa8axi8~Um@e68xr|oFq2C-%c-b_U2ke6(rFUy&ZAddKvgcvG1eI@Ipl}b
z?s35jO+O3DSvo35;t-S2L$7i$<52Et5lVQ9>I;=o=Y8&g<y+<7`X1enA#(esn^Jik
zk@8yN!z9c#osNk^*b6tVt@>I|@Bc#2pTDI7de5Ju+rmcSexbKrjxguRL`@n^o0Jf0
zQ0!P)o@&P7O8F02mY;qr(X+#@$!N2D>Rb4db@~7*zGOo!V<V2Bj62BvT@sI@_f8_U
z?9ZDRd`}<Mye%4wc}8O5k4=J0$=|c^rFs+xfVj_a3;`O<T&fOc)>YhW6uOIgt@$|8
zi%l>*91{NpGHK@2>Kic}k1f+TiiC-|tEZ@58yPB+1Qdm2LWIUf_FhosnMQ`hcdDA{
zv<5+>vi)A+hl2po2;`1f6d-chPX%?yRrcAZkswh5DYIGBe>L=J*HdbEsL|+pl9eHB
zt&Vo&CG)tVLHbiIVmC=unkHHwM(7c_$B|GZQ-kTH&?ASL->7#cwSb@+xe6X;Rr3s<
znmV>QDc9y^Qh`xknhb@uV_Z*go47CydaJiAN!CG@cvepk!`vD4oGJMNeXmpKDI(vR
z6o3uGi?e#FHOp{{*%F=U@*X8Dv?;#~m7NXBh><#<pW}!q`~7YTjFAA)$B%B3!$K`Z
z9jB_w@b}?^ldI7)Xn88j>c@|&Nr}G1OmiGA`Ke|=I!b~@QO&ORE-vq1=-;_k-@j1A
zdSBDzdo%z!;)Vis6C&NtDke!f0A_IJQ{N;(+!E<+O2sAVZmaK#=vD1)lj3Fx%%`|X
zCaEc|(6XemNi?05lJ5&+l9wLqM#utMau{qKOBRdsl^zavz$;K(bHFMGXdWi>2Fjq7
zjgozk8zLiJTY=U5%1f;BL(n3tVfO*y#_AfN3Go?CN3v0nXb3kVJK;v)QbvI=Y>}uX
z_czmGUUXCP0O3kp`z^sC84@GD$BYJvI_S>?_MZ(5Gu1Mq$o>7jr<0GSxmamCpgwPR
zy~A#Mq!Vwqlw&6Z?Pn;Uexh#WSQ|$G0@#E^U~zKMR9l+Lnhpj#H2@ik>IL`Kwh-o3
z{>+lHO&j2X^Pl6xv*P*B@zFm1!){7y|I<px7h(BBuLQy&r&h)1y~cC&{Q1vHTFS6a
zZ3fStKkvzvtQU}yN)?yTGAkOY<ndYwrispaDivc5R4@Dm3tqKwj($sse}~jsf8jEq
z+>%Z#B9>XYoX%WfNKH~onamb@%BWtTSSwr%hS~<Daax1DOz=!|7x@OTRQJE5a>G?N
zlp$pkqaH?RED1$3iz8r>FnEz6A$il!lKW-!G7LsJJ1M?sQ<zT=y@xhLdUDBMC+%mR
z+%Ep1?6<F!{nkj-=Y)-LES0m%Xi6B3w6WGG-Izhj_^p<&=3azw`XOW=zHrzo70Rq<
z>{ceoT-hWjyZheG^Y^x%o#}`HR^}}=eW<deSSg=DOx4ClgdNaSy&8nzp?`wvfSe6?
zcJmsN2V+T6Xz&Ek&tqVaku{6>mJ-zdt1aK{qod=_;WM=XzjO@XhN9MvmL7be^epR~
zOO3GWoxU)J2yLDW)Rj^xn<!zz0(f7Bkm`3x(?<EqY3srH)hn&Hy*C$)-{%k1QWzd8
zF&}lXDa<62GY%pj+M1Yci$psI&fEZNH{7Y>CyYTP!Wm*o6qPKh=s&+jUGL0$(9^^k
ze<x(bu#jDvA$X8AqtSdS2)eMBj#*pHD5LKyJr^DXnvjSxYY;66KDI|fz$6yV?9G5`
zoFz~#H7H_a+PASClhIfp4xkOc9C0!sA(jBNbZgAULz+YZI#sr5Iz&lirUL|ZlWC?t
zm;XmO7~SPQM(RuTp9>lZMniNJ;t0}<@hGN2b`xGdYFTRa(1Z8jJ)nSsUUkX@?br)a
zJF}|iG^7k0sd2&3kVc3Lh$Tmm+l8@SF%WEK7i~s<>I3Jgdh#Y6h3o7%`Aq?=QU5i8
ztiAGQJs}4n9jS<z6+5z76tYVDuyfdLn|az&M78tZxKLz}n$NsO<6p*_qxMq6<v5_9
z?KTE6Uy0!ypMLYrf%+l&B1EF~&0+VOZ%)4Ho}s1#wD~N*F&TTTU1{15rHL<zY!X~e
zOJlLV)VnXX6ps8%^3B2}#tqw8Apf5n9v094Pmeo$|F4}C*Y~TK@i0AXGmc+M8hB?M
zwo~Wu%wJqP$;eq_-DS)<M=ms|npK4$xPC<Ded0%?_=OI`^S$vXvaaP-ALnb9!|&Dx
z_c1QxOE*-gI=`iS{2x={?rZ0+t+98w7g^<wS$T(<3oH`elJ9f(USoS@<glB2Ubs+_
zduw4z#(!7=?dwi0sINPPmk|v>zdGt3<=(li@QPNBkB{n`DZb1#^G#JV!jCH&IqDvF
z>U&du>$a1Bm$nmDb*6hVuRGaW9arfZCREH_LT<g{G*dSx=6$Rx<i8pxgIpD@g}&4#
z#A_3*zzt9wQ2!2?M`%+6h#8godlpqm_HdMgnMNyMFeRGbIB)GkT}5i&`glfn#6Wc)
zsWu;GZ*s2brEBCtRIv<^iDmHS^7g#{^6gFk;{59N$LmYS5fv2!!kUXI>eVR63s4p7
z$kyn5?xLo`EQWauOTN#Lui_rntyOZEisp)J%WY4GgUfaF?TS9S=}=`@ZW1BG1gKLG
z>w{$EYUSc&s7HMg5wU%I6xijE(p7VqRY&482wc(NWtwgDZz|hpd1BYs&H7r!5!Ps`
z5G}cYdj*RrFs4mNuA$eGS-*BjTfj9<TRe|RX1R?^U7sG#r)Ku)^sxAKfld{2jUx$d
zLL&*emO}DnZtB5<vZJO;o4f3^aMfPnT&$1&K#{q1|8)j7q@&j`g|H;c*%uWf^tt8X
zKU>M`f6Q@(-G=6;%cA>#hbP7JpOfR`z5ch8;<~)`8tRUWc9ZF$oU2-T+eSTAVw~kJ
zJ#}`|Yqve^GR*bKOCFd#EGdFB&ldo+wLUks{{2dR{c}8tLnrzVJg5hsIRD@2QE~mB
zo$T|!?xt+t{<FwpVlM4F>Pk3h<+T*&9$>=d<je<4PVZFZ>?NhUTKb{7bH(%F!2CGr
zp~FsRvX-$$_;Jf80tXPbMlAMQ)k^=@ozr=ilG7S9MJtG^pq(6@92K!WFUC+by$fj)
zcq2+jAt-x&NO8~_;1EYXu$EQ;RVaiAhYLqXIrh|#kB@~2p_RK1vLBpn4bG=u{}oq$
z%>Lb0m!NiF|3B;=ofPf=M@Rek|2rv#IIKPvIHV&_FKcyQI}vG|hhFU+xNp_zY9)ZN
z3f%1&*UD8W@1c-H$wTGan9(T-fVW0d=7!NpFQ{;D-c6xOm`2el!E{3NI3CjNsSCw=
zv=G`}$OtRGF`3s|nyFL~G#_^Fuz};)iP7O5op_x_06Ge)dYE2+!4aY{L?*D2jlHcL
zHgZ>f=s^C|QO#$@f2V<vpvZM|vZOSZyaXm8&s<}&Yay5;o(x*f&BXLVQ;^zD5s9p;
z*%Pis39m7x=@~%&h*@(Wtw#`F_A&D(y7zQNDH<q;*hmz=k#wG5E`YVg7$#s@8kbYu
zZ<EPLKj?>aMEkPl7;xal(Wr3;vwO+{r3~q4M=fOane1k~d>IWH=7J@@NEkFGm}DV?
zTL>nYghpFxNlf|wqnZ9lT|Acvr#jF-j7pWTFzcu7N5fUS(oM9rh-ix{w2~$2*x*d_
zYK|eC=%MG0)b+wl($CG@_GMw2v;RA8?whr-@ch41ivMzQw%`AEQV!6QVG@S!U5+P6
zU&&N1gZ9?y6McDWBAKoA?pJZ{o@9Qb2kG8Gqi}{Y7caSg46uK9k6EDfMJ$Nkdz6Qu
zy?|%^43*pPFp+FE^L;x&uZA_aMpU4tnzKy>Zyv7P)_l=8Kw=EhyxIyef$yA4yNFg|
zq25U(-$`}po^W_kgRH)n7c7Bj!XfY)MIb%ffrdlx-1Xz86an~{3`JA99U?9m7BHGg
z{QhNcW(ukTB_J$!K6M3<OaR@FvCz(f*EA7;e!PC24v+DLZ5$w`Tm~cKq?NgLBOgak
z1kxASv<n+e1i}KbBvSC75`pe%5(bTf)ZgnK6JhU78&O6#uCLsuw+1D}WVLrOL^rZ~
zas;V%w?;&uBz~su;c_|w8iDE_Pkol-01JbYgRr2D0~Ap8`~|}3>RO{G8@`9orxWlR
zT2x>Xr@q>wn~L~`b!N9SslDT)@1W}oF6y`sVc!R?TtXEvxz#uBVbEukiat$;R%zdj
zgT?{6(HBR|<-iG<5Z|HC#kKL~#te{guQgYd(&)@`wBJ%;uu&^gj48Jl%(Nf+V5UC$
zK~m(x$ZvYI$H3%-ZZvdkeMi!5Hqk-q3P3ozmsK+vG?fb*4LSQ%6z3Qs67<lAkLHJ(
zo#wZlotmuKijW_g8Lp65*J8Pzp}H}Js^kC40bZa%Vqe?)q$Z4=y3rp4n-Cq2(tLqn
z3T!6E>JFuBF?D|Tjnk<d9^I@RfD&jQN4j<EE3Pp}ZDq(z05S+6Bc+K{)qMV3szurT
zRC{TyZ^B)xd>KO(kHQ>UMpVw059VN%2JYW|90_6`XgR!}X-fKYbAHEr=;tR-elb?N
z?9p@eY#bY}3LKMuD%mxqKFEC>l4#VP9u7d@L+vr4?18#j*OYIaL?<fKGz3P|vBwDN
zkh32rVc3sN-23Kvc#mhinSZM@2TA;XvEC(C7fNl8{h}Ew$5b=Usg5Q`HgQu(M}2+G
zK`N>6Ae!mpP#<45Ni?MTspMk)A%QT+zB%l4PFtOBt8;kUJ?V9hd!3X2>74aC9YYvp
zLuY+C&3mY+lDW$P?5E*U&B8Ejpl^GlFBnP?X_z%#Q;%|{xMxpI3^wzC5z2^|_5BcY
zZfVfe0~8V;bDiKRGtQY6sYqR-nVps8mhBsDy;3a*8UnMG)R37eq)~JSZ%W|4FPC_K
zqNcS@`qe01;q1+s(7ADMkN_ef7mG&kzy~J!>P$)giW!+=0sT9enTL&#j!4uO^bR5w
zG@6Ve5{>#QP_5)jS}#|bXO+S4u+vdl8_aF@(!8_Jb?t9-#AeIy?f!8=Clf09hT-&z
zA>#>+Mq2TdO0^cqy+-DUbAWEteltt=9}`jGmD<JAdnfjGk#^}-A6DpaTI^2^{>GF0
zxO;q>cjP|)=IG@3sB?6vZ5kr9IdiH!#mp2y8D_FF8(@=OCrd182m5nN!GGQ|NB_%$
zfxdlrdwJuD2eDooi_ZU#kB^J-|2s$f`=2{0|I|XR6o!<{^1m|q$5{Ljjj{+fP+_1_
zSI{$&3mE$O!w2N)<Ad|mc8NZI{6)!N1IVJ?Xt_0u>G5+h8I^wg@#8P*)@P<E;$Vh2
zRhOckO6j$y#n*40rcExZUtS;s@Y@n}{n{Yte(T`;?BAL@Ew%ppV+dnl+!OISrl9%j
zzk7VrE#?0?JL>M&|1Qdh5AEk@N+vxO;6aK*Qi%I@BFW;9p@*KgKYna9WVObHiUWvn
zs{9R;Fq}Ej6ViY=azT5Ie}a^UB42$Z(CLv<y0c5QQc*|$$YRRLuaJ_hxl(ME#;0ur
zN^gH^wAGhyZ)9B+l_CcJnb)|bh?7YYY84;QJ=Qg?0b7M)<61qdv$-IKbqtF!)|xa8
z15~uWc<OGnwPo?VF-t`jD}G@OR9f$s+G#BUgzH)_8WPVUpcncm{+@7{+YhgyhU~+K
zmJVVFMuazqOP+<>REZCaN9t1?1?VaKmU+(CA!+o1XXt4JY3)*{ZLMe8#Z$IYTlWt=
zOXU2p37bL=<qvC7ssNy!Nu57)Gg#Yx)VH$V_97_G8%1<2rLHWZsj8Y0G-f0cL)82$
zZ~c`wbNf+YfBC~+k4DY^XrgAn>2^l`NhUYRa7Z3dv(>EZ(krFw4Aq6>F=Se6c7s*U
z<0-HK<)Aby)n|Rh_};1S(}<G*7zB%YYu$HqGpJ&ea*f)m%hpqKV9rNcgZDE0TMl(v
zm4mPKEv+Ii>Y}QoJ7_bDszFx1%*I$!JqbLWHYv7ecD41b`v2Orr9MmzEso1{o>Z9<
z?cB&IOIv@aXyGP{TkK__JJs3vPFm5?Cxg~tmQONjt!I@V#h8f}9cG4y(m2{scFT=q
zk;-;zd}Yqz)vD}$TaXLWT9RAYD%Hc7@l!AREF-4;@M%ctT@s@vj$_`QcAKdAGOf_8
z5_r>gpDCDSGP$S1E)P#(z2ZNb`{)ib&njVAZmLG<=?DaR`qcf%v*stWES{;3)BtHd
zb0$niz5-`ofJFJb8iuZ-x)d*yV`C=DLYShbdTuCf!@D(tt)~gh$JXL+j~W&+K*H0A
zwZ@Q9$qLIs$V%p`{Phntb<8YdYRWa6*&CI&9eve*fxhBu#+Dau8NRja7H*(?#Y-2D
zoQ9pNas`yWb@sMD{=dKSubS@Lr(bb*M|<8xP49Wree{3JN6lx2i$v*mzo1Rs;JU5k
zuPdcLOFzCc=J73!fHk%+F#=h`MQUVkszxAtyUh`(YI8RukP4(y4Y`I9JiJlCJD#Q&
zP$SwhA*J03_zXQAU=GC<E@f3JmW7sfyAIm3XKpVPWl$3=AIN&-(A25eEcLl8@w!##
zale--*K<SuDPuNL#%ycJMt3k<LaMViaL+M-S8}$Rx@DPtPQ`M!8IFSUFdpN#$pm#z
z*X#W~3=pGKEb6ZL#~S4;yIH7%%Ka<W$cyalW_3qp6Bjtv{&xhpcYgKCNL1YW0dv$;
zhs|DkRI2?Mo9=Wnz^mt4vu)fVD(Bit^t5Lw$Oonk1RlCoC%#It&FT#ijnLiK{D14?
zS{h{s^$Yh?(}tHG)Z~U^jQKxcmR(r37&V>hrI9Ja{FGy%yCa)wi;#Q1R0QfrXRG64
zj<e(v|J1`%JULr#l*(V#4_2}64#!OKx=%A^`Z&+YpRtVl#9|>d=a*5*zzTIL2w$#H
zVSuSJ$gj}-oD-4_Aef^;Q|%B<b<~jA1EmPyIy0>@XJwn7ZL^X#xf&I+hhq%OS9MS_
zl0`0ia^@(M7Ziq=gsAy1nxKFL$|PtI&$*V63dgIbtriDkLCm0k>v`TY5B-w}6SY!@
zEPi1PpBlvi@zbD(_mtgv=#nUtr-ZJ(gqRu|i~=%L0rraDPYG7=HAXqQNPJ8HPp`aK
z^3$$F`%kmR$q>yMp1g4Sg$xfo#3AvC2xo{y0nxVgNJn4J!%Cy!uQq0tqPn{Z>sh2(
z#7pzZZ0Xj9HK<s(CR&BL%TXPwrfi69H`fA?vqCnTwMND-Hiz(1=YKxdc~#c*1z&Xj
ze{$R{od0z@$H)8gzg?6~S#2?YXqF|^`k_{&GOsm>ySCJiA6s_bl~RLNOC<Req^f6?
zt%Rw;JqufMtO4NStxX#ee*gmK2|%J>!51lx=><2>^ISgnxd(VbS#JHSv7F#|JqEDo
z{^#l0S#kXz9`F5sc2Yj&`rXyCwaA(LzS?X0j}%(_IeJ5N;y)t-sO%nO5{I+A%RFjH
z@rlI9hJn9>nUhgY1!Grf&4z{VlrEAQPW=h$eT(RXq@pKkx+mUE)GQu?H%(tN`7tMs
zwRPq$=i-8voVcS@4wdk(9pGckIU>TwlFkq%5%RI|QP*VE2_$6Yd?)&{4^m+K%AYs}
zZru|b;;m*pQ>1U`B)xA?BAO)W2qKW8XrS?)n2RMUD7!Wa_&9ulhKx>9TGr!fqR_cY
z@zd(LRI2CYbhUi%m0aD-l*t;H1(kCV#B4V~O+O?Mi9QMXF@qs_sBObpU~|B`!<BQD
z*br`|<*kmw6*j%)V3+Mhi<&5ZF|Q@ZCXJdoOLt8>wU+UDt(eu-%nZym&`XBsJX8~Y
zP0sED+mnLE#{7S&{XaX+YOBQFD~bV&_WzTT|L@_+e*fQ1u_muNHd#LC*3+{nH_VN|
zpe2fme6JO<g_>Y%NDgbr4K{+2AVSLTm$GH_Mqk}%AQTYp(<!ibQ4cj0T73<%pTvSp
zR4fZ3U}COuY4@O9?40Hm4LHhb>uXXt;yrY1e(IYdZ*}#WMr4shy4BZf7`|`Tws;<@
zq|Oka2}~%P+3%Bxh#qPVW&-%isAy1qY+=_UrQndLhdQ+w{s1^eocs>kL~RT>?z=$O
zLhZ+x3kG<CurJ6|-2jY0W!@<wc3O{^x%ARc46wfc(AV%*9m^CQL50dBqr)X_fC~Gq
zuV58O&thJQn}B-cUefz$3)Bh;7g7f72PwSu3FhGR!|m<W8Wc;>84D4+II-VWpxGB>
z0$6qbAJNrq01Nj2qt0Pz|L=58_WS=X%A?!=NA$C7{@+t)=Qq&`<kO-YFrs~X8F<0o
ze{uCAQa50i;XWp3P~VS}J_nyh0nc;l3cf509*r1`@?qv$$Xu~)#x&4sU+UNu5FUqk
z_BIty>Y3^F%?*09tPC-?Qw+FL)$C@S15mwDf5Lu!PZ>=FiI(fbi1tUN4|a~Tl9`P7
zMQDWFDd3Jud)YosV8R6!T+4KNL_YU~`~D)=uSKKc_XCrmJY6v=7{ll5z*~3_==+Ox
zmy0_r5j+Ul#oa8GFGyb5m+h8S<v+c-Z`c0QJuRO99v+|V<G=5uJUaQ$28P+a2&nyg
zUYXdtjySkL&^y0+Wph5NbiQU+Dr^I0k6LCU&?iASCjAU-X|t=?6vl)LI%0UT+}5Cu
zn(Fq2Yx}ag&)+4H*7QF`&quUBH1Izy1#ByIMEI`o-q}{Me}_l)yK45jhJKiY2`kA3
z-NWUmGBlsh5!sfM4?aB!_QJ(uF01bU6XL6|$iP}%uj8Gzew|KQF{R-gnPAcW-#I)i
z?Efccd;hQ9lt;J!*G{nA$^@wi=<h$h$wY*||MUi3Q5x2r68$=z^asgs2uyS4zK>(<
z6XDoA7M>W<5NQzR1V_arSof^NLC6?iB(%-dN)ps7lr*g0_uTGT+H9e3b;SOx-E)l*
z8}zN-sIjHa>^JB?aoNWHzsMZ0X#YPuEb9L!oz6b~_fE<evHw4ot$)t0FUAaT!26*&
zwqCH!->MURSs9rxm)#YL4OQ<7HRt0PCNx^N#Xx<%YMZYq4j@1(1nu&BpQ+vt)z@`x
z);9WPJCf5@MJCJu*KNe-&bwtc?i=N_x~Tg;ou~k6TOff3CB95LOz^`NNHD<<kFxWd
ziEkV2|J`MF|0VoCPK)<Hj!*ac|8C0T-v7H_;O^gdw$}wxz<!(BZ&QDkZR!(?!u`Ux
zyA+AnZTnV#hPc2hjI(W9f3>*n#iOkt)efKd(p*~iWrebq{1-DiBq7KRdKp)cMfRW5
z)6=5-cih?gf9#|@PWjK7V4uYm<c&n)N+VI_7wo<-%7X*Up{KcWX1ibHE1WPDY$u#&
zEUEOEP_3!@>RZ<LH7H{_F{ytRoFUX)KZ&-0jy{=5qRr9KyJh}ZW!_#{ISy+yIKdC=
zH7X^sO&Zq1#d>WU!DOxGFRT!a#(?8>MN)-LNi0|Qv=)e`H9|6e*cv`^WY)(-#T?!i
zDoSZvjLRnzzc$+cAH1cm0x#JAyJttm`#;C0-M#&1C*^VP{}0~hxeC1T{y*|1(~Cn8
z(C0p$LNs!Z@)w8$|Ds7WLf>B?_XhA>Z_1-uJ~Q(BGYPJ5LTxAq$`m7&&amE}axNcC
zv8>vm)<tN&4O5vAwnndtk=uk$DRwK<Y2Fmt(k`(o|Bq+@zpj`Re4+k#a#HmFKi%j5
z-c5OQ{9jM7&t&s|O9Sv!>t-V`59)0H8d-B&y+6iL5V}s;i!Ki6d-LYAWhBQ1?XAL<
zOyf0I<d<mOez{)rms73p(inw!v=q;thZ9I}5?VjRqs<ugc!l^B)&BYhCmoYQPE{3|
z!l=R<+vd4FOfVo;IcZ2$mt{LxspQx6Z#(Btn{@Adib*Kh)F<mBwk_<Yqo3aDzUuz}
zTY}kLvYG&}NdG(T6#f5>I%l2z{=bXz==Ogz!9I)H_usnhDvj^IQ?wR&_N{29oI(^(
zwvnN7V}q2z!HuPqa6DSb<mR9g(WtdOlp-3fgqE2GJ=83k6ZR*W`LZhi=doPC14_j*
zH@|dQ!2dg^oznfUqr-jtznzpv$NwuP*k@7(ZxklzZ<LC;H^7_?p}=>luCYBb2DI7w
zUrr2MwEj;{i}}Bgk52dTzjjg{`TBosOMi`3|Hu}6p=_}J1)ca<EWrX6uK$zb`akKM
zobA{DF3MwG|9XNwCKhn3Fj~X~G~SPU-P^M2`WIu$B7w<bsXr@=>_44uas3}1clP$5
zos>tn{?iHenb!TS)4pBx_EFt2kTF&mAGZk&lCTu)p~fW9^}6+z6mxgd0l3I)U5iPT
zrQ}QCPy6y|%gX$JS)tD<3;6$0r{w>AczU+i|8`OyAOHWHLf@@zyiVTBv3-qdp95E^
z^7=jlEFf6={Qt&$h|Gt}*u@vNxr(LU_yAa7>$Gp20gTuAstBYMVDKyWYm&fzJD&!%
zIQ(rUfFlm&U_C@E8;{taq%({5C9JK5RGt^S_pNz1uVV~+Ak*^g%5^(u;q9=4^%0{L
zN(dOEY$@?5-xc-U<{=c<AE6sy(-6e!9pL)I-SuEED*l_6Rpq}aF!9jR`RbOH0vF1E
zho$%r^3h)Y+d+AB@}E1wK9dyq6ENXDWKy91jV=^U^)>(|9(39ulg+V^4{6aAKn<M%
zk7>kVc~|xtJ3tW|3;1@vC;N&Klw&N$bvwtE^Dg^h0%A;Sg9W@v-!7n%@;%jFHdWa$
zXuLL=6yysDcpC{ZJ`a7?%gD8G3RlY)%V2U315W)rSS}Y=8IgN_u`w!xT0wtVr_eH9
z>eHKQ%_p~%mcXn|Qr{4}>jKzn4EF-wpR=qd|0#F-!Ln|^i{-yg$^T<-|JzM@r1GDg
zV2?`zyfj$NmjNyA=6()aM*7p&VI*kxqvbe$WqZ~8<6?mY2LS`l>*SA=0#3a}J&GX;
zNHjtd;2e)u*~`+N84!=HV_E8xZAj}`Z&SG271loi39RITH<Vh^z8jGRFA!HgYj^J%
z5dw;7ZZ_)iKl31W*y+9C_opuF$$v|`{;IOj|L?eH|2sN5>F(vfU6e;E|9w8!-=gTZ
zs@HG#@%#L`Wxe&k)U}_qEYknFXQlOja<upV+evw(>;E%e`>E0Wt|$!`D1H*@ewy-o
zfyVcv)P=T?GSO*TUyj_KZC}D%=5V{>Gck*6Kf5*W=Fw&8#OYO(M{DOw{u~|t?*tOa
z#VS~`zrV>3`|gKdPN$_}i%5i2AGR|2H8lbV@$5@q0@uK4!hGPl$nZ<jfkZ#@M?4|E
z6uIcnQr46I%%-{}|Br6B?EkU9|FxU)Naa7>{^ODWZxoy*{6BPqEBb#J=-c=IFxdQi
z_<y8S+PeQoN~W#)fA}=0-4HJsqYSw<K094E_8Y05`qiSyGMKFGH)0Uk$Zy1;vQ@tk
zgV%<BBRR~r=r`hGxAz<QGnD1zKZrv*o2=mSn=A9>zwSx5<p0|}KH2+!?4%UsI2^~k
zJ+&g+%XHu?B()D8Y9y^;5{62FM4lGURu$ql6XPHbiI2H%>n9v0z&&RM+xNOr4k7r0
zGTrP13xE9D!DAjK_S4rD7@ZpE>XOZ9rhzdUh9nyO7zbE@g+IX$Hwha-4|TIAKSpVw
zN&8$V)_d)OkP@m{qXvCvjI!Ng`EimZ%=LcNk@z|TWIi2MjX_L<zW%&eU(kQyNx0yf
zIqjK!$jD|<L`7aSD`90iqjyB!2d(C~U}JT-GlqmqrH1<qt4&a_#1ZZCm14?7ZvGWo
zk?+wT=(mIlDD@!Zutf7i9P$P2H=FgOK`2$zjNZe0XhdJAr%R5YL*CVf(fx3_v9ya@
z{S9nNd^q=&^#68^IX<Ubj8I0z%p|IjUuK`#mlyI~+U}B2N~2vGl6tJj1dpH}Ct)Zx
zHwMC?w|aM#gyD^T<MJ(rqY<nMu$8e5ZvnQs2R@AiCJ``44N~p&Q1iowlvAN5pK$?`
zegH$9grd)2M7UrxJwmlSn{py3o1u>%d)0LW9-)sPvnihv=8A^IpVf_(LyA~cM1LTI
z8fu=0_jtye?!;V&ry`Z(5=TMCg<7cDrm--hmilkgecAG9G$f<kGhNNRF$YI&{Y%MZ
zS!E7>qGl?M1U!hWS%h#H()%k$rX++BTyh_W3Q!Lzj^fmeZKa_6jsXtdMd9q4Qt=%L
zL62z<Nv7ylOQLiBmPWE#;iY6z+@*&mERIP_zH)%16YHvms~T=<N9|Awm2>u?#T?%v
zBXy$IB(?V}jZlHjTg1NUeAAh`Uun9M2spoDbO7$SNnE~%+)yGEV=<mH8O=ZUFz7Q%
zh2E+KBa@qCI3y3K*={2A@nd@oI27aG^PpAVDuyGaXPwPZGIJtko)1j)ha?1RGjw5a
ze+-huKiuA4-ISmg_rT&8<qz^?M2JL05FEaQ5YKM3wX26t+}RC`&>($v)JflkWD5Hs
z_^d+!(X`AO&M$6X{dC!Xd;aF~=IZ?7(t$LU%kMizC;71%5(tB980Mdv=T~artjO%8
zI!dYC*YCdXzrOtG@^!I6y|L8@$8_`>rV#3Vpjip@yLZ=b&Tp%sR_s(E9gQ^P{*bZ>
z7PWwHU%k2PfA{M0^~*KeQ0Z<Im7JzfWm`ArZ?0ZnUiYuhZ%ZSxs2PqYaR{t0m84u}
zrZh|@@J7ma^^&_?Q++xG#z+8FEIi#ZISt*Ni6;X+0U(;{j32g4WUKm}vqKvQ?Lzg6
ziQigHM96RF)p%6y{N<rvx<$xwld6V*iS^-Yk#c?ux=yn+wih_Y0}>KJfP3dxuZ&@W
zdp}@~nv5m_JQ_p9$7Cq<AyacB>f=EY1-YqFMGsSJu0mBWzq9l}KeyGJhrJ~=rwmG_
zGj-<+6nY)yZ5c}~p!v&3&%-x3b{XsZ^_HG~Wdn5wvx?<schuaAQpdKl$maB8H35I4
z6{weji^8@RgN414j;xR?ui<K$z=f|&$lmfyLTT|Wtkw8pOGRPAkR+mF6QPI3a{O^v
zQdBmcU<G=W$FwjK73*8qDA*iovEI%c*_d5!zJ!V}>+B+wp{Es8!^5EzG-qB!19*m>
zE~*yO;Mu|&eH;n$%$Yp)Wvwt$hf&USKm$0h1XR!T^T3v7{7c~%)4ZLN25Vy{L2Vs5
zH3~%xBSAL7Qo~#t)fJ3%f`%rYrL)aD58X|;9#<DirD=2pjO3K*+f$0{1NrzSckHnU
zsXU-XXnCHuKL`F&%2MaQ;~1}X@N3GV`(Ne!&z;WkKL6)VN<H_GgU(~{tGxZH1sM4S
zj!A#2tH}@bG4c<Tk>6<~aCk+7^F&bY;}F=FbEd5Dy~S(<A~h#foth(cu2wiXUs)n*
zEaJ!M&}8TyTF(0^^8b=(#DK4u^*1XE{eO>(`F}fS$NT*6J1MSSwU#cSgycC#mwM{B
zrz}Ng5`nm<>`u83f6X=60f^LZ_>~6n__;-e!+{~p81sL?tcpI?^wPJ4l55PfT}4d?
zVyd>yXAbirdevv|$1ZGF%|AfjQHBhtRx~2f12X)bBN_(4kQn0#b-crl*FgyfefS8i
z0ru}83b<$BJmp}H)OfGm9uYB42A)qR?Ym?EECPqo=yuwK^8|SN=(u}&p#JvhM0T-t
zeDw9<@!2=WUq4%nqd^Qu0g}v&DHIKEt(Z|keHwc1V6A0eP_5e8?qyw4J{x(0<a|fw
zeOJV?hnniFrdc^st6|`{kF0@$gF&W>I6v*ax!&|gP5FIunVqnDvRCbmMS`&;1mlh`
z=cHAHVl2jv1H<a4dyY0~h?lnlDXZ5yPAksma}UCu(XfmiCb5_mD@&w@zXee`g~yav
zLbVku#<`^TIY0Ma!CyjIO8%ob5##kWz=ir>DgS5ZxU<jyxs$S~8Mz?&shQJP)%ytx
ztHeD$nF_FssQ2zX5n~+`bA55IHAlkRi5$ovAPju*<Mk`vYqVUJT0x%?!;#SUb9x9T
zf;N<k)_F9$@o5ak=>Msh>r(4K=J6-A{~Vqi7xTY#y8HZJyD5eBt1}~bY=C_)=J92w
zwYf`Jy_U<EGV;69B{I#;tmJDN!rzFB+PA?<j(NP~qGdD$W17J+`JT}vo`Yw@nrW`}
zDfQ}D@nrBT_`*n#8rV(FG1;;EXs7BTBV3Y-yCI*JhFdA|OvkiKY$NklP+#eHt6`CI
zcaVSs>!hmMAix_)YHb5kA>mM>n8v1H9=K92WD1h@^xX-;tcJ7LopwmsfCK?VH#6>w
z&~)#~^C$8h*E7|K_{v{9=M+1^4?T2xa&qMQ%}q#@-4>A}*F$d-F0Pa4oGVKImJkNP
zOGaaNTh|Srzkb~?j=4W_NDqJtV2sbMt(nKN)M6R;Rvt-|?+Az2BuXCg02Q$FNKQ7M
z#Bm5x!NXxT8@ERx$1SFnonWh9N>zGEn4YAJ>eNE&S9-+XLIJ&x?lB9_uU_eja)xpN
zk@!i0z6ddyIGgn6=JNGrsr_Fv*OpHs!DtwVID)O_f9srdiswIvXNUXye>*9=-;~^W
zRARPuVJHNl{j_Fk7THuzFK>G2=VtSl@@{1=$>evakZ|$EA9gRl{-*@)myh}4mPPXa
zY3cl@dvdhb|94W>SpOGc!UeDm*?^u-yIjP2qo3fI>zzIdVoD;xQ+c!<(oyy!X7pi}
zU-2We{i~HP|G3A(A1~8(%Db}G)F0+DvZS-&iy<&>c#hI0__k2couW((DU-5G9<I(K
zX)1D21PBiTBAq1i1#03r=2cAu7$!90U}&1z>2sY;-*bTl43m(TSnG1V9LR^2Bh6^^
zD;?-o%pa>k*MpWFOlsd&r8u_I+jZ{K3<LCY^SMH5<^D*r<_u$%G){@C=kr>WGlK2H
z#!S76HVOdC2Er<Es@7s)6|tnMpk>vv_+)d4QD}q+U|)NJ(y($W!$S;=*txs<P$psw
zkuXc!u+XY@1igcZf#im~az%b(0b}X?e***HBL9z0r)2*-+~@z>P5E5=|9<1&&c<&J
zssA)0Ky81wEDTh)vm3FXFc<-ZV8><0Vnc14djVqG0>r9={-p>Q`|_yE((>OxALgxN
z243j@aaxN1dw90@|KCYj)Bd~p(e5KM1Ml$YIM?g!47v6M`BV5g=NSH~>;Dtjf4iNN
zQvAo0)4lz7CuKAJZ(}y_*;cQs#Ll}zDdna<jlx-flHTTB)6kvwKVIiXkoB&91bky(
z{yoZ){9h_(pUVHYdv;p7|8=|p<PID0KmXfJ*|Pud{F`3~=$s=uMDJpVZX_Ud?47(o
z5kP<hRX1~5t$=X(K})uVW73-9kOYc{qx&&Lh(ugq6$KYf2}VCaI4Qf<RpFb8uZh^q
zaJi$)WZS<zrlD3|Qv0O$$-bCNLBbB005&0!@#JFwk<VtacIhOMzD;!*jNmq_W}}Q=
z8|QBcjrN=y!Df%v;MG;)Wv=mTASNv3GQJf5Hx}tncK^4O|FLs+v_JpZNhxy9lug>{
z`UNn`x?8s!#YVDoegFdJE2%fp$c>ZLT0Q)i8!@WlA|)BBE2~eJxWD&oQ7sj=6KCO!
z4E);qF8@iRgu{aX7U8g!u(0lypl%3#{Mc)^=iVdy@F9z_+^nj{C>3>Al0OYfz3R7y
z79T!5U5xOv${Uh(!&?~vOwGBf!0PjNys8h~WwLlTo&!|OV!J)690YaI%Zjyg-A=<j
zuYbwf#wrtjT-vzZh|R^ORd9TBd-?W42d=FP(4S5H6@o_BhKpXl-CV@zGWGIVD%ML$
zaa`FiH%wL#5FKc)ZwFHeUQ0+^b)UN8R;7IMxwpSReOX2RGocz+76TWZ{~UFT`v2ik
zXMg^)ld?$uvnItyF9z<p$y#Np^>0it&@#4{md}C}xWK~mpR=Q4{{Q{??~clWkq1Ts
zJq;m3PeV%Yk{C7T9RxK|(>XtBN|CtPeD(}=P)k|)B+RddG>HP#`xXVn7tRX~!oI9>
z)Je0(wkz_*HubGa2bxK7Q>W=UH8YcwY5l37H$sA!5~i;Ae-#kSRS_(4Tb5Ex-7k&R
zSN#|0D|jGWa7hOPGl$Vr_${rXx|YMl-sD8hYx~#5^-GR012iF=OS+*e#Z9eQ6p1k)
zpE8~9HIS%ZT))&wB+&qdl!0qO6=TBnOHU2s!tOagKKIn!mo1c~`2Rf&T2jGnrJl4a
z$$*RGztc{U{~w;6?(cu@q%4yXpi(}(NUu$oMZ;nefSm|{76qL+pojiYfbK~Y(0lKn
zmw)SDzk7H4?UVN1*SziP-HW>>Artz-$3leQnHsO8rrO3aX-~WD%$K`e*A1&G@wN&o
zrZDfRgjCwCTraIB|NGHI$EsZaf?=OTqxOZ`7&eIfqRXQ7f7a>b*MIl)bie+0Qwp|o
z9}67PkzECZw#O=Vg%h)|T!r!;3Q3eaIB(6olCOPWf(!`+J!GC%*K@dpnvE@;RIa)*
z(~Hj--t8<l6Sv5*a2%&UyDA=JBLMC*66*uLbM#w6{5vG4f<S-AFam~dH7qMF=@aOL
zYpDs4RD(#=q7k3~Ce&*nbSs4^!d1+@n9(3nX~)rT2@X~NJ#-C2U`Wt34Cej)z4xnX
z&!8^*hK7`(00br>_Zr6NX?ixz^`pBn^O(E-r<yZv$^aJWf2H_O-Lvk|KK}1cO3dh#
z1i*SoPs4_<Q%0KnN6khqTLAj-u~A6EpiIqKg`a;ZR=5Q=DOZxS`kj$6R6EvclzZ6F
zo3i0dA~fmvG-G(F4`i-Q{!o+eHn30Ai#H#na8b$z`fB)=iYo?Ohv+V)QI$v{gqc4!
z;l3xq>2VJoY6OnH={(pUaqOQShoFC&=HC{nhLlgD29*WYvQdH>n)p4PzS^WZP1#y|
zLKveAf>w@Iv@#adKuF+G%G?k-P#OPk1Z8*xx3d^@LN?^%2n_%=CorLG)>LPV%>fQZ
zz?zEfIBZRkq=AZ%dPvtVUNzByhk$1p+x$4`p>9WV@X7!=J)Kbw^0ZL&)y?(L$@ip@
z{&e#0s-ecd51hZDa<W_l4*toAfHzo$5Yipgm`w0PU(!rYh7-9s8^4qIjzse9ZwauO
zcEtGRxZ7<Q`K?ztR@Ou49P_B}(jzfr4S97X<xg`eseyJ+Prp8W#D>Ya{6EtG`)Ljp
z5pOyFf9Iqe|FgUI|Jzad@S*)Y&2D63Axps|9|k(0K5zRp@*x(yoliiFIVYp271N+4
z_lh=p-ZtJw0Srk5sOjcCGX53iR7h#mvV@UnbmNa9NJ0{gUX3D}KE8YaKT$GUSxa<5
zUe^F~0xHK$%3|AU@Tv})Y0**lYDrU%bY<!uxv#qM*0Au$mk%)m&hrWHO{P8N$dVsc
zxx3}^i~+-H!+PZ=qSR7gFP9|A7&z}>_5yu1#Ubi_TU4Yaa8#AUZ6wfB_01oMMB*9h
z<ZG$Gf)a97g8bTSQWcNBa;c>Z(Z++LfM~^*omR<#XcZc$B0|2=Tw+Q!3bt>B1aC_b
z-qJ?Xu0)$^U%%SvHfPGFC-o~1^P&N6p?e^svG#z-YGj?zixMK=$-BI}i9KiT)x|uo
zBXmIqc3q{N*)>m;uB%iMr;U3}MP{^uZEtRCrk@*g;X)%zFyd<Os8tED4TfH5Xc14Z
zUvo>&iiHf{S%M@A;Nb=OiU^pvt8ke?ZE4eLG3VP7OG~Z>*`haxWu<lOqe`Z)tLPP%
zuTWlvig{0Qs7}pz91?+=FPd{exO9??N-<&upkim4F1@c*JQOshAsx;Bk)w|DbpFJc
zHyal5<8`J(X{}^a!pZh1Yi0DWnJe>V%M$Ztg&DKNoT-{MYs{OaXU>ATQ!{%iA1^(F
zP`X)mJDoXmYBTwNS^aMeq155mQU8{>|J5z(e}`xL`0qO@E<@60wZ4&u`^*^Dv{yiN
zpm=i#P-&1$KZ_ZO#1J+A%G=Gg0D$%RkUyFkKGrM2{ktJG+Q#KWjH5sq>Qz2vI@FF4
z>OiYe(on7OUAwKdvbS1a(C1)pC7@I>a7>lx4<uL;`RMdW{YfS_$#6&>P_tFWRpWP|
zVy_^awlPe?aF!hvARNaEbFcAF(9l(VA={9>;Aj9oR_V6r1kgWH@mKeENFWTfqew_5
zMCc24%G=}VV5VsC^6ibROQI3tG5F8C#;YMR$0{0#Pa}azWE@2FGa}GE2}3jhlyHeB
zM_3_mu&pI+<`q~mn~KKYv`%e>rAY2ho39l5t`@jxR2@81N@ys#qu&hI+|!j2%vMS3
zue@1+rrTX*p4I(bSpQ4%f5+E*_0yn5_P@iEPSO9P)7jtu+DWO(Vp_^zI^X%Xyu#P^
z`^9mbyB%Rqr>smg21bNB7;pg^SLIBHRgcS!y4POvH!759``STd5h`|Nn9m*hq$0E<
zoG$9t(p_8FJ=0$CLYyp|1mI(qMyG3&=vVMXJ{KU;w^k+~#*paLfj+}A<Z>34E9q-3
z&F=Bx={L<HbJvGfS~bbtYx?k^c%`Je>L19>H(rpb?SRT+*fg-5CaY(xIo`}<b9KDc
zLrsZ=8O=E&kf(306%fr1>k2o>%zJ@H=;Oy`u~qjRvh0CWsFK$yAet6cWimwYTe0Qh
z@n3q#SI~$xasGDx^83r{{^ivVmv1hw&tI2St@1R<zP`CSf7`#geRqBS{bm35Ussov
zpBn_~TYvfL`tsuT-SxlvKb^n+u^LEQLut#^wiKv;T>fh=pgWi~7g+%;@QZh^Un{Wv
z|9N%wk5_N|KiuA4^{?Jt-&Qv9&2hI|h2xvcHxjcq=l^g2_WJzd@}~0Z@?_FSnqGFA
zS(sWD{(t{?dHt{c-_CC?`&Z|;KU6`N>^oba&XGU*_|ct_<u~Ta9covzGgYNXzmQBJ
z0?w}(9Y9`X9}5wG4<i2%nY5ej;!}O1Dw&M)h5-)9w!v?>u5^N#H#CVv!A4;RNlxHG
z`x9AR`(2pXS>$!L!|ADeHK$E0%w@7!t(3oZ50NXGR(_p7G`XG&#Kj!vOw)6Y(zI)*
z0d|@Jm}jc3`KDTDtw?UBTd)CKFZ8U>297x?kxV|m+$)tx33WThPLp09H<zc%*<Nc!
zCR8@_tT_#x97m;jSF=G^`Dl1hq*9$ThciQc`9Swtd-CZPTJh9x6mN6OVv{Z@H;YeU
z<=U6JvZVgEQ3l8b`rpyXNk#mpz5ch8vNVg_{F3Mwr6+#UxTs$gCAJ+NwWjkcCDdF3
z-ls`y_GOLShDkkZJNsyId45sDu}>NL?~*b!mn76l3;G470bN%9oBE$F|Nm*}{I_#_
zxIh2hNm)}BH0-)^z856LG6yf|gxluVsgb{QZ=h^dE7s91WmgMKbFGR`vq}})V);5m
zda2>Vho#7E>VH~Ac**s@Q3S{Z>;Leq9RK}jpZ|Y1WyRQ!_8Q`{E4DH;<2<ioJJBjb
z;91w{UY#3s&g%Giq`Oj#JlmrzFkTu9FEh(k)Q@sUdX<6WWHtA?k?TlZj69bQI;*cG
z6^}vZQAx`02lj3(nHXV<D_4^LQP-)^`PC~A-BKlsNo@E%j$;yy5KV-tXJ!u?VE+!H
z;03x@UL*+H8K<Zb7<k^Qfl2kPuC;cP0)TB!h^>sa#>`7^t2rL2)uDu|KUi(JS0umL
z(0v-}Mjp8uR=&BHj#R6rM=cXx(mgBsx=~tN>C@sWtc5#bv7d)~(y4-Lo)+OQKddGG
zKX?E4#t=@3a-ZL1k69%DpB$Z(?tkz1|J{@WbcKc7K{yf=>9N*v_6G?GRs5(J`*(N*
z+-n@@5C?|8bHv9GhG-Phf%c#w(ddO-d{~evs8d$wIgWzH0g7OxBPl$M84Sq-1n8cK
zG5TN6JoGLKXNX4XONo-yr%^~E@EYFBoBoZU3>pXMf=(thLO)&Hpnx#m@J2+m)qgem
z4R7!}Ypeg-2jfv&{>T30)2N*RlDkn7qag`_H=cX^K5jhs2KcV=+!GV|H)Ukhc>e!4
z4$x1S5t?xH>g6SGcqX}F!y^IUwyw_TuMKa?eHuXfOE|QeyZ)~)&tJZ|^d`Y(Z7kIP
zyWL{^m&3jOznfx3x<=z1UF*4EgT-ME0iuzT+>G4kL<i6jQ*yyks0ydzX(pk8C|_Y^
z@I*73C?8}d_kA1%HvJ|F2p5bD5&;345T8*SL&<A2{tG>S{+0^pJ%5gF#~_g+zKezx
zNL@Vc$HX7oKrER{^^h_rEQ^PJ<e>WYb3Wk9FHh$MXL*JK>L<$1sM-<~1)#G<fNj{t
rMfO?|K_xknD9mW$;-OyfeeBYG*_VCUdHFv900960r?)QI07wD=crsr(

literal 0
HcmV?d00001

diff --git a/assets/rancher-webhook/rancher-webhook-1.0.1+up0.2.1.tgz b/assets/rancher-webhook/rancher-webhook-1.0.1+up0.2.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..a0ee21619c781988b3bfc812195d7d8cdda12cd9
GIT binary patch
literal 2294
zcmV<S2nqKeiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI{{Z`(T3?zMi!K){P!yp=53j?)#e7ddIV=%UFn(zD%*gGE70
zW1A-wsU<15*{uKjLZT$gviy<OaZg*#O%i@-MDclMI73Df9?nrZpKvl4;=Xq^CsMl)
zBxWy;CZ6Ycqv0_B>3LrBr#Bk*U-(16KOA}&BX9V^^N0QO!3*$?r^0qgl_v6q_tnp8
zzT9^rgma;Zrh==$0tksFOw8PnXwA^2q8FmnbV@M_pja!d&E_<UkOyFEnWEj=gp(Lm
zLP89{6guibX^dMN3l#vPJpJ5SE0G~l=ww4ydX;O~A_@I~Qc=MJSoAHDB-Nju+jo5{
z!UTDQJfx@s%Yjhvi0ZsSND}HICliK|1z;YK6<Poi6QQUU@*x1*wjxxaq>1VGfiM~o
zP5JCHimA$;_D`b@OofCyqax^s1eMjU_M%kMcRknt|1>emKJWK$;(tL{it4xoun+&k
z;dvAP=YGG#|0#sVWQIXwaTklC*Ic0hn#=-Nn1u<DcOIvVjRm9OLjZ55w?dC4D&*R-
zW=u>7D`-Wt{4oFq^sjMBQl{^4MwKoA1uz#%-=h8`<b42B!W3Fo2EMFk0m`a84&$}r
zjCd?7k@y-JYTT?V^fg+vz3zQF!BDfj-n^*q_C2@%%n<yh(!{^UIAKJi>V2FeOHe9T
zCtpbgd+|SL+W*mL*xCP+$m62}5l$&bunjUlMh2Q6Wr0l_oaNHW8qz7aAB=%8*e*?S
zE2gV%iKJXl!Tvwhv%hEnWD2W4?3F&qqmAFK`WrP?x68-`nKA>AB-ymV<w(orj|}>n
zY{!3u2@?-7@~_?w?7@G(KN>age=)cicKAPq)O}@=B&xUYt$WI&0A5$$--=O_h-ea2
z9&r;lD#0+TRmd>ZLK-6*6CKXq<(M-C0IjG4D3@K)ulBr5*xC?V2LUM6$Ydc{8e`SV
zDKytiRpTfOCF<3<Wyx*ZJ36bL?Oa%MUNZhLP1ih{!VM{hD2T=sgo0~AIm(*G$QLW+
z$`^S5+vUx;rgHAF2Vg%wmij17;$*qBH@aTmUjFj#`s3B*`0dUC>YJb)<J?@`>>MTz
z<6WcNUfx{4A75TwHwSqmMO^<V08@%Ay2I&uX;D5VdLC43#;vxQRa@is!P(<uwa#`J
zI~SJA$H(g9=AGS@y9mo=uu-ka43^8Y>WS?jS<|QPHrpEmHkv?v{t_Xz+FTcNtrJz7
zpK3vkh13E3WjGvc^vOQ7v!~;$i;Ih@)`03pq`XaqI<^4ftd;pVJsl^#`&X*Ml0vya
z*~@-VK665py6l>lg?Jf;S^rij{v@{f6tdm^ClZ|~-%2_8Ckt7sG)hMbhR%fYi1OKC
zp1~gb@B96R|KA_>{m%ZML>i{7+CG=W4Y{Yh@)6{Ogf2<-TuAz#JZ|XTzfvw0E63r=
zER;LJ@E5a8_B#;HYPDIFy@$s~pgd%0w8NEm;lIEskC1B^8gtr+X#&`DWU;H}y{xAl
zz}mwa)y^lRv$?hdu={pPbpeSa=Vd#92~LG9AtEt<>`TLOX&53#7@0q(gffh*3_gV=
zBMJSR6lt<!RxN;yNj+o^RXX_tL&MQdF~s{dVzsu~DW@?#wYY6&r|wMb)x9l?p|%72
zY4%M&ihLRWKW#_2kN<~WlmGi8@4VyxQ^+CwzsW!cTZHeE`2A-g{*+<C$0hNr0DcFX
zlnJ9^4^p2)8~#;<tCdJ)h^9xJ>O9p{Oi3vCl+IGqQI%a5C?}@5(Y!fS&fj@`F~h6;
znrYh9vt5_MT_?t>v^;%=x_!K2CR;~MM5HiGCDjjkGm0%Er)vL8wXCzOPiL<RIh_Ch
z5R)$q1n%Sii+&^j*Y_@l7ajkfLZ0gXPlyiZD_{TbV)9guKg6B<(^!JRkt{(KAf1r#
zUQDO&XiRkggT0~8gFN&vpRQMB0J0uAJs<+Jse!}{NV*JZ{mS1E%2J72!<(zH(cZCZ
zK|H(uhKI)RR;zkXG_Tpv#P#f^8e3D|^&natlMErhgI(m6?U$7)ehIeY&>7E`4Hw#(
zij+rx&5zE!+-KfjZZX(jX3`Gl|3oFv#Q%fgV1xfJy8Q1+<f;5`NUyi>C#Xqj1;!$J
zUwCT<7M<U}^7~6>O(b1VhO^ZXme%twrtt0fYQ13m_Vubjru<U<Lt&9-%XSt4oZV%m
zm;B)@&%?c=JpH`AK1~vaF>*~<;gZ*z-lR(B%}q)}5<aVE(qhU3@GG{9$>#t@=jVfS
z3t*~DOzTL)NhHy)oITtLq2Ex3hVoZav6kg?;LIfO&N>JGKslWM3$MT_c6v{+1^dqb
zWSqaw|AYRhJO6hQc`E-`o_`~n{3CAyp2aNuNeF5?{`0urQO*JH!+*>9KflZWokmWO
z+dF2;t4u<WD5kuY<=UF#+IA9Sjes`!=cjQSw&TCB_eY?BefS^r2b<@AJN%zS)?m}L
z^!uT`2Bh^{J=MOaJg(&AzXnhqMAAggP&ZB|B~oY+3Kqa`SL0fax;&(`e!#HxAmF#2
z((g+4;{WOH{)X(szweEj@t=O*>+pXHIf`%JLGHVi?f5S@SkG_&N9WD^f1}ZPxBowh
zteyYgaS&m(1z6p5EiSlT)$<eE$zqkQu!^OX`|Z_3?{Go!Q=v@ZFf9Dyhlw@=gp4BB
z=8461Lc>)%^JTTVEf<h;*TWoDUiiJ*W!U^x1uvV_9GI!eZ&i7qJey+`mmbQ}>wl+o
zK^SiCMQYOlplF2G(`mk!fm^||aWsulr20LEf=4O<-+K<4ZQ?(i6RA}%Bnds*{{q;D
zfA3<${~w<F9sW-tJMYSSu4mP5z%SNozP0L|96@&B|5&krz5D->*YN*+Z`hsxJc&GU
z|6jkqL-Q+E8$ouC7&#=r(o_479VRc={tr9yn{_SWg66%Z?csysj#3vK=%kZQIyqSW
Q7XSeN|3F~Os{l*@06E^A{Qv*}

literal 0
HcmV?d00001

diff --git a/index.yaml b/index.yaml
index 5dcd7e292..9fe97f4aa 100644
--- a/index.yaml
+++ b/index.yaml
@@ -1,6 +1,29 @@
 apiVersion: v1
 entries:
   fleet:
+  - annotations:
+      catalog.cattle.io/auto-install: fleet-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/experimental: "true"
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-fleet-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1
+      catalog.cattle.io/release-name: fleet
+    apiVersion: v2
+    appVersion: 0.3.7
+    created: "2021-10-08T15:04:30.316709-07:00"
+    dependencies:
+    - condition: gitops.enabled
+      name: gitjob
+      repository: file://./charts/gitjob
+    description: Fleet Manager - GitOps at Scale
+    digest: ce396dafcedad05a55e8b4b408f738b0c7cd0b9473d00b89d32b269c4f775210
+    icon: https://charts.rancher.io/assets/logos/fleet.svg
+    name: fleet
+    urls:
+    - assets/fleet/fleet-100.0.1+up0.3.7.tgz
+    version: 100.0.1+up0.3.7
   - annotations:
       catalog.cattle.io/auto-install: fleet-crd=match
       catalog.cattle.io/certified: rancher
@@ -139,6 +162,22 @@ entries:
     - assets/fleet/fleet-0.3.000.tgz
     version: 0.3.000
   fleet-agent:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-fleet-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/release-name: fleet-agent
+    apiVersion: v2
+    appVersion: 0.3.7
+    created: "2021-10-08T15:04:30.321638-07:00"
+    description: Fleet Manager Agent - GitOps at Scale
+    digest: 7987910c8dd050d84e7a5bc20bc323652e85be1026507f507f626389712e4077
+    icon: https://charts.rancher.io/assets/logos/fleet.svg
+    name: fleet-agent
+    urls:
+    - assets/fleet-agent/fleet-agent-100.0.1+up0.3.7.tgz
+    version: 100.0.1+up0.3.7
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -252,6 +291,22 @@ entries:
     - assets/fleet-agent/fleet-agent-0.3.000.tgz
     version: 0.3.000
   fleet-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-fleet-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/release-name: fleet-crd
+    apiVersion: v2
+    appVersion: 0.3.7
+    created: "2021-10-08T15:04:30.332365-07:00"
+    description: Fleet Manager CustomResourceDefinitions
+    digest: fd052765600dae535ce53e13567dd528c5b143f948afc89a78f3483f051775c5
+    icon: https://charts.rancher.io/assets/logos/fleet.svg
+    name: fleet-crd
+    urls:
+    - assets/fleet-crd/fleet-crd-100.0.1+up0.3.7.tgz
+    version: 100.0.1+up0.3.7
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -363,6 +418,49 @@ entries:
     - assets/fleet-crd/fleet-crd-0.3.000.tgz
     version: 0.3.000
   longhorn:
+  - annotations:
+      catalog.cattle.io/auto-install: longhorn-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: Longhorn
+      catalog.cattle.io/namespace: longhorn-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/provides-gvr: longhorn.io/v1beta1
+      catalog.cattle.io/rancher-version: '>= 2.6.0-0'
+      catalog.cattle.io/release-name: longhorn
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/ui-component: longhorn
+    apiVersion: v1
+    appVersion: v1.2.2
+    created: "2021-10-08T15:04:30.365794-07:00"
+    description: Longhorn is a distributed block storage system for Kubernetes.
+    digest: 6a17d0267b137f60af34afb5c768d64d5f7ea06167edf6f838dffeb0ebd9c581
+    home: https://github.com/longhorn/longhorn
+    icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.png
+    keywords:
+    - longhorn
+    - storage
+    - distributed
+    - block
+    - device
+    - iscsi
+    - nfs
+    kubeVersion: '>=1.18.0-0'
+    maintainers:
+    - email: maintainers@longhorn.io
+      name: Longhorn maintainers
+    name: longhorn
+    sources:
+    - https://github.com/longhorn/longhorn
+    - https://github.com/longhorn/longhorn-engine
+    - https://github.com/longhorn/longhorn-instance-manager
+    - https://github.com/longhorn/longhorn-share-manager
+    - https://github.com/longhorn/longhorn-manager
+    - https://github.com/longhorn/longhorn-ui
+    - https://github.com/longhorn/longhorn-tests
+    - https://github.com/longhorn/backing-image-manager
+    urls:
+    - assets/longhorn-1.2/longhorn-100.1.0+up1.2.2.tgz
+    version: 100.1.0+up1.2.2
   - annotations:
       catalog.cattle.io/auto-install: longhorn-crd=match
       catalog.cattle.io/certified: rancher
@@ -614,6 +712,20 @@ entries:
     - assets/longhorn/longhorn-1.0.200.tgz
     version: 1.0.200
   longhorn-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: longhorn-system
+      catalog.cattle.io/release-name: longhorn-crd
+    apiVersion: v1
+    created: "2021-10-08T15:04:30.366357-07:00"
+    description: Installs the CRDs for longhorn.
+    digest: f8c89bdf20e883d664affebb6d0d8e8b647c7b93e747e68971ba99f2e8fe897e
+    name: longhorn-crd
+    type: application
+    urls:
+    - assets/longhorn-1.2/longhorn-crd-100.1.0+up1.2.2.tgz
+    version: 100.1.0+up1.2.2
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -699,6 +811,28 @@ entries:
     - assets/longhorn/longhorn-crd-1.0.200.tgz
     version: 1.0.200
   rancher-aks-operator:
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-aks-operator-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/provides-gvr: aksclusterconfigs.aks.cattle.io/v1
+      catalog.cattle.io/rancher-version: '>= 2.6.0-alpha'
+      catalog.cattle.io/release-name: rancher-aks-operator
+      catalog.cattle.io/scope: management
+    apiVersion: v2
+    appVersion: 1.0.2
+    created: "2021-10-08T15:04:30.367724-07:00"
+    description: A Helm chart for provisioning AKS clusters
+    digest: 756963b5366daa89106db55c19e21069361cfd4f166260b8bebae8508464ac5a
+    home: https://github.com/rancher/aks-operator
+    name: rancher-aks-operator
+    sources:
+    - https://github.com/rancher/aks-operator
+    urls:
+    - assets/rancher-aks-operator/rancher-aks-operator-100.0.1+up1.0.2.tgz
+    version: 100.0.1+up1.0.2
   - annotations:
       catalog.cattle.io/auto-install: rancher-aks-operator-crd=match
       catalog.cattle.io/certified: rancher
@@ -722,6 +856,21 @@ entries:
     - assets/rancher-aks-operator/rancher-aks-operator-100.0.0+up1.0.1.tgz
     version: 100.0.0+up1.0.1
   rancher-aks-operator-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/release-name: rancher-aks-operator-crd
+    apiVersion: v2
+    appVersion: 1.0.2
+    created: "2021-10-08T15:04:30.368452-07:00"
+    description: AKS Operator CustomResourceDefinitions
+    digest: 0361a5d82f025056d5b76691fbe158a3f73499b40e3179ef2a75361d9f455f30
+    name: rancher-aks-operator-crd
+    urls:
+    - assets/rancher-aks-operator-crd/rancher-aks-operator-crd-100.0.1+up1.0.2.tgz
+    version: 100.0.1+up1.0.2
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -794,6 +943,32 @@ entries:
     - assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100.tgz
     version: 1.0.100
   rancher-backup:
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-backup-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: Rancher Backups
+      catalog.cattle.io/namespace: cattle-resources-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1
+      catalog.cattle.io/rancher-version: '>=2.6.0-0'
+      catalog.cattle.io/release-name: rancher-backup
+      catalog.cattle.io/scope: management
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/ui-component: rancher-backup
+    apiVersion: v2
+    appVersion: 2.0.1
+    created: "2021-10-08T15:04:30.379118-07:00"
+    description: Provides ability to back up and restore the Rancher application running
+      on any Kubernetes cluster
+    digest: a4bde8a1e5098ef43a6e4754b7ff066f32389fa5ad9e5df4fbe679caac483e63
+    icon: https://charts.rancher.io/assets/logos/backup-restore.svg
+    keywords:
+    - applications
+    - infrastructure
+    name: rancher-backup
+    urls:
+    - assets/rancher-backup/rancher-backup-2.0.1.tgz
+    version: 2.0.1
   - annotations:
       catalog.cattle.io/auto-install: rancher-backup-crd=match
       catalog.cattle.io/certified: rancher
@@ -945,6 +1120,21 @@ entries:
     - assets/rancher-backup/rancher-backup-1.0.200.tgz
     version: 1.0.200
   rancher-backup-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-resources-system
+      catalog.cattle.io/release-name: rancher-backup-crd
+    apiVersion: v2
+    appVersion: 2.0.1
+    created: "2021-10-08T15:04:30.38197-07:00"
+    description: Installs the CRDs for rancher-backup.
+    digest: 8eb03a61506b7feb4cd6a8322551868b32422fceea5aba923f2e057cb925810b
+    name: rancher-backup-crd
+    type: application
+    urls:
+    - assets/rancher-backup-crd/rancher-backup-crd-2.0.1.tgz
+    version: 2.0.1
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -1036,6 +1226,30 @@ entries:
     - assets/rancher-backup/rancher-backup-crd-1.0.200.tgz
     version: 1.0.200
   rancher-cis-benchmark:
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: CIS Benchmark
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+      catalog.cattle.io/rancher-version: '>= 2.6.0-0'
+      catalog.cattle.io/release-name: rancher-cis-benchmark
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/ui-component: rancher-cis-benchmark
+    apiVersion: v1
+    appVersion: v1.0.6
+    created: "2021-10-08T15:04:30.389899-07:00"
+    description: The cis-operator enables running CIS benchmark security scans on
+      a kubernetes cluster
+    digest: 4168cc0bbd8836fd793f547607a7c3b7dcff91653ad6e167795befe1c44187f9
+    icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+    keywords:
+    - security
+    name: rancher-cis-benchmark
+    urls:
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.1.tgz
+    version: 2.0.1
   - annotations:
       catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
       catalog.cattle.io/certified: rancher
@@ -1175,6 +1389,20 @@ entries:
     - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz
     version: 1.0.100
   rancher-cis-benchmark-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+    apiVersion: v1
+    created: "2021-10-08T15:04:30.392225-07:00"
+    description: Installs the CRDs for rancher-cis-benchmark.
+    digest: a07236a3f8c025600416189c5cc60a309be12c00b39b9d3b1f58af8c0b4b36ac
+    name: rancher-cis-benchmark-crd
+    type: application
+    urls:
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-2.0.1.tgz
+    version: 2.0.1
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -1411,6 +1639,33 @@ entries:
     - assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.400.tgz
     version: 0.1.400
   rancher-gatekeeper:
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: OPA Gatekeeper
+      catalog.cattle.io/namespace: cattle-gatekeeper-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1
+      catalog.cattle.io/release-name: rancher-gatekeeper
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/ui-component: gatekeeper
+    apiVersion: v2
+    appVersion: v3.6.0
+    created: "2021-10-08T15:04:30.401462-07:00"
+    description: Modifies Open Policy Agent's upstream gatekeeper chart that provides
+      policy-based control for cloud native environments
+    digest: 5e869a471a4e29cc17e91d17f6dd2b78edfb37d4f683f9a3bbc8b65d13a35a80
+    home: https://github.com/open-policy-agent/gatekeeper
+    icon: https://charts.rancher.io/assets/logos/gatekeeper.svg
+    keywords:
+    - open policy agent
+    - security
+    name: rancher-gatekeeper
+    sources:
+    - https://github.com/open-policy-agent/gatekeeper.git
+    urls:
+    - assets/rancher-gatekeeper/rancher-gatekeeper-100.0.1+up3.6.0.tgz
+    version: 100.0.1+up3.6.0
   - annotations:
       catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
       catalog.cattle.io/certified: rancher
@@ -1575,6 +1830,20 @@ entries:
     - assets/rancher-gatekeeper/rancher-gatekeeper-3.1.100.tgz
     version: 3.1.100
   rancher-gatekeeper-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-gatekeeper-system
+      catalog.cattle.io/release-name: rancher-gatekeeper-crd
+    apiVersion: v1
+    created: "2021-10-08T15:04:30.409908-07:00"
+    description: Installs the CRDs for rancher-gatekeeper.
+    digest: 2473133618927588bb5cf2f7829aad41e17dc0743b954025c898683853476ce7
+    name: rancher-gatekeeper-crd
+    type: application
+    urls:
+    - assets/rancher-gatekeeper/rancher-gatekeeper-crd-100.0.1+up3.6.0.tgz
+    version: 100.0.1+up3.6.0
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
@@ -1767,6 +2036,40 @@ entries:
     - assets/rancher-grafana/rancher-grafana-6.6.401.tgz
     version: 6.6.401
   rancher-istio:
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-kiali-server-crd=100.0.0+up1.35.0
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: Istio
+      catalog.cattle.io/namespace: istio-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1
+      catalog.cattle.io/rancher-version: '>= 2.6.0-0'
+      catalog.cattle.io/release-name: rancher-istio
+      catalog.cattle.io/requests-cpu: 710m
+      catalog.cattle.io/requests-memory: 2314Mi
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/ui-component: istio
+    apiVersion: v1
+    appVersion: 1.10.4
+    created: "2021-10-08T15:04:30.435754-07:00"
+    dependencies:
+    - condition: kiali.enabled
+      name: kiali
+      repository: file://./charts/kiali
+    - condition: tracing.enabled
+      name: tracing
+      repository: file://./charts/tracing
+    description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/
+      for details.
+    digest: 502c8b7267cf7ee8f93f854c146ba64448c4d693cab719098218982b1e740c08
+    icon: https://charts.rancher.io/assets/logos/istio.svg
+    keywords:
+    - networking
+    - infrastructure
+    name: rancher-istio
+    urls:
+    - assets/rancher-istio/rancher-istio-100.0.1+up1.10.4.tgz
+    version: 100.0.1+up1.10.4
   - annotations:
       catalog.cattle.io/auto-install: rancher-kiali-server-crd=100.0.0+up1.35.0
       catalog.cattle.io/certified: rancher
@@ -3922,6 +4225,25 @@ entries:
     - assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000.tgz
     version: 2.1.000
   rancher-webhook:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cattle-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/release-name: rancher-webhook
+    apiVersion: v2
+    appVersion: 0.2.1
+    created: "2021-10-08T15:04:30.621692-07:00"
+    dependencies:
+    - condition: capi.enabled
+      name: capi
+      repository: ""
+    description: ValidatingAdmissionWebhook for Rancher types
+    digest: 9ea3d6e85da4135a2a45fa6feb02a3f2864fe80947c41a5e133a564249fe6830
+    name: rancher-webhook
+    urls:
+    - assets/rancher-webhook/rancher-webhook-1.0.1+up0.2.1.tgz
+    version: 1.0.1+up0.2.1
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"

From 6c7db44abf4c7e941039dda0cee3df6dab73f5d3 Mon Sep 17 00:00:00 2001
From: Nick Gerace <nick.gerace@suse.com>
Date: Fri, 8 Oct 2021 18:21:33 -0400
Subject: [PATCH 2/2] add charts

---
 .../fleet-agent/100.0.1+up0.3.7/Chart.yaml    |   12 +
 .../100.0.1+up0.3.7/templates/_helpers.tpl    |    7 +
 .../100.0.1+up0.3.7/templates/configmap.yaml  |   12 +
 .../100.0.1+up0.3.7/templates/deployment.yaml |   30 +
 .../templates/network_policy_allow_all.yaml   |   15 +
 .../patch_default_serviceaccount.yaml         |   28 +
 .../100.0.1+up0.3.7/templates/rbac.yaml       |   25 +
 .../100.0.1+up0.3.7/templates/secret.yaml     |   10 +
 .../templates/serviceaccount.yaml             |    4 +
 .../100.0.1+up0.3.7/templates/validate.yaml   |   11 +
 .../fleet-agent/100.0.1+up0.3.7/values.yaml   |   57 +
 .../fleet-crd/100.0.1+up0.3.7/Chart.yaml      |   12 +
 .../100.0.1+up0.3.7/templates/crds.yaml       | 5241 +++++++++++++
 .../templates/gitjobs-crds.yaml               | 6876 +++++++++++++++++
 charts/fleet/fleet/100.0.1+up0.3.7/Chart.yaml |   19 +
 .../100.0.1+up0.3.7/charts/gitjob/.helmignore |   23 +
 .../100.0.1+up0.3.7/charts/gitjob/Chart.yaml  |    5 +
 .../charts/gitjob/templates/_helpers.tpl      |    7 +
 .../charts/gitjob/templates/clusterrole.yaml  |   38 +
 .../gitjob/templates/clusterrolebinding.yaml  |   12 +
 .../charts/gitjob/templates/deployment.yaml   |   42 +
 .../charts/gitjob/templates/service.yaml      |   12 +
 .../gitjob/templates/serviceaccount.yaml      |    4 +
 .../100.0.1+up0.3.7/charts/gitjob/values.yaml |   26 +
 .../100.0.1+up0.3.7/templates/_helpers.tpl    |    7 +
 .../100.0.1+up0.3.7/templates/configmap.yaml  |   24 +
 .../100.0.1+up0.3.7/templates/deployment.yaml |   44 +
 .../fleet/100.0.1+up0.3.7/templates/rbac.yaml |  106 +
 .../templates/serviceaccount.yaml             |   10 +
 .../fleet/fleet/100.0.1+up0.3.7/values.yaml   |   59 +
 .../longhorn-crd/100.0.0+up1.1.2/Chart.yaml   |   10 +
 .../longhorn-crd/100.0.0+up1.1.2/README.md    |    2 +
 .../100.0.0+up1.1.2/templates/crds.yaml       |  524 ++
 .../longhorn/100.0.0+up1.1.2/.helmignore      |   21 +
 .../longhorn/100.0.0+up1.1.2/Chart.yaml       |   40 +
 .../longhorn/100.0.0+up1.1.2/README.md        |   33 +
 .../longhorn/100.0.0+up1.1.2/app-readme.md    |   11 +
 .../longhorn/100.0.0+up1.1.2/questions.yml    |  532 ++
 .../100.0.0+up1.1.2/templates/NOTES.txt       |    5 +
 .../100.0.0+up1.1.2/templates/_helpers.tpl    |   66 +
 .../templates/clusterrole.yaml                |   47 +
 .../templates/clusterrolebinding.yaml         |   13 +
 .../templates/daemonset-sa.yaml               |  125 +
 .../templates/default-setting.yaml            |   41 +
 .../templates/deployment-driver.yaml          |  104 +
 .../templates/deployment-ui.yaml              |   72 +
 .../100.0.0+up1.1.2/templates/ingress.yaml    |   34 +
 .../templates/postupgrade-job.yaml            |   48 +
 .../100.0.0+up1.1.2/templates/psp.yaml        |   66 +
 .../templates/registry-secret.yml             |   11 +
 .../templates/serviceaccount.yaml             |    6 +
 .../templates/storageclass.yaml               |   26 +
 .../templates/tls-secrets.yaml                |   16 +
 .../templates/uninstall-job.yaml              |   49 +
 .../100.0.0+up1.1.2/templates/userroles.yaml  |   38 +
 .../templates/validate-install-crd.yaml       |   23 +
 .../longhorn/100.0.0+up1.1.2/values.yaml      |  218 +
 .../longhorn-crd/100.1.0+up1.2.2/Chart.yaml   |   10 +
 .../longhorn-crd/100.1.0+up1.2.2/README.md    |    2 +
 .../100.1.0+up1.2.2/templates/crds.yaml       |  832 ++
 .../longhorn/100.1.0+up1.2.2/.helmignore      |   21 +
 .../longhorn/100.1.0+up1.2.2/Chart.yaml       |   39 +
 .../longhorn/100.1.0+up1.2.2/README.md        |   33 +
 .../longhorn/100.1.0+up1.2.2/app-readme.md    |   11 +
 .../longhorn/100.1.0+up1.2.2/questions.yml    |  623 ++
 .../100.1.0+up1.2.2/templates/NOTES.txt       |    5 +
 .../100.1.0+up1.2.2/templates/_helpers.tpl    |   66 +
 .../templates/clusterrole.yaml                |   50 +
 .../templates/clusterrolebinding.yaml         |   13 +
 .../templates/daemonset-sa.yaml               |  125 +
 .../templates/default-setting.yaml            |   44 +
 .../templates/deployment-driver.yaml          |  104 +
 .../templates/deployment-ui.yaml              |   72 +
 .../100.1.0+up1.2.2/templates/ingress.yaml    |   48 +
 .../templates/postupgrade-job.yaml            |   48 +
 .../100.1.0+up1.2.2/templates/psp.yaml        |   66 +
 .../templates/registry-secret.yml             |   11 +
 .../templates/serviceaccount.yaml             |    6 +
 .../templates/storageclass.yaml               |   34 +
 .../templates/tls-secrets.yaml                |   16 +
 .../templates/uninstall-job.yaml              |   49 +
 .../100.1.0+up1.2.2/templates/userroles.yaml  |   47 +
 .../templates/validate-install-crd.yaml       |   28 +
 .../longhorn/100.1.0+up1.2.2/values.yaml      |  228 +
 .../100.0.1+up1.0.2/Chart.yaml                |   11 +
 .../100.0.1+up1.0.2/templates/crds.yaml       |  178 +
 .../100.0.1+up1.0.2/Chart.yaml                |   18 +
 .../100.0.1+up1.0.2/templates/NOTES.txt       |    4 +
 .../100.0.1+up1.0.2/templates/_helpers.tpl    |    9 +
 .../templates/clusterrole.yaml                |   15 +
 .../templates/clusterrolebinding.yaml         |   13 +
 .../100.0.1+up1.0.2/templates/deployment.yaml |   50 +
 .../templates/serviceaccount.yaml             |    5 +
 .../100.0.1+up1.0.2/values.yaml               |   12 +
 .../rancher-backup-crd/2.0.1/Chart.yaml       |   11 +
 .../rancher-backup-crd/2.0.1/README.md        |    3 +
 .../2.0.1/templates/backup.yaml               |  119 +
 .../2.0.1/templates/resourceset.yaml          |   99 +
 .../2.0.1/templates/restore.yaml              |  104 +
 .../rancher-backup/2.0.1/Chart.yaml           |   22 +
 .../rancher-backup/2.0.1/README.md            |   70 +
 .../rancher-backup/2.0.1/app-readme.md        |   15 +
 .../default-resourceset-contents/aks.yaml     |   25 +
 .../default-resourceset-contents/eks.yaml     |   17 +
 .../default-resourceset-contents/fleet.yaml   |   49 +
 .../default-resourceset-contents/gke.yaml     |   17 +
 .../provisioningv2.yaml                       |   18 +
 .../rancher-operator.yaml                     |   27 +
 .../default-resourceset-contents/rancher.yaml |   49 +
 .../2.0.1/templates/_helpers.tpl              |   83 +
 .../2.0.1/templates/clusterrolebinding.yaml   |   14 +
 .../2.0.1/templates/deployment.yaml           |   62 +
 .../2.0.1/templates/hardened.yaml             |  114 +
 .../rancher-backup/2.0.1/templates/psp.yaml   |   29 +
 .../rancher-backup/2.0.1/templates/pvc.yaml   |   27 +
 .../2.0.1/templates/rancher-resourceset.yaml  |   13 +
 .../2.0.1/templates/s3-secret.yaml            |   31 +
 .../2.0.1/templates/serviceaccount.yaml       |   11 +
 .../2.0.1/templates/validate-install-crd.yaml |   16 +
 .../rancher-backup/2.0.1/values.yaml          |   57 +
 .../2.0.1/Chart.yaml                          |   10 +
 .../rancher-cis-benchmark-crd/2.0.1/README.md |    2 +
 .../2.0.1/templates/clusterscan.yaml          |  148 +
 .../2.0.1/templates/clusterscanbenchmark.yaml |   54 +
 .../2.0.1/templates/clusterscanprofile.yaml   |   36 +
 .../2.0.1/templates/clusterscanreport.yaml    |   39 +
 .../rancher-cis-benchmark/2.0.1/Chart.yaml    |   20 +
 .../rancher-cis-benchmark/2.0.1/README.md     |    9 +
 .../rancher-cis-benchmark/2.0.1/app-readme.md |   15 +
 .../2.0.1/templates/_helpers.tpl              |   23 +
 .../2.0.1/templates/alertingrule.yaml         |   14 +
 .../2.0.1/templates/benchmark-cis-1.5.yaml    |    8 +
 .../2.0.1/templates/benchmark-cis-1.6.yaml    |    8 +
 .../2.0.1/templates/benchmark-eks-1.0.yaml    |    8 +
 .../2.0.1/templates/benchmark-gke-1.0.yaml    |    8 +
 .../benchmark-k3s-cis-1.6-hardened.yaml       |    8 +
 .../benchmark-k3s-cis-1.6-permissive.yaml     |    8 +
 .../benchmark-rke-cis-1.5-hardened.yaml       |    8 +
 .../benchmark-rke-cis-1.5-permissive.yaml     |    8 +
 .../benchmark-rke-cis-1.6-hardened.yaml       |    8 +
 .../benchmark-rke-cis-1.6-permissive.yaml     |    8 +
 .../benchmark-rke2-cis-1.5-hardened.yaml      |    8 +
 .../benchmark-rke2-cis-1.5-permissive.yaml    |    8 +
 .../benchmark-rke2-cis-1.6-hardened.yaml      |    8 +
 .../benchmark-rke2-cis-1.6-permissive.yaml    |    8 +
 .../2.0.1/templates/cis-roles.yaml            |   49 +
 .../2.0.1/templates/configmap.yaml            |   17 +
 .../2.0.1/templates/deployment.yaml           |   57 +
 .../templates/network_policy_allow_all.yaml   |   15 +
 .../patch_default_serviceaccount.yaml         |   20 +
 .../2.0.1/templates/rbac.yaml                 |   43 +
 .../2.0.1/templates/scanprofile-cis-1.5.yml   |    9 +
 .../2.0.1/templates/scanprofile-cis-1.6.yaml  |    9 +
 .../scanprofile-k3s-cis-1.6-hardened.yml      |    9 +
 .../scanprofile-k3s-cis-1.6-permissive.yml    |    9 +
 .../scanprofile-rke-1.5-hardened.yml          |    9 +
 .../scanprofile-rke-1.5-permissive.yml        |    9 +
 .../scanprofile-rke-1.6-hardened.yaml         |    9 +
 .../scanprofile-rke-1.6-permissive.yaml       |    9 +
 .../scanprofile-rke2-cis-1.5-hardened.yml     |    9 +
 .../scanprofile-rke2-cis-1.5-permissive.yml   |    9 +
 .../scanprofile-rke2-cis-1.6-hardened.yml     |    9 +
 .../scanprofile-rke2-cis-1.6-permissive.yml   |    9 +
 .../2.0.1/templates/scanprofileeks.yml        |    9 +
 .../2.0.1/templates/scanprofilegke.yml        |    9 +
 .../2.0.1/templates/serviceaccount.yaml       |   14 +
 .../2.0.1/templates/validate-install-crd.yaml |   17 +
 .../rancher-cis-benchmark/2.0.1/values.yaml   |   45 +
 .../100.0.1+up3.6.0/Chart.yaml                |   10 +
 .../100.0.1+up3.6.0/README.md                 |    2 +
 .../assign-customresourcedefinition.yaml      |  209 +
 ...signmetadata-customresourcedefinition.yaml |  174 +
 .../config-customresourcedefinition.yaml      |  105 +
 ...intpodstatus-customresourcedefinition.yaml |   67 +
 ...ainttemplate-customresourcedefinition.yaml |  297 +
 ...atepodstatus-customresourcedefinition.yaml |   66 +
 ...torpodstatus-customresourcedefinition.yaml |   62 +
 .../100.0.1+up3.6.0/templates/_helpers.tpl    |    7 +
 .../100.0.1+up3.6.0/templates/jobs.yaml       |   92 +
 .../100.0.1+up3.6.0/templates/manifest.yaml   |   14 +
 .../100.0.1+up3.6.0/templates/rbac.yaml       |   72 +
 .../100.0.1+up3.6.0/values.yaml               |   11 +
 .../100.0.1+up3.6.0/.helmignore               |   21 +
 .../100.0.1+up3.6.0/CHANGELOG.md              |   15 +
 .../100.0.1+up3.6.0/Chart.yaml                |   23 +
 .../100.0.1+up3.6.0/README.md                 |  121 +
 .../100.0.1+up3.6.0/app-readme.md             |   14 +
 .../100.0.1+up3.6.0/templates/_helpers.tpl    |   49 +
 .../templates/allowedrepos.yaml               |   35 +
 .../gatekeeper-admin-podsecuritypolicy.yaml   |   35 +
 .../gatekeeper-admin-serviceaccount.yaml      |   11 +
 .../gatekeeper-audit-deployment.yaml          |  108 +
 ...ekeeper-controller-manager-deployment.yaml |  126 +
 ...ontroller-manager-poddisruptionbudget.yaml |   26 +
 ...atekeeper-critical-pods-resourcequota.yaml |   23 +
 .../gatekeeper-manager-role-clusterrole.yaml  |  153 +
 .../gatekeeper-manager-role-role.yaml         |   32 +
 ...anager-rolebinding-clusterrolebinding.yaml |   18 +
 ...eeper-manager-rolebinding-rolebinding.yaml |   19 +
 ...guration-mutatingwebhookconfiguration.yaml |   40 +
 ...ration-validatingwebhookconfiguration.yaml |   66 +
 ...gatekeeper-webhook-server-cert-secret.yaml |   12 +
 .../gatekeeper-webhook-service-service.yaml   |   29 +
 .../templates/namespace-post-install.yaml     |   98 +
 .../templates/requiredlabels.yaml             |   57 +
 .../templates/upgrade-crds-hook.yaml          |   82 +
 .../templates/validate-install-crd.yaml       |   20 +
 .../100.0.1+up3.6.0/values.yaml               |   93 +
 .../rancher-istio/100.0.1+up1.10.4/Chart.yaml |   23 +
 .../rancher-istio/100.0.1+up1.10.4/README.md  |   80 +
 .../100.0.1+up1.10.4/app-readme.md            |   35 +
 .../100.0.1+up1.10.4/charts/kiali/Chart.yaml  |   31 +
 .../charts/kiali/templates/NOTES.txt          |    5 +
 .../charts/kiali/templates/_helpers.tpl       |  193 +
 .../charts/kiali/templates/cabundle.yaml      |   13 +
 .../charts/kiali/templates/configmap.yaml     |   25 +
 .../kiali/templates/dashboards/envoy.yaml     |   56 +
 .../charts/kiali/templates/dashboards/go.yaml |   67 +
 .../kiali/templates/dashboards/kiali.yaml     |   44 +
 .../dashboards/micrometer-1.0.6-jvm-pool.yaml |   43 +
 .../dashboards/micrometer-1.0.6-jvm.yaml      |   65 +
 .../dashboards/micrometer-1.1-jvm.yaml        |   68 +
 .../dashboards/microprofile-1.1.yaml          |   59 +
 .../dashboards/microprofile-x.y.yaml          |   38 +
 .../kiali/templates/dashboards/nodejs.yaml    |   59 +
 .../kiali/templates/dashboards/quarkus.yaml   |   33 +
 .../dashboards/springboot-jvm-pool.yaml       |   16 +
 .../templates/dashboards/springboot-jvm.yaml  |   16 +
 .../dashboards/springboot-tomcat.yaml         |   16 +
 .../kiali/templates/dashboards/thorntail.yaml |   22 +
 .../kiali/templates/dashboards/tomcat.yaml    |   67 +
 .../templates/dashboards/vertx-client.yaml    |   60 +
 .../templates/dashboards/vertx-eventbus.yaml  |   59 +
 .../kiali/templates/dashboards/vertx-jvm.yaml |   16 +
 .../templates/dashboards/vertx-pool.yaml      |   68 +
 .../templates/dashboards/vertx-server.yaml    |   62 +
 .../charts/kiali/templates/deployment.yaml    |  179 +
 .../charts/kiali/templates/hpa.yaml           |   17 +
 .../charts/kiali/templates/ingress.yaml       |   43 +
 .../charts/kiali/templates/oauth.yaml         |   17 +
 .../charts/kiali/templates/psp.yaml           |   67 +
 .../kiali/templates/role-controlplane.yaml    |   15 +
 .../charts/kiali/templates/role-viewer.yaml   |   96 +
 .../charts/kiali/templates/role.yaml          |  106 +
 .../templates/rolebinding-controlplane.yaml   |   17 +
 .../charts/kiali/templates/rolebinding.yaml   |   20 +
 .../charts/kiali/templates/route.yaml         |   30 +
 .../charts/kiali/templates/service.yaml       |   45 +
 .../kiali/templates/serviceaccount.yaml       |    9 +
 .../kiali/templates/validate-install-crd.yaml |   14 +
 .../kiali/templates/web-root-configmap.yaml   |   12 +
 .../100.0.1+up1.10.4/charts/kiali/values.yaml |   98 +
 .../charts/tracing/.helmignore                |   23 +
 .../charts/tracing/Chart.yaml                 |   12 +
 .../100.0.1+up1.10.4/charts/tracing/README.md |    5 +
 .../charts/tracing/templates/_affinity.tpl    |   92 +
 .../charts/tracing/templates/_helpers.tpl     |   32 +
 .../charts/tracing/templates/deployment.yaml  |   86 +
 .../charts/tracing/templates/psp.yaml         |   86 +
 .../charts/tracing/templates/pvc.yaml         |   16 +
 .../charts/tracing/templates/service.yaml     |   63 +
 .../charts/tracing/values.yaml                |   44 +
 .../100.0.1+up1.10.4/configs/istio-base.yaml  |   82 +
 .../100.0.1+up1.10.4/requirements.yaml        |    7 +
 .../samples/overlay-example.yaml              |   37 +
 .../100.0.1+up1.10.4/templates/_helpers.tpl   |   12 +
 .../templates/admin-role.yaml                 |   43 +
 .../templates/base-config-map.yaml            |    7 +
 .../templates/clusterrole.yaml                |  126 +
 .../templates/clusterrolebinding.yaml         |   12 +
 .../100.0.1+up1.10.4/templates/edit-role.yaml |   43 +
 .../templates/istio-cni-psp.yaml              |   51 +
 .../templates/istio-install-job.yaml          |   58 +
 .../templates/istio-install-psp.yaml          |   30 +
 .../100.0.1+up1.10.4/templates/istio-psp.yaml |   81 +
 .../templates/istio-uninstall-job.yaml        |   45 +
 .../templates/overlay-config-map.yaml         |    9 +
 .../templates/service-monitors.yaml           |   51 +
 .../templates/serviceaccount.yaml             |    5 +
 .../100.0.1+up1.10.4/templates/view-role.yaml |   41 +
 .../100.0.1+up1.10.4/values.yaml              |   88 +
 .../rancher-webhook/1.0.1+up0.2.1/Chart.yaml  |   15 +
 .../1.0.1+up0.2.1/charts/capi/Chart.yaml      |    4 +
 .../charts/capi/templates/service.yaml        |   13 +
 .../1.0.1+up0.2.1/templates/_helpers.tpl      |   11 +
 .../1.0.1+up0.2.1/templates/deployment.yaml   |   44 +
 .../pre-delete-hook-cluster-role-binding.yaml |   19 +
 .../pre-delete-hook-cluster-role.yaml         |   23 +
 .../templates/pre-delete-hook-job.yaml        |   26 +
 .../templates/pre-delete-hook-psp.yaml        |   33 +
 .../pre-delete-hook-service-account.yaml      |   12 +
 .../1.0.1+up0.2.1/templates/rbac.yaml         |   12 +
 .../1.0.1+up0.2.1/templates/service.yaml      |   13 +
 .../templates/serviceaccount.yaml             |    4 +
 .../1.0.1+up0.2.1/templates/webhook.yaml      |   19 +
 .../rancher-webhook/1.0.1+up0.2.1/values.yaml |   21 +
 296 files changed, 26086 insertions(+)
 create mode 100644 charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/Chart.yaml
 create mode 100644 charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/_helpers.tpl
 create mode 100644 charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/configmap.yaml
 create mode 100644 charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/deployment.yaml
 create mode 100644 charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/network_policy_allow_all.yaml
 create mode 100644 charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/patch_default_serviceaccount.yaml
 create mode 100644 charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/rbac.yaml
 create mode 100644 charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/secret.yaml
 create mode 100644 charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/serviceaccount.yaml
 create mode 100644 charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/validate.yaml
 create mode 100644 charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/values.yaml
 create mode 100644 charts/fleet-crd/fleet-crd/100.0.1+up0.3.7/Chart.yaml
 create mode 100644 charts/fleet-crd/fleet-crd/100.0.1+up0.3.7/templates/crds.yaml
 create mode 100644 charts/fleet-crd/fleet-crd/100.0.1+up0.3.7/templates/gitjobs-crds.yaml
 create mode 100644 charts/fleet/fleet/100.0.1+up0.3.7/Chart.yaml
 create mode 100644 charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/.helmignore
 create mode 100644 charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/Chart.yaml
 create mode 100644 charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/_helpers.tpl
 create mode 100644 charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/clusterrole.yaml
 create mode 100644 charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/clusterrolebinding.yaml
 create mode 100644 charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/deployment.yaml
 create mode 100644 charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/service.yaml
 create mode 100644 charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/serviceaccount.yaml
 create mode 100644 charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/values.yaml
 create mode 100644 charts/fleet/fleet/100.0.1+up0.3.7/templates/_helpers.tpl
 create mode 100644 charts/fleet/fleet/100.0.1+up0.3.7/templates/configmap.yaml
 create mode 100644 charts/fleet/fleet/100.0.1+up0.3.7/templates/deployment.yaml
 create mode 100644 charts/fleet/fleet/100.0.1+up0.3.7/templates/rbac.yaml
 create mode 100644 charts/fleet/fleet/100.0.1+up0.3.7/templates/serviceaccount.yaml
 create mode 100644 charts/fleet/fleet/100.0.1+up0.3.7/values.yaml
 create mode 100644 charts/longhorn-1.1/longhorn-crd/100.0.0+up1.1.2/Chart.yaml
 create mode 100644 charts/longhorn-1.1/longhorn-crd/100.0.0+up1.1.2/README.md
 create mode 100644 charts/longhorn-1.1/longhorn-crd/100.0.0+up1.1.2/templates/crds.yaml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/.helmignore
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/Chart.yaml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/README.md
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/app-readme.md
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/questions.yml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/NOTES.txt
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/_helpers.tpl
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/clusterrole.yaml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/clusterrolebinding.yaml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/daemonset-sa.yaml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/default-setting.yaml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/deployment-driver.yaml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/deployment-ui.yaml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/ingress.yaml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/postupgrade-job.yaml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/psp.yaml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/registry-secret.yml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/serviceaccount.yaml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/storageclass.yaml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/tls-secrets.yaml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/uninstall-job.yaml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/userroles.yaml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/validate-install-crd.yaml
 create mode 100644 charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/values.yaml
 create mode 100644 charts/longhorn-1.2/longhorn-crd/100.1.0+up1.2.2/Chart.yaml
 create mode 100644 charts/longhorn-1.2/longhorn-crd/100.1.0+up1.2.2/README.md
 create mode 100644 charts/longhorn-1.2/longhorn-crd/100.1.0+up1.2.2/templates/crds.yaml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/.helmignore
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/Chart.yaml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/README.md
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/app-readme.md
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/questions.yml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/NOTES.txt
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/_helpers.tpl
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/clusterrole.yaml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/clusterrolebinding.yaml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/daemonset-sa.yaml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/default-setting.yaml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/deployment-driver.yaml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/deployment-ui.yaml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/ingress.yaml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/postupgrade-job.yaml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/psp.yaml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/registry-secret.yml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/serviceaccount.yaml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/storageclass.yaml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/tls-secrets.yaml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/uninstall-job.yaml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/userroles.yaml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/validate-install-crd.yaml
 create mode 100644 charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/values.yaml
 create mode 100644 charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.1+up1.0.2/Chart.yaml
 create mode 100644 charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.1+up1.0.2/templates/crds.yaml
 create mode 100644 charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/Chart.yaml
 create mode 100644 charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/NOTES.txt
 create mode 100644 charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/_helpers.tpl
 create mode 100644 charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/clusterrole.yaml
 create mode 100644 charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/clusterrolebinding.yaml
 create mode 100644 charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/deployment.yaml
 create mode 100644 charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/values.yaml
 create mode 100644 charts/rancher-backup-crd/rancher-backup-crd/2.0.1/Chart.yaml
 create mode 100644 charts/rancher-backup-crd/rancher-backup-crd/2.0.1/README.md
 create mode 100644 charts/rancher-backup-crd/rancher-backup-crd/2.0.1/templates/backup.yaml
 create mode 100644 charts/rancher-backup-crd/rancher-backup-crd/2.0.1/templates/resourceset.yaml
 create mode 100644 charts/rancher-backup-crd/rancher-backup-crd/2.0.1/templates/restore.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/Chart.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/README.md
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/app-readme.md
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/aks.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/eks.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/fleet.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/gke.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/provisioningv2.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/rancher-operator.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/rancher.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/templates/_helpers.tpl
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/templates/clusterrolebinding.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/templates/deployment.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/templates/hardened.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/templates/psp.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/templates/pvc.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/templates/rancher-resourceset.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/templates/s3-secret.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/templates/validate-install-crd.yaml
 create mode 100644 charts/rancher-backup/rancher-backup/2.0.1/values.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/README.md
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/templates/clusterscan.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/templates/clusterscanbenchmark.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/templates/clusterscanprofile.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/templates/clusterscanreport.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/README.md
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/app-readme.md
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/_helpers.tpl
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/alertingrule.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-cis-1.5.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-eks-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-gke-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-k3s-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-k3s-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke2-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke2-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke2-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke2-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/cis-roles.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/configmap.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/deployment.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/network_policy_allow_all.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/patch_default_serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/rbac.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-cis-1.5.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-k3s-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-k3s-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke-1.5-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke-1.5-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke2-cis-1.5-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke2-cis-1.5-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke2-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke2-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofileeks.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofilegke.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/validate-install-crd.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/values.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/Chart.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/README.md
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/assign-customresourcedefinition.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/assignmetadata-customresourcedefinition.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/config-customresourcedefinition.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/constraintpodstatus-customresourcedefinition.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/constrainttemplate-customresourcedefinition.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/_helpers.tpl
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/jobs.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/manifest.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/rbac.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/values.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/.helmignore
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/CHANGELOG.md
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/Chart.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/README.md
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/app-readme.md
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/_helpers.tpl
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/allowedrepos.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-admin-podsecuritypolicy.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-admin-serviceaccount.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-audit-deployment.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-controller-manager-deployment.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-critical-pods-resourcequota.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-manager-role-clusterrole.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-manager-role-role.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-manager-rolebinding-rolebinding.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-webhook-server-cert-secret.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-webhook-service-service.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/namespace-post-install.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/requiredlabels.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/upgrade-crds-hook.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/validate-install-crd.yaml
 create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/values.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/Chart.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/README.md
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/app-readme.md
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/Chart.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/NOTES.txt
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/_helpers.tpl
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/cabundle.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/configmap.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/envoy.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/go.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/kiali.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/microprofile-1.1.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/microprofile-x.y.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/nodejs.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/quarkus.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/springboot-tomcat.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/thorntail.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/tomcat.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-client.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-eventbus.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-jvm.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-pool.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-server.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/deployment.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/hpa.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/ingress.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/oauth.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/psp.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/role-controlplane.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/role-viewer.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/role.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/rolebinding-controlplane.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/rolebinding.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/route.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/service.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/validate-install-crd.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/web-root-configmap.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/values.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/.helmignore
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/Chart.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/README.md
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/_affinity.tpl
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/_helpers.tpl
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/deployment.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/psp.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/pvc.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/service.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/values.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/configs/istio-base.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/requirements.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/samples/overlay-example.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/_helpers.tpl
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/admin-role.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/base-config-map.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/clusterrole.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/clusterrolebinding.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/edit-role.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-cni-psp.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-install-job.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-install-psp.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-psp.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-uninstall-job.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/overlay-config-map.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/service-monitors.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/view-role.yaml
 create mode 100644 charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/values.yaml
 create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/Chart.yaml
 create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/charts/capi/Chart.yaml
 create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/charts/capi/templates/service.yaml
 create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/_helpers.tpl
 create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/deployment.yaml
 create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-cluster-role-binding.yaml
 create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-cluster-role.yaml
 create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-job.yaml
 create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-psp.yaml
 create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-service-account.yaml
 create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/rbac.yaml
 create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/service.yaml
 create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/webhook.yaml
 create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/values.yaml

diff --git a/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/Chart.yaml b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/Chart.yaml
new file mode 100644
index 000000000..3b437ce85
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/Chart.yaml
@@ -0,0 +1,12 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-fleet-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/release-name: fleet-agent
+apiVersion: v2
+appVersion: 0.3.7
+description: Fleet Manager Agent - GitOps at Scale
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet-agent
+version: 100.0.1+up0.3.7
diff --git a/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/_helpers.tpl b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/_helpers.tpl
new file mode 100644
index 000000000..f652b5643
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/_helpers.tpl
@@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/configmap.yaml b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/configmap.yaml
new file mode 100644
index 000000000..ce61a8756
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/configmap.yaml
@@ -0,0 +1,12 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: fleet-agent
+data:
+  config: |-
+    {
+      {{ if .Values.labels }}
+      "labels":{{toJson .Values.labels}},
+      {{ end }}
+      "clientID":"{{.Values.clientID}}"
+    }
diff --git a/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/deployment.yaml b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/deployment.yaml
new file mode 100644
index 000000000..72323dc76
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/deployment.yaml
@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fleet-agent
+spec:
+  selector:
+    matchLabels:
+      app: fleet-agent
+  template:
+    metadata:
+      labels:
+        app: fleet-agent
+    spec:
+      containers:
+      - env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: '{{ template "system_default_registry" . }}{{.Values.image.repository}}:{{.Values.image.tag}}'
+        name: fleet-agent
+      serviceAccountName: fleet-agent
+      {{- with .Values.fleetAgent.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.fleetAgent.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/network_policy_allow_all.yaml b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/network_policy_allow_all.yaml
new file mode 100644
index 000000000..a72109a06
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ .Values.internal.systemNamespace }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
diff --git a/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/patch_default_serviceaccount.yaml b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/patch_default_serviceaccount.yaml
new file mode 100644
index 000000000..2448cb4f3
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,28 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-fleet-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    spec:
+      serviceAccountName: fleet-agent
+      restartPolicy: Never
+      containers:
+      - name: sa
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", {{ .Values.internal.systemNamespace }}]
+      {{- with .Values.kubectl.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.kubectl.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+  backoffLimit: 1
diff --git a/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/rbac.yaml b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/rbac.yaml
new file mode 100644
index 000000000..805949bf2
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/rbac.yaml
@@ -0,0 +1,25 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-agent-system-fleet-agent-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-agent-system-fleet-agent-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-agent-system-fleet-agent-role
+subjects:
+- kind: ServiceAccount
+  name: fleet-agent
+  namespace: {{.Release.Namespace}}
diff --git a/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/secret.yaml b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/secret.yaml
new file mode 100644
index 000000000..471588204
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/secret.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+data:
+  systemRegistrationNamespace: "{{b64enc .Values.systemRegistrationNamespace}}"
+  clusterNamespace: "{{b64enc .Values.clusterNamespace}}"
+  token: "{{b64enc .Values.token}}"
+  apiServerURL: "{{b64enc .Values.apiServerURL}}"
+  apiServerCA: "{{b64enc .Values.apiServerCA}}"
+kind: Secret
+metadata:
+  name: fleet-agent-bootstrap
diff --git a/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/serviceaccount.yaml b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/serviceaccount.yaml
new file mode 100644
index 000000000..73e27f0be
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-agent
diff --git a/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/validate.yaml b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/validate.yaml
new file mode 100644
index 000000000..d53ff1c50
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/templates/validate.yaml
@@ -0,0 +1,11 @@
+{{if ne .Release.Namespace .Values.internal.systemNamespace }}
+{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.systemNamespace) }}
+{{end}}
+
+{{if ne .Release.Name .Values.internal.managedReleaseName }}
+{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.managedReleaseName) }}
+{{end}}
+
+{{if not .Values.apiServerURL }}
+{{ fail "apiServerURL is required to be set, and most likely also apiServerCA" }}
+{{end}}
diff --git a/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/values.yaml b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/values.yaml
new file mode 100644
index 000000000..e239f8b29
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.1+up0.3.7/values.yaml
@@ -0,0 +1,57 @@
+image:
+  os: "windows,linux"
+  repository: rancher/fleet-agent
+  tag: v0.3.7
+
+# The public URL of the Kubernetes API server running the Fleet Manager must be set here
+# Example: https://example.com:6443
+apiServerURL: ""
+
+# The the pem encoded value of the CA of the Kubernetes API server running the Fleet Manager.
+# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
+apiServerCA: ""
+
+# The cluster registration value
+token: ""
+
+# Labels to add to the cluster upon registration only. They are not added after the fact.
+#labels:
+#  foo: bar
+
+# The client ID of the cluster to associate with
+clientID: ""
+
+# The namespace of the cluster we are register with
+clusterNamespace: ""
+
+# The namespace containing the clusters registration secrets
+systemRegistrationNamespace: fleet-clusters-system
+
+# Please do not change the below setting unless you really know what you are doing
+internal:
+  systemNamespace: fleet-system
+  managedReleaseName: fleet-agent
+
+# The nodeSelector and tolerations for the agent deployment
+fleetAgent:
+  nodeSelector: {}
+  tolerations: []
+kubectl:
+  nodeSelector:
+    kubernetes.io/os: linux
+  tolerations:
+    - key: cattle.io/os
+      operator: "Equal"
+      value: "linux"
+      effect: NoSchedule
+    - key: node.cloudprovider.kubernetes.io/uninitialized
+      operator: "Equal"
+      value: "true"
+      effect: NoSchedule
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
diff --git a/charts/fleet-crd/fleet-crd/100.0.1+up0.3.7/Chart.yaml b/charts/fleet-crd/fleet-crd/100.0.1+up0.3.7/Chart.yaml
new file mode 100644
index 000000000..4c6f3d801
--- /dev/null
+++ b/charts/fleet-crd/fleet-crd/100.0.1+up0.3.7/Chart.yaml
@@ -0,0 +1,12 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-fleet-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/release-name: fleet-crd
+apiVersion: v2
+appVersion: 0.3.7
+description: Fleet Manager CustomResourceDefinitions
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet-crd
+version: 100.0.1+up0.3.7
diff --git a/charts/fleet-crd/fleet-crd/100.0.1+up0.3.7/templates/crds.yaml b/charts/fleet-crd/fleet-crd/100.0.1+up0.3.7/templates/crds.yaml
new file mode 100644
index 000000000..2fef67d6a
--- /dev/null
+++ b/charts/fleet-crd/fleet-crd/100.0.1+up0.3.7/templates/crds.yaml
@@ -0,0 +1,5241 @@
+{{- if .Capabilities.APIVersions.Has "apiextensions.k8s.io/v1" -}}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: bundles.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: Bundle
+    plural: bundles
+    singular: bundle
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.display.readyClusters
+      name: BundleDeployments-Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              defaultNamespace:
+                nullable: true
+                type: string
+              dependsOn:
+                items:
+                  properties:
+                    name:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              diff:
+                nullable: true
+                properties:
+                  comparePatches:
+                    items:
+                      properties:
+                        apiVersion:
+                          nullable: true
+                          type: string
+                        jsonPointers:
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                        kind:
+                          nullable: true
+                          type: string
+                        name:
+                          nullable: true
+                          type: string
+                        namespace:
+                          nullable: true
+                          type: string
+                        operations:
+                          items:
+                            properties:
+                              op:
+                                nullable: true
+                                type: string
+                              path:
+                                nullable: true
+                                type: string
+                              value:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    nullable: true
+                    type: array
+                type: object
+              forceSyncGeneration:
+                type: integer
+              helm:
+                nullable: true
+                properties:
+                  chart:
+                    nullable: true
+                    type: string
+                  force:
+                    type: boolean
+                  maxHistory:
+                    type: integer
+                  releaseName:
+                    nullable: true
+                    type: string
+                  repo:
+                    nullable: true
+                    type: string
+                  takeOwnership:
+                    type: boolean
+                  timeoutSeconds:
+                    type: integer
+                  values:
+                    nullable: true
+                    type: object
+                    x-kubernetes-preserve-unknown-fields: true
+                  valuesFiles:
+                    items:
+                      nullable: true
+                      type: string
+                    nullable: true
+                    type: array
+                  valuesFrom:
+                    items:
+                      properties:
+                        configMapKeyRef:
+                          nullable: true
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                          type: object
+                        secretKeyRef:
+                          nullable: true
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                          type: object
+                      type: object
+                    nullable: true
+                    type: array
+                  version:
+                    nullable: true
+                    type: string
+                type: object
+              kustomize:
+                nullable: true
+                properties:
+                  dir:
+                    nullable: true
+                    type: string
+                type: object
+              namespace:
+                nullable: true
+                type: string
+              paused:
+                type: boolean
+              resources:
+                items:
+                  properties:
+                    content:
+                      nullable: true
+                      type: string
+                    encoding:
+                      nullable: true
+                      type: string
+                    name:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              rolloutStrategy:
+                nullable: true
+                properties:
+                  autoPartitionSize:
+                    nullable: true
+                    type: string
+                  maxUnavailable:
+                    nullable: true
+                    type: string
+                  maxUnavailablePartitions:
+                    nullable: true
+                    type: string
+                  partitions:
+                    items:
+                      properties:
+                        clusterGroup:
+                          nullable: true
+                          type: string
+                        clusterGroupSelector:
+                          nullable: true
+                          properties:
+                            matchExpressions:
+                              items:
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  operator:
+                                    nullable: true
+                                    type: string
+                                  values:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                type: object
+                              nullable: true
+                              type: array
+                            matchLabels:
+                              additionalProperties:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: object
+                          type: object
+                        clusterName:
+                          nullable: true
+                          type: string
+                        clusterSelector:
+                          nullable: true
+                          properties:
+                            matchExpressions:
+                              items:
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  operator:
+                                    nullable: true
+                                    type: string
+                                  values:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                type: object
+                              nullable: true
+                              type: array
+                            matchLabels:
+                              additionalProperties:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: object
+                          type: object
+                        maxUnavailable:
+                          nullable: true
+                          type: string
+                        name:
+                          nullable: true
+                          type: string
+                      type: object
+                    nullable: true
+                    type: array
+                type: object
+              serviceAccount:
+                nullable: true
+                type: string
+              targetRestrictions:
+                items:
+                  properties:
+                    clusterGroup:
+                      nullable: true
+                      type: string
+                    clusterGroupSelector:
+                      nullable: true
+                      properties:
+                        matchExpressions:
+                          items:
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              values:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                      type: object
+                    clusterName:
+                      nullable: true
+                      type: string
+                    clusterSelector:
+                      nullable: true
+                      properties:
+                        matchExpressions:
+                          items:
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              values:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                      type: object
+                    name:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              targets:
+                items:
+                  properties:
+                    clusterGroup:
+                      nullable: true
+                      type: string
+                    clusterGroupSelector:
+                      nullable: true
+                      properties:
+                        matchExpressions:
+                          items:
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              values:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                      type: object
+                    clusterName:
+                      nullable: true
+                      type: string
+                    clusterSelector:
+                      nullable: true
+                      properties:
+                        matchExpressions:
+                          items:
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              values:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                      type: object
+                    defaultNamespace:
+                      nullable: true
+                      type: string
+                    diff:
+                      nullable: true
+                      properties:
+                        comparePatches:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              jsonPointers:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              kind:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              operations:
+                                items:
+                                  properties:
+                                    op:
+                                      nullable: true
+                                      type: string
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    forceSyncGeneration:
+                      type: integer
+                    helm:
+                      nullable: true
+                      properties:
+                        chart:
+                          nullable: true
+                          type: string
+                        force:
+                          type: boolean
+                        maxHistory:
+                          type: integer
+                        releaseName:
+                          nullable: true
+                          type: string
+                        repo:
+                          nullable: true
+                          type: string
+                        takeOwnership:
+                          type: boolean
+                        timeoutSeconds:
+                          type: integer
+                        values:
+                          nullable: true
+                          type: object
+                          x-kubernetes-preserve-unknown-fields: true
+                        valuesFiles:
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                        valuesFrom:
+                          items:
+                            properties:
+                              configMapKeyRef:
+                                nullable: true
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              secretKeyRef:
+                                nullable: true
+                                properties:
+                                  key:
+                                    nullable: true
+                                    type: string
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                            type: object
+                          nullable: true
+                          type: array
+                        version:
+                          nullable: true
+                          type: string
+                      type: object
+                    kustomize:
+                      nullable: true
+                      properties:
+                        dir:
+                          nullable: true
+                          type: string
+                      type: object
+                    name:
+                      nullable: true
+                      type: string
+                    namespace:
+                      nullable: true
+                      type: string
+                    serviceAccount:
+                      nullable: true
+                      type: string
+                    yaml:
+                      nullable: true
+                      properties:
+                        overlays:
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                      type: object
+                  type: object
+                nullable: true
+                type: array
+              yaml:
+                nullable: true
+                properties:
+                  overlays:
+                    items:
+                      nullable: true
+                      type: string
+                    nullable: true
+                    type: array
+                type: object
+            type: object
+          status:
+            properties:
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              display:
+                properties:
+                  readyClusters:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                type: object
+              maxNew:
+                type: integer
+              maxUnavailable:
+                type: integer
+              maxUnavailablePartitions:
+                type: integer
+              newlyCreated:
+                type: integer
+              observedGeneration:
+                type: integer
+              partitions:
+                items:
+                  properties:
+                    count:
+                      type: integer
+                    maxUnavailable:
+                      type: integer
+                    name:
+                      nullable: true
+                      type: string
+                    summary:
+                      properties:
+                        desiredReady:
+                          type: integer
+                        errApplied:
+                          type: integer
+                        modified:
+                          type: integer
+                        nonReadyResources:
+                          items:
+                            properties:
+                              bundleState:
+                                nullable: true
+                                type: string
+                              message:
+                                nullable: true
+                                type: string
+                              modifiedStatus:
+                                items:
+                                  properties:
+                                    apiVersion:
+                                      nullable: true
+                                      type: string
+                                    delete:
+                                      type: boolean
+                                    kind:
+                                      nullable: true
+                                      type: string
+                                    missing:
+                                      type: boolean
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    namespace:
+                                      nullable: true
+                                      type: string
+                                    patch:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              name:
+                                nullable: true
+                                type: string
+                              nonReadyStatus:
+                                items:
+                                  properties:
+                                    apiVersion:
+                                      nullable: true
+                                      type: string
+                                    kind:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    namespace:
+                                      nullable: true
+                                      type: string
+                                    summary:
+                                      properties:
+                                        error:
+                                          type: boolean
+                                        message:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        state:
+                                          nullable: true
+                                          type: string
+                                        transitioning:
+                                          type: boolean
+                                      type: object
+                                    uid:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                        notReady:
+                          type: integer
+                        outOfSync:
+                          type: integer
+                        pending:
+                          type: integer
+                        ready:
+                          type: integer
+                        waitApplied:
+                          type: integer
+                      type: object
+                    unavailable:
+                      type: integer
+                  type: object
+                nullable: true
+                type: array
+              resourceKey:
+                items:
+                  properties:
+                    apiVersion:
+                      nullable: true
+                      type: string
+                    kind:
+                      nullable: true
+                      type: string
+                    name:
+                      nullable: true
+                      type: string
+                    namespace:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              summary:
+                properties:
+                  desiredReady:
+                    type: integer
+                  errApplied:
+                    type: integer
+                  modified:
+                    type: integer
+                  nonReadyResources:
+                    items:
+                      properties:
+                        bundleState:
+                          nullable: true
+                          type: string
+                        message:
+                          nullable: true
+                          type: string
+                        modifiedStatus:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              delete:
+                                type: boolean
+                              kind:
+                                nullable: true
+                                type: string
+                              missing:
+                                type: boolean
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              patch:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        name:
+                          nullable: true
+                          type: string
+                        nonReadyStatus:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              kind:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              summary:
+                                properties:
+                                  error:
+                                    type: boolean
+                                  message:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  state:
+                                    nullable: true
+                                    type: string
+                                  transitioning:
+                                    type: boolean
+                                type: object
+                              uid:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    nullable: true
+                    type: array
+                  notReady:
+                    type: integer
+                  outOfSync:
+                    type: integer
+                  pending:
+                    type: integer
+                  ready:
+                    type: integer
+                  waitApplied:
+                    type: integer
+                type: object
+              unavailable:
+                type: integer
+              unavailablePartitions:
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: bundledeployments.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: BundleDeployment
+    plural: bundledeployments
+    singular: bundledeployment
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.display.deployed
+      name: Deployed
+      type: string
+    - jsonPath: .status.display.monitored
+      name: Monitored
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              dependsOn:
+                items:
+                  properties:
+                    name:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              deploymentID:
+                nullable: true
+                type: string
+              options:
+                properties:
+                  defaultNamespace:
+                    nullable: true
+                    type: string
+                  diff:
+                    nullable: true
+                    properties:
+                      comparePatches:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            jsonPointers:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                            kind:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            operations:
+                              items:
+                                properties:
+                                  op:
+                                    nullable: true
+                                    type: string
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  value:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  forceSyncGeneration:
+                    type: integer
+                  helm:
+                    nullable: true
+                    properties:
+                      chart:
+                        nullable: true
+                        type: string
+                      force:
+                        type: boolean
+                      maxHistory:
+                        type: integer
+                      releaseName:
+                        nullable: true
+                        type: string
+                      repo:
+                        nullable: true
+                        type: string
+                      takeOwnership:
+                        type: boolean
+                      timeoutSeconds:
+                        type: integer
+                      values:
+                        nullable: true
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      valuesFiles:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                      valuesFrom:
+                        items:
+                          properties:
+                            configMapKeyRef:
+                              nullable: true
+                              properties:
+                                key:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            secretKeyRef:
+                              nullable: true
+                              properties:
+                                key:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                              type: object
+                          type: object
+                        nullable: true
+                        type: array
+                      version:
+                        nullable: true
+                        type: string
+                    type: object
+                  kustomize:
+                    nullable: true
+                    properties:
+                      dir:
+                        nullable: true
+                        type: string
+                    type: object
+                  namespace:
+                    nullable: true
+                    type: string
+                  serviceAccount:
+                    nullable: true
+                    type: string
+                  yaml:
+                    nullable: true
+                    properties:
+                      overlays:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                    type: object
+                type: object
+              stagedDeploymentID:
+                nullable: true
+                type: string
+              stagedOptions:
+                properties:
+                  defaultNamespace:
+                    nullable: true
+                    type: string
+                  diff:
+                    nullable: true
+                    properties:
+                      comparePatches:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            jsonPointers:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                            kind:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            operations:
+                              items:
+                                properties:
+                                  op:
+                                    nullable: true
+                                    type: string
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  value:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  forceSyncGeneration:
+                    type: integer
+                  helm:
+                    nullable: true
+                    properties:
+                      chart:
+                        nullable: true
+                        type: string
+                      force:
+                        type: boolean
+                      maxHistory:
+                        type: integer
+                      releaseName:
+                        nullable: true
+                        type: string
+                      repo:
+                        nullable: true
+                        type: string
+                      takeOwnership:
+                        type: boolean
+                      timeoutSeconds:
+                        type: integer
+                      values:
+                        nullable: true
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      valuesFiles:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                      valuesFrom:
+                        items:
+                          properties:
+                            configMapKeyRef:
+                              nullable: true
+                              properties:
+                                key:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            secretKeyRef:
+                              nullable: true
+                              properties:
+                                key:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                              type: object
+                          type: object
+                        nullable: true
+                        type: array
+                      version:
+                        nullable: true
+                        type: string
+                    type: object
+                  kustomize:
+                    nullable: true
+                    properties:
+                      dir:
+                        nullable: true
+                        type: string
+                    type: object
+                  namespace:
+                    nullable: true
+                    type: string
+                  serviceAccount:
+                    nullable: true
+                    type: string
+                  yaml:
+                    nullable: true
+                    properties:
+                      overlays:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                    type: object
+                type: object
+            type: object
+          status:
+            properties:
+              appliedDeploymentID:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              display:
+                properties:
+                  deployed:
+                    nullable: true
+                    type: string
+                  monitored:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                type: object
+              modifiedStatus:
+                items:
+                  properties:
+                    apiVersion:
+                      nullable: true
+                      type: string
+                    delete:
+                      type: boolean
+                    kind:
+                      nullable: true
+                      type: string
+                    missing:
+                      type: boolean
+                    name:
+                      nullable: true
+                      type: string
+                    namespace:
+                      nullable: true
+                      type: string
+                    patch:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              nonModified:
+                type: boolean
+              nonReadyStatus:
+                items:
+                  properties:
+                    apiVersion:
+                      nullable: true
+                      type: string
+                    kind:
+                      nullable: true
+                      type: string
+                    name:
+                      nullable: true
+                      type: string
+                    namespace:
+                      nullable: true
+                      type: string
+                    summary:
+                      properties:
+                        error:
+                          type: boolean
+                        message:
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                        state:
+                          nullable: true
+                          type: string
+                        transitioning:
+                          type: boolean
+                      type: object
+                    uid:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              ready:
+                type: boolean
+              release:
+                nullable: true
+                type: string
+              syncGeneration:
+                nullable: true
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: bundlenamespacemappings.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: BundleNamespaceMapping
+    plural: bundlenamespacemappings
+    singular: bundlenamespacemapping
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          bundleSelector:
+            nullable: true
+            properties:
+              matchExpressions:
+                items:
+                  properties:
+                    key:
+                      nullable: true
+                      type: string
+                    operator:
+                      nullable: true
+                      type: string
+                    values:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                  type: object
+                nullable: true
+                type: array
+              matchLabels:
+                additionalProperties:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: object
+            type: object
+          namespaceSelector:
+            nullable: true
+            properties:
+              matchExpressions:
+                items:
+                  properties:
+                    key:
+                      nullable: true
+                      type: string
+                    operator:
+                      nullable: true
+                      type: string
+                    values:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                  type: object
+                nullable: true
+                type: array
+              matchLabels:
+                additionalProperties:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clustergroups.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    categories:
+    - fleet
+    kind: ClusterGroup
+    plural: clustergroups
+    singular: clustergroup
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.display.readyClusters
+      name: Clusters-Ready
+      type: string
+    - jsonPath: .status.display.readyBundles
+      name: Bundles-Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              selector:
+                nullable: true
+                properties:
+                  matchExpressions:
+                    items:
+                      properties:
+                        key:
+                          nullable: true
+                          type: string
+                        operator:
+                          nullable: true
+                          type: string
+                        values:
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                      type: object
+                    nullable: true
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      nullable: true
+                      type: string
+                    nullable: true
+                    type: object
+                type: object
+            type: object
+          status:
+            properties:
+              clusterCount:
+                type: integer
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              display:
+                properties:
+                  readyBundles:
+                    nullable: true
+                    type: string
+                  readyClusters:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                type: object
+              nonReadyClusterCount:
+                type: integer
+              nonReadyClusters:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+              resourceCounts:
+                properties:
+                  desiredReady:
+                    type: integer
+                  missing:
+                    type: integer
+                  modified:
+                    type: integer
+                  notReady:
+                    type: integer
+                  orphaned:
+                    type: integer
+                  ready:
+                    type: integer
+                  unknown:
+                    type: integer
+                  waitApplied:
+                    type: integer
+                type: object
+              summary:
+                properties:
+                  desiredReady:
+                    type: integer
+                  errApplied:
+                    type: integer
+                  modified:
+                    type: integer
+                  nonReadyResources:
+                    items:
+                      properties:
+                        bundleState:
+                          nullable: true
+                          type: string
+                        message:
+                          nullable: true
+                          type: string
+                        modifiedStatus:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              delete:
+                                type: boolean
+                              kind:
+                                nullable: true
+                                type: string
+                              missing:
+                                type: boolean
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              patch:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        name:
+                          nullable: true
+                          type: string
+                        nonReadyStatus:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              kind:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              summary:
+                                properties:
+                                  error:
+                                    type: boolean
+                                  message:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  state:
+                                    nullable: true
+                                    type: string
+                                  transitioning:
+                                    type: boolean
+                                type: object
+                              uid:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    nullable: true
+                    type: array
+                  notReady:
+                    type: integer
+                  outOfSync:
+                    type: integer
+                  pending:
+                    type: integer
+                  ready:
+                    type: integer
+                  waitApplied:
+                    type: integer
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusters.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: Cluster
+    plural: clusters
+    singular: cluster
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.display.readyBundles
+      name: Bundles-Ready
+      type: string
+    - jsonPath: .status.display.readyNodes
+      name: Nodes-Ready
+      type: string
+    - jsonPath: .status.display.sampleNode
+      name: Sample-Node
+      type: string
+    - jsonPath: .status.agent.lastSeen
+      name: Last-Seen
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              agentEnvVars:
+                items:
+                  properties:
+                    name:
+                      nullable: true
+                      type: string
+                    value:
+                      nullable: true
+                      type: string
+                    valueFrom:
+                      nullable: true
+                      properties:
+                        configMapKeyRef:
+                          nullable: true
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            optional:
+                              nullable: true
+                              type: boolean
+                          type: object
+                        fieldRef:
+                          nullable: true
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            fieldPath:
+                              nullable: true
+                              type: string
+                          type: object
+                        resourceFieldRef:
+                          nullable: true
+                          properties:
+                            containerName:
+                              nullable: true
+                              type: string
+                            divisor:
+                              nullable: true
+                              type: string
+                            resource:
+                              nullable: true
+                              type: string
+                          type: object
+                        secretKeyRef:
+                          nullable: true
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            optional:
+                              nullable: true
+                              type: boolean
+                          type: object
+                      type: object
+                  type: object
+                nullable: true
+                type: array
+              agentNamespace:
+                nullable: true
+                type: string
+              clientID:
+                nullable: true
+                type: string
+              kubeConfigSecret:
+                nullable: true
+                type: string
+              paused:
+                type: boolean
+              redeployAgentGeneration:
+                type: integer
+            type: object
+          status:
+            properties:
+              agent:
+                properties:
+                  lastSeen:
+                    nullable: true
+                    type: string
+                  namespace:
+                    nullable: true
+                    type: string
+                  nonReadyNodeNames:
+                    items:
+                      nullable: true
+                      type: string
+                    nullable: true
+                    type: array
+                  nonReadyNodes:
+                    type: integer
+                  readyNodeNames:
+                    items:
+                      nullable: true
+                      type: string
+                    nullable: true
+                    type: array
+                  readyNodes:
+                    type: integer
+                type: object
+              agentDeployedGeneration:
+                nullable: true
+                type: integer
+              agentEnvVarsHash:
+                nullable: true
+                type: string
+              agentMigrated:
+                type: boolean
+              agentNamespaceMigrated:
+                type: boolean
+              cattleNamespaceMigrated:
+                type: boolean
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              desiredReadyGitRepos:
+                type: integer
+              display:
+                properties:
+                  readyBundles:
+                    nullable: true
+                    type: string
+                  readyNodes:
+                    nullable: true
+                    type: string
+                  sampleNode:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                type: object
+              namespace:
+                nullable: true
+                type: string
+              readyGitRepos:
+                type: integer
+              resourceCounts:
+                properties:
+                  desiredReady:
+                    type: integer
+                  missing:
+                    type: integer
+                  modified:
+                    type: integer
+                  notReady:
+                    type: integer
+                  orphaned:
+                    type: integer
+                  ready:
+                    type: integer
+                  unknown:
+                    type: integer
+                  waitApplied:
+                    type: integer
+                type: object
+              summary:
+                properties:
+                  desiredReady:
+                    type: integer
+                  errApplied:
+                    type: integer
+                  modified:
+                    type: integer
+                  nonReadyResources:
+                    items:
+                      properties:
+                        bundleState:
+                          nullable: true
+                          type: string
+                        message:
+                          nullable: true
+                          type: string
+                        modifiedStatus:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              delete:
+                                type: boolean
+                              kind:
+                                nullable: true
+                                type: string
+                              missing:
+                                type: boolean
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              patch:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        name:
+                          nullable: true
+                          type: string
+                        nonReadyStatus:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              kind:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              summary:
+                                properties:
+                                  error:
+                                    type: boolean
+                                  message:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  state:
+                                    nullable: true
+                                    type: string
+                                  transitioning:
+                                    type: boolean
+                                type: object
+                              uid:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    nullable: true
+                    type: array
+                  notReady:
+                    type: integer
+                  outOfSync:
+                    type: integer
+                  pending:
+                    type: integer
+                  ready:
+                    type: integer
+                  waitApplied:
+                    type: integer
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterregistrationtokens.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: ClusterRegistrationToken
+    plural: clusterregistrationtokens
+    singular: clusterregistrationtoken
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.secretName
+      name: Secret-Name
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              ttl:
+                nullable: true
+                type: string
+            type: object
+          status:
+            properties:
+              expires:
+                nullable: true
+                type: string
+              secretName:
+                nullable: true
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gitrepos.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    categories:
+    - fleet
+    kind: GitRepo
+    plural: gitrepos
+    singular: gitrepo
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.repo
+      name: Repo
+      type: string
+    - jsonPath: .status.commit
+      name: Commit
+      type: string
+    - jsonPath: .status.display.readyBundleDeployments
+      name: BundleDeployments-Ready
+      type: string
+    - jsonPath: .status.conditions[?(@.type=="Ready")].message
+      name: Status
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              branch:
+                nullable: true
+                type: string
+              caBundle:
+                nullable: true
+                type: string
+              clientSecretName:
+                nullable: true
+                type: string
+              forceSyncGeneration:
+                type: integer
+              helmSecretName:
+                nullable: true
+                type: string
+              imageScanCommit:
+                properties:
+                  authorEmail:
+                    nullable: true
+                    type: string
+                  authorName:
+                    nullable: true
+                    type: string
+                  messageTemplate:
+                    nullable: true
+                    type: string
+                type: object
+              imageScanInterval:
+                nullable: true
+                type: string
+              insecureSkipTLSVerify:
+                type: boolean
+              paths:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+              paused:
+                type: boolean
+              pollingInterval:
+                nullable: true
+                type: string
+              repo:
+                nullable: true
+                type: string
+              revision:
+                nullable: true
+                type: string
+              serviceAccount:
+                nullable: true
+                type: string
+              targetNamespace:
+                nullable: true
+                type: string
+              targets:
+                items:
+                  properties:
+                    clusterGroup:
+                      nullable: true
+                      type: string
+                    clusterGroupSelector:
+                      nullable: true
+                      properties:
+                        matchExpressions:
+                          items:
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              values:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                      type: object
+                    clusterName:
+                      nullable: true
+                      type: string
+                    clusterSelector:
+                      nullable: true
+                      properties:
+                        matchExpressions:
+                          items:
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              values:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          nullable: true
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                      type: object
+                    name:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+            type: object
+          status:
+            properties:
+              commit:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              desiredReadyClusters:
+                type: integer
+              display:
+                properties:
+                  error:
+                    type: boolean
+                  message:
+                    nullable: true
+                    type: string
+                  readyBundleDeployments:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                type: object
+              gitJobStatus:
+                nullable: true
+                type: string
+              lastSyncedImageScanTime:
+                nullable: true
+                type: string
+              observedGeneration:
+                type: integer
+              readyClusters:
+                type: integer
+              resourceCounts:
+                properties:
+                  desiredReady:
+                    type: integer
+                  missing:
+                    type: integer
+                  modified:
+                    type: integer
+                  notReady:
+                    type: integer
+                  orphaned:
+                    type: integer
+                  ready:
+                    type: integer
+                  unknown:
+                    type: integer
+                  waitApplied:
+                    type: integer
+                type: object
+              resourceErrors:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+              resources:
+                items:
+                  properties:
+                    apiVersion:
+                      nullable: true
+                      type: string
+                    error:
+                      type: boolean
+                    id:
+                      nullable: true
+                      type: string
+                    incompleteState:
+                      type: boolean
+                    kind:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    name:
+                      nullable: true
+                      type: string
+                    namespace:
+                      nullable: true
+                      type: string
+                    perClusterState:
+                      items:
+                        properties:
+                          clusterId:
+                            nullable: true
+                            type: string
+                          error:
+                            type: boolean
+                          message:
+                            nullable: true
+                            type: string
+                          patch:
+                            nullable: true
+                            type: object
+                            x-kubernetes-preserve-unknown-fields: true
+                          state:
+                            nullable: true
+                            type: string
+                          transitioning:
+                            type: boolean
+                        type: object
+                      nullable: true
+                      type: array
+                    state:
+                      nullable: true
+                      type: string
+                    transitioning:
+                      type: boolean
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              summary:
+                properties:
+                  desiredReady:
+                    type: integer
+                  errApplied:
+                    type: integer
+                  modified:
+                    type: integer
+                  nonReadyResources:
+                    items:
+                      properties:
+                        bundleState:
+                          nullable: true
+                          type: string
+                        message:
+                          nullable: true
+                          type: string
+                        modifiedStatus:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              delete:
+                                type: boolean
+                              kind:
+                                nullable: true
+                                type: string
+                              missing:
+                                type: boolean
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              patch:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        name:
+                          nullable: true
+                          type: string
+                        nonReadyStatus:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              kind:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                              summary:
+                                properties:
+                                  error:
+                                    type: boolean
+                                  message:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  state:
+                                    nullable: true
+                                    type: string
+                                  transitioning:
+                                    type: boolean
+                                type: object
+                              uid:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                    nullable: true
+                    type: array
+                  notReady:
+                    type: integer
+                  outOfSync:
+                    type: integer
+                  pending:
+                    type: integer
+                  ready:
+                    type: integer
+                  waitApplied:
+                    type: integer
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterregistrations.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: ClusterRegistration
+    plural: clusterregistrations
+    singular: clusterregistration
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.clusterName
+      name: Cluster-Name
+      type: string
+    - jsonPath: .spec.clusterLabels
+      name: Labels
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              clientID:
+                nullable: true
+                type: string
+              clientRandom:
+                nullable: true
+                type: string
+              clusterLabels:
+                additionalProperties:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: object
+            type: object
+          status:
+            properties:
+              clusterName:
+                nullable: true
+                type: string
+              granted:
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gitreporestrictions.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: GitRepoRestriction
+    plural: gitreporestrictions
+    singular: gitreporestriction
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .defaultServiceAccount
+      name: Default-ServiceAccount
+      type: string
+    - jsonPath: .allowedServiceAccounts
+      name: Allowed-ServiceAccounts
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          allowedClientSecretNames:
+            items:
+              nullable: true
+              type: string
+            nullable: true
+            type: array
+          allowedRepoPatterns:
+            items:
+              nullable: true
+              type: string
+            nullable: true
+            type: array
+          allowedServiceAccounts:
+            items:
+              nullable: true
+              type: string
+            nullable: true
+            type: array
+          defaultClientSecretName:
+            nullable: true
+            type: string
+          defaultServiceAccount:
+            nullable: true
+            type: string
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: contents.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: Content
+    plural: contents
+    singular: content
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          content:
+            nullable: true
+            type: string
+        type: object
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: imagescans.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    categories:
+    - fleet
+    kind: ImageScan
+    plural: imagescans
+    singular: imagescan
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.image
+      name: Repository
+      type: string
+    - jsonPath: .status.latestTag
+      name: Latest
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              gitrepoName:
+                nullable: true
+                type: string
+              image:
+                nullable: true
+                type: string
+              interval:
+                nullable: true
+                type: string
+              policy:
+                properties:
+                  alphabetical:
+                    nullable: true
+                    properties:
+                      order:
+                        nullable: true
+                        type: string
+                    type: object
+                  semver:
+                    nullable: true
+                    properties:
+                      range:
+                        nullable: true
+                        type: string
+                    type: object
+                type: object
+              secretRef:
+                nullable: true
+                properties:
+                  name:
+                    nullable: true
+                    type: string
+                type: object
+              suspend:
+                type: boolean
+              tagName:
+                nullable: true
+                type: string
+            type: object
+          status:
+            properties:
+              canonicalImageName:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              lastScanTime:
+                nullable: true
+                type: string
+              latestDigest:
+                nullable: true
+                type: string
+              latestImage:
+                nullable: true
+                type: string
+              latestTag:
+                nullable: true
+                type: string
+              observedGeneration:
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+{{- else -}}
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: bundles.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.display.readyClusters
+    name: BundleDeployments-Ready
+    type: string
+  - JSONPath: .status.conditions[?(@.type=="Ready")].message
+    name: Status
+    type: string
+  group: fleet.cattle.io
+  names:
+    kind: Bundle
+    plural: bundles
+    singular: bundle
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            defaultNamespace:
+              nullable: true
+              type: string
+            dependsOn:
+              items:
+                properties:
+                  name:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            diff:
+              nullable: true
+              properties:
+                comparePatches:
+                  items:
+                    properties:
+                      apiVersion:
+                        nullable: true
+                        type: string
+                      jsonPointers:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                      kind:
+                        nullable: true
+                        type: string
+                      name:
+                        nullable: true
+                        type: string
+                      namespace:
+                        nullable: true
+                        type: string
+                      operations:
+                        items:
+                          properties:
+                            op:
+                              nullable: true
+                              type: string
+                            path:
+                              nullable: true
+                              type: string
+                            value:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  nullable: true
+                  type: array
+              type: object
+            forceSyncGeneration:
+              type: integer
+            helm:
+              nullable: true
+              properties:
+                chart:
+                  nullable: true
+                  type: string
+                force:
+                  type: boolean
+                maxHistory:
+                  type: integer
+                releaseName:
+                  nullable: true
+                  type: string
+                repo:
+                  nullable: true
+                  type: string
+                takeOwnership:
+                  type: boolean
+                timeoutSeconds:
+                  type: integer
+                values:
+                  nullable: true
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+                valuesFiles:
+                  items:
+                    nullable: true
+                    type: string
+                  nullable: true
+                  type: array
+                valuesFrom:
+                  items:
+                    properties:
+                      configMapKeyRef:
+                        nullable: true
+                        properties:
+                          key:
+                            nullable: true
+                            type: string
+                          name:
+                            nullable: true
+                            type: string
+                          namespace:
+                            nullable: true
+                            type: string
+                        type: object
+                      secretKeyRef:
+                        nullable: true
+                        properties:
+                          key:
+                            nullable: true
+                            type: string
+                          name:
+                            nullable: true
+                            type: string
+                          namespace:
+                            nullable: true
+                            type: string
+                        type: object
+                    type: object
+                  nullable: true
+                  type: array
+                version:
+                  nullable: true
+                  type: string
+              type: object
+            kustomize:
+              nullable: true
+              properties:
+                dir:
+                  nullable: true
+                  type: string
+              type: object
+            namespace:
+              nullable: true
+              type: string
+            paused:
+              type: boolean
+            resources:
+              items:
+                properties:
+                  content:
+                    nullable: true
+                    type: string
+                  encoding:
+                    nullable: true
+                    type: string
+                  name:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            rolloutStrategy:
+              nullable: true
+              properties:
+                autoPartitionSize:
+                  nullable: true
+                  type: string
+                maxUnavailable:
+                  nullable: true
+                  type: string
+                maxUnavailablePartitions:
+                  nullable: true
+                  type: string
+                partitions:
+                  items:
+                    properties:
+                      clusterGroup:
+                        nullable: true
+                        type: string
+                      clusterGroupSelector:
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            items:
+                              properties:
+                                key:
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  nullable: true
+                                  type: string
+                                values:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                        type: object
+                      clusterName:
+                        nullable: true
+                        type: string
+                      clusterSelector:
+                        nullable: true
+                        properties:
+                          matchExpressions:
+                            items:
+                              properties:
+                                key:
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  nullable: true
+                                  type: string
+                                values:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                              type: object
+                            nullable: true
+                            type: array
+                          matchLabels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                        type: object
+                      maxUnavailable:
+                        nullable: true
+                        type: string
+                      name:
+                        nullable: true
+                        type: string
+                    type: object
+                  nullable: true
+                  type: array
+              type: object
+            serviceAccount:
+              nullable: true
+              type: string
+            targetRestrictions:
+              items:
+                properties:
+                  clusterGroup:
+                    nullable: true
+                    type: string
+                  clusterGroupSelector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                  clusterName:
+                    nullable: true
+                    type: string
+                  clusterSelector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                  name:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            targets:
+              items:
+                properties:
+                  clusterGroup:
+                    nullable: true
+                    type: string
+                  clusterGroupSelector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                  clusterName:
+                    nullable: true
+                    type: string
+                  clusterSelector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                  defaultNamespace:
+                    nullable: true
+                    type: string
+                  diff:
+                    nullable: true
+                    properties:
+                      comparePatches:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            jsonPointers:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                            kind:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            operations:
+                              items:
+                                properties:
+                                  op:
+                                    nullable: true
+                                    type: string
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  value:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  forceSyncGeneration:
+                    type: integer
+                  helm:
+                    nullable: true
+                    properties:
+                      chart:
+                        nullable: true
+                        type: string
+                      force:
+                        type: boolean
+                      maxHistory:
+                        type: integer
+                      releaseName:
+                        nullable: true
+                        type: string
+                      repo:
+                        nullable: true
+                        type: string
+                      takeOwnership:
+                        type: boolean
+                      timeoutSeconds:
+                        type: integer
+                      values:
+                        nullable: true
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      valuesFiles:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                      valuesFrom:
+                        items:
+                          properties:
+                            configMapKeyRef:
+                              nullable: true
+                              properties:
+                                key:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            secretKeyRef:
+                              nullable: true
+                              properties:
+                                key:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                namespace:
+                                  nullable: true
+                                  type: string
+                              type: object
+                          type: object
+                        nullable: true
+                        type: array
+                      version:
+                        nullable: true
+                        type: string
+                    type: object
+                  kustomize:
+                    nullable: true
+                    properties:
+                      dir:
+                        nullable: true
+                        type: string
+                    type: object
+                  name:
+                    nullable: true
+                    type: string
+                  namespace:
+                    nullable: true
+                    type: string
+                  serviceAccount:
+                    nullable: true
+                    type: string
+                  yaml:
+                    nullable: true
+                    properties:
+                      overlays:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                    type: object
+                type: object
+              nullable: true
+              type: array
+            yaml:
+              nullable: true
+              properties:
+                overlays:
+                  items:
+                    nullable: true
+                    type: string
+                  nullable: true
+                  type: array
+              type: object
+          type: object
+        status:
+          properties:
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            display:
+              properties:
+                readyClusters:
+                  nullable: true
+                  type: string
+                state:
+                  nullable: true
+                  type: string
+              type: object
+            maxNew:
+              type: integer
+            maxUnavailable:
+              type: integer
+            maxUnavailablePartitions:
+              type: integer
+            newlyCreated:
+              type: integer
+            observedGeneration:
+              type: integer
+            partitions:
+              items:
+                properties:
+                  count:
+                    type: integer
+                  maxUnavailable:
+                    type: integer
+                  name:
+                    nullable: true
+                    type: string
+                  summary:
+                    properties:
+                      desiredReady:
+                        type: integer
+                      errApplied:
+                        type: integer
+                      modified:
+                        type: integer
+                      nonReadyResources:
+                        items:
+                          properties:
+                            bundleState:
+                              nullable: true
+                              type: string
+                            message:
+                              nullable: true
+                              type: string
+                            modifiedStatus:
+                              items:
+                                properties:
+                                  apiVersion:
+                                    nullable: true
+                                    type: string
+                                  delete:
+                                    type: boolean
+                                  kind:
+                                    nullable: true
+                                    type: string
+                                  missing:
+                                    type: boolean
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                  patch:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                            name:
+                              nullable: true
+                              type: string
+                            nonReadyStatus:
+                              items:
+                                properties:
+                                  apiVersion:
+                                    nullable: true
+                                    type: string
+                                  kind:
+                                    nullable: true
+                                    type: string
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  namespace:
+                                    nullable: true
+                                    type: string
+                                  summary:
+                                    properties:
+                                      error:
+                                        type: boolean
+                                      message:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      state:
+                                        nullable: true
+                                        type: string
+                                      transitioning:
+                                        type: boolean
+                                    type: object
+                                  uid:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      notReady:
+                        type: integer
+                      outOfSync:
+                        type: integer
+                      pending:
+                        type: integer
+                      ready:
+                        type: integer
+                      waitApplied:
+                        type: integer
+                    type: object
+                  unavailable:
+                    type: integer
+                type: object
+              nullable: true
+              type: array
+            resourceKey:
+              items:
+                properties:
+                  apiVersion:
+                    nullable: true
+                    type: string
+                  kind:
+                    nullable: true
+                    type: string
+                  name:
+                    nullable: true
+                    type: string
+                  namespace:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            summary:
+              properties:
+                desiredReady:
+                  type: integer
+                errApplied:
+                  type: integer
+                modified:
+                  type: integer
+                nonReadyResources:
+                  items:
+                    properties:
+                      bundleState:
+                        nullable: true
+                        type: string
+                      message:
+                        nullable: true
+                        type: string
+                      modifiedStatus:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            delete:
+                              type: boolean
+                            kind:
+                              nullable: true
+                              type: string
+                            missing:
+                              type: boolean
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            patch:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                      name:
+                        nullable: true
+                        type: string
+                      nonReadyStatus:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            kind:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            summary:
+                              properties:
+                                error:
+                                  type: boolean
+                                message:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                state:
+                                  nullable: true
+                                  type: string
+                                transitioning:
+                                  type: boolean
+                              type: object
+                            uid:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  nullable: true
+                  type: array
+                notReady:
+                  type: integer
+                outOfSync:
+                  type: integer
+                pending:
+                  type: integer
+                ready:
+                  type: integer
+                waitApplied:
+                  type: integer
+              type: object
+            unavailable:
+              type: integer
+            unavailablePartitions:
+              type: integer
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: bundledeployments.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.display.deployed
+    name: Deployed
+    type: string
+  - JSONPath: .status.display.monitored
+    name: Monitored
+    type: string
+  - JSONPath: .status.conditions[?(@.type=="Ready")].message
+    name: Status
+    type: string
+  group: fleet.cattle.io
+  names:
+    kind: BundleDeployment
+    plural: bundledeployments
+    singular: bundledeployment
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            dependsOn:
+              items:
+                properties:
+                  name:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            deploymentID:
+              nullable: true
+              type: string
+            options:
+              properties:
+                defaultNamespace:
+                  nullable: true
+                  type: string
+                diff:
+                  nullable: true
+                  properties:
+                    comparePatches:
+                      items:
+                        properties:
+                          apiVersion:
+                            nullable: true
+                            type: string
+                          jsonPointers:
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                          kind:
+                            nullable: true
+                            type: string
+                          name:
+                            nullable: true
+                            type: string
+                          namespace:
+                            nullable: true
+                            type: string
+                          operations:
+                            items:
+                              properties:
+                                op:
+                                  nullable: true
+                                  type: string
+                                path:
+                                  nullable: true
+                                  type: string
+                                value:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                  type: object
+                forceSyncGeneration:
+                  type: integer
+                helm:
+                  nullable: true
+                  properties:
+                    chart:
+                      nullable: true
+                      type: string
+                    force:
+                      type: boolean
+                    maxHistory:
+                      type: integer
+                    releaseName:
+                      nullable: true
+                      type: string
+                    repo:
+                      nullable: true
+                      type: string
+                    takeOwnership:
+                      type: boolean
+                    timeoutSeconds:
+                      type: integer
+                    values:
+                      nullable: true
+                      type: object
+                      x-kubernetes-preserve-unknown-fields: true
+                    valuesFiles:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                    valuesFrom:
+                      items:
+                        properties:
+                          configMapKeyRef:
+                            nullable: true
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                            type: object
+                          secretKeyRef:
+                            nullable: true
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                            type: object
+                        type: object
+                      nullable: true
+                      type: array
+                    version:
+                      nullable: true
+                      type: string
+                  type: object
+                kustomize:
+                  nullable: true
+                  properties:
+                    dir:
+                      nullable: true
+                      type: string
+                  type: object
+                namespace:
+                  nullable: true
+                  type: string
+                serviceAccount:
+                  nullable: true
+                  type: string
+                yaml:
+                  nullable: true
+                  properties:
+                    overlays:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                  type: object
+              type: object
+            stagedDeploymentID:
+              nullable: true
+              type: string
+            stagedOptions:
+              properties:
+                defaultNamespace:
+                  nullable: true
+                  type: string
+                diff:
+                  nullable: true
+                  properties:
+                    comparePatches:
+                      items:
+                        properties:
+                          apiVersion:
+                            nullable: true
+                            type: string
+                          jsonPointers:
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                          kind:
+                            nullable: true
+                            type: string
+                          name:
+                            nullable: true
+                            type: string
+                          namespace:
+                            nullable: true
+                            type: string
+                          operations:
+                            items:
+                              properties:
+                                op:
+                                  nullable: true
+                                  type: string
+                                path:
+                                  nullable: true
+                                  type: string
+                                value:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                  type: object
+                forceSyncGeneration:
+                  type: integer
+                helm:
+                  nullable: true
+                  properties:
+                    chart:
+                      nullable: true
+                      type: string
+                    force:
+                      type: boolean
+                    maxHistory:
+                      type: integer
+                    releaseName:
+                      nullable: true
+                      type: string
+                    repo:
+                      nullable: true
+                      type: string
+                    takeOwnership:
+                      type: boolean
+                    timeoutSeconds:
+                      type: integer
+                    values:
+                      nullable: true
+                      type: object
+                      x-kubernetes-preserve-unknown-fields: true
+                    valuesFiles:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                    valuesFrom:
+                      items:
+                        properties:
+                          configMapKeyRef:
+                            nullable: true
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                            type: object
+                          secretKeyRef:
+                            nullable: true
+                            properties:
+                              key:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              namespace:
+                                nullable: true
+                                type: string
+                            type: object
+                        type: object
+                      nullable: true
+                      type: array
+                    version:
+                      nullable: true
+                      type: string
+                  type: object
+                kustomize:
+                  nullable: true
+                  properties:
+                    dir:
+                      nullable: true
+                      type: string
+                  type: object
+                namespace:
+                  nullable: true
+                  type: string
+                serviceAccount:
+                  nullable: true
+                  type: string
+                yaml:
+                  nullable: true
+                  properties:
+                    overlays:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                  type: object
+              type: object
+          type: object
+        status:
+          properties:
+            appliedDeploymentID:
+              nullable: true
+              type: string
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            display:
+              properties:
+                deployed:
+                  nullable: true
+                  type: string
+                monitored:
+                  nullable: true
+                  type: string
+                state:
+                  nullable: true
+                  type: string
+              type: object
+            modifiedStatus:
+              items:
+                properties:
+                  apiVersion:
+                    nullable: true
+                    type: string
+                  delete:
+                    type: boolean
+                  kind:
+                    nullable: true
+                    type: string
+                  missing:
+                    type: boolean
+                  name:
+                    nullable: true
+                    type: string
+                  namespace:
+                    nullable: true
+                    type: string
+                  patch:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            nonModified:
+              type: boolean
+            nonReadyStatus:
+              items:
+                properties:
+                  apiVersion:
+                    nullable: true
+                    type: string
+                  kind:
+                    nullable: true
+                    type: string
+                  name:
+                    nullable: true
+                    type: string
+                  namespace:
+                    nullable: true
+                    type: string
+                  summary:
+                    properties:
+                      error:
+                        type: boolean
+                      message:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                      state:
+                        nullable: true
+                        type: string
+                      transitioning:
+                        type: boolean
+                    type: object
+                  uid:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            ready:
+              type: boolean
+            release:
+              nullable: true
+              type: string
+            syncGeneration:
+              nullable: true
+              type: integer
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: bundlenamespacemappings.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: BundleNamespaceMapping
+    plural: bundlenamespacemappings
+    singular: bundlenamespacemapping
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        bundleSelector:
+          nullable: true
+          properties:
+            matchExpressions:
+              items:
+                properties:
+                  key:
+                    nullable: true
+                    type: string
+                  operator:
+                    nullable: true
+                    type: string
+                  values:
+                    items:
+                      nullable: true
+                      type: string
+                    nullable: true
+                    type: array
+                type: object
+              nullable: true
+              type: array
+            matchLabels:
+              additionalProperties:
+                nullable: true
+                type: string
+              nullable: true
+              type: object
+          type: object
+        namespaceSelector:
+          nullable: true
+          properties:
+            matchExpressions:
+              items:
+                properties:
+                  key:
+                    nullable: true
+                    type: string
+                  operator:
+                    nullable: true
+                    type: string
+                  values:
+                    items:
+                      nullable: true
+                      type: string
+                    nullable: true
+                    type: array
+                type: object
+              nullable: true
+              type: array
+            matchLabels:
+              additionalProperties:
+                nullable: true
+                type: string
+              nullable: true
+              type: object
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clustergroups.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.display.readyClusters
+    name: Clusters-Ready
+    type: string
+  - JSONPath: .status.display.readyBundles
+    name: Bundles-Ready
+    type: string
+  - JSONPath: .status.conditions[?(@.type=="Ready")].message
+    name: Status
+    type: string
+  group: fleet.cattle.io
+  names:
+    categories:
+    - fleet
+    kind: ClusterGroup
+    plural: clustergroups
+    singular: clustergroup
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            selector:
+              nullable: true
+              properties:
+                matchExpressions:
+                  items:
+                    properties:
+                      key:
+                        nullable: true
+                        type: string
+                      operator:
+                        nullable: true
+                        type: string
+                      values:
+                        items:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: array
+                    type: object
+                  nullable: true
+                  type: array
+                matchLabels:
+                  additionalProperties:
+                    nullable: true
+                    type: string
+                  nullable: true
+                  type: object
+              type: object
+          type: object
+        status:
+          properties:
+            clusterCount:
+              type: integer
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            display:
+              properties:
+                readyBundles:
+                  nullable: true
+                  type: string
+                readyClusters:
+                  nullable: true
+                  type: string
+                state:
+                  nullable: true
+                  type: string
+              type: object
+            nonReadyClusterCount:
+              type: integer
+            nonReadyClusters:
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+            resourceCounts:
+              properties:
+                desiredReady:
+                  type: integer
+                missing:
+                  type: integer
+                modified:
+                  type: integer
+                notReady:
+                  type: integer
+                orphaned:
+                  type: integer
+                ready:
+                  type: integer
+                unknown:
+                  type: integer
+                waitApplied:
+                  type: integer
+              type: object
+            summary:
+              properties:
+                desiredReady:
+                  type: integer
+                errApplied:
+                  type: integer
+                modified:
+                  type: integer
+                nonReadyResources:
+                  items:
+                    properties:
+                      bundleState:
+                        nullable: true
+                        type: string
+                      message:
+                        nullable: true
+                        type: string
+                      modifiedStatus:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            delete:
+                              type: boolean
+                            kind:
+                              nullable: true
+                              type: string
+                            missing:
+                              type: boolean
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            patch:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                      name:
+                        nullable: true
+                        type: string
+                      nonReadyStatus:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            kind:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            summary:
+                              properties:
+                                error:
+                                  type: boolean
+                                message:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                state:
+                                  nullable: true
+                                  type: string
+                                transitioning:
+                                  type: boolean
+                              type: object
+                            uid:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  nullable: true
+                  type: array
+                notReady:
+                  type: integer
+                outOfSync:
+                  type: integer
+                pending:
+                  type: integer
+                ready:
+                  type: integer
+                waitApplied:
+                  type: integer
+              type: object
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusters.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.display.readyBundles
+    name: Bundles-Ready
+    type: string
+  - JSONPath: .status.display.readyNodes
+    name: Nodes-Ready
+    type: string
+  - JSONPath: .status.display.sampleNode
+    name: Sample-Node
+    type: string
+  - JSONPath: .status.agent.lastSeen
+    name: Last-Seen
+    type: string
+  - JSONPath: .status.conditions[?(@.type=="Ready")].message
+    name: Status
+    type: string
+  group: fleet.cattle.io
+  names:
+    kind: Cluster
+    plural: clusters
+    singular: cluster
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            agentEnvVars:
+              items:
+                properties:
+                  name:
+                    nullable: true
+                    type: string
+                  value:
+                    nullable: true
+                    type: string
+                  valueFrom:
+                    nullable: true
+                    properties:
+                      configMapKeyRef:
+                        nullable: true
+                        properties:
+                          key:
+                            nullable: true
+                            type: string
+                          name:
+                            nullable: true
+                            type: string
+                          optional:
+                            nullable: true
+                            type: boolean
+                        type: object
+                      fieldRef:
+                        nullable: true
+                        properties:
+                          apiVersion:
+                            nullable: true
+                            type: string
+                          fieldPath:
+                            nullable: true
+                            type: string
+                        type: object
+                      resourceFieldRef:
+                        nullable: true
+                        properties:
+                          containerName:
+                            nullable: true
+                            type: string
+                          divisor:
+                            nullable: true
+                            type: string
+                          resource:
+                            nullable: true
+                            type: string
+                        type: object
+                      secretKeyRef:
+                        nullable: true
+                        properties:
+                          key:
+                            nullable: true
+                            type: string
+                          name:
+                            nullable: true
+                            type: string
+                          optional:
+                            nullable: true
+                            type: boolean
+                        type: object
+                    type: object
+                type: object
+              nullable: true
+              type: array
+            agentNamespace:
+              nullable: true
+              type: string
+            clientID:
+              nullable: true
+              type: string
+            kubeConfigSecret:
+              nullable: true
+              type: string
+            paused:
+              type: boolean
+            redeployAgentGeneration:
+              type: integer
+          type: object
+        status:
+          properties:
+            agent:
+              properties:
+                lastSeen:
+                  nullable: true
+                  type: string
+                namespace:
+                  nullable: true
+                  type: string
+                nonReadyNodeNames:
+                  items:
+                    nullable: true
+                    type: string
+                  nullable: true
+                  type: array
+                nonReadyNodes:
+                  type: integer
+                readyNodeNames:
+                  items:
+                    nullable: true
+                    type: string
+                  nullable: true
+                  type: array
+                readyNodes:
+                  type: integer
+              type: object
+            agentDeployedGeneration:
+              nullable: true
+              type: integer
+            agentEnvVarsHash:
+              nullable: true
+              type: string
+            agentMigrated:
+              type: boolean
+            agentNamespaceMigrated:
+              type: boolean
+            cattleNamespaceMigrated:
+              type: boolean
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            desiredReadyGitRepos:
+              type: integer
+            display:
+              properties:
+                readyBundles:
+                  nullable: true
+                  type: string
+                readyNodes:
+                  nullable: true
+                  type: string
+                sampleNode:
+                  nullable: true
+                  type: string
+                state:
+                  nullable: true
+                  type: string
+              type: object
+            namespace:
+              nullable: true
+              type: string
+            readyGitRepos:
+              type: integer
+            resourceCounts:
+              properties:
+                desiredReady:
+                  type: integer
+                missing:
+                  type: integer
+                modified:
+                  type: integer
+                notReady:
+                  type: integer
+                orphaned:
+                  type: integer
+                ready:
+                  type: integer
+                unknown:
+                  type: integer
+                waitApplied:
+                  type: integer
+              type: object
+            summary:
+              properties:
+                desiredReady:
+                  type: integer
+                errApplied:
+                  type: integer
+                modified:
+                  type: integer
+                nonReadyResources:
+                  items:
+                    properties:
+                      bundleState:
+                        nullable: true
+                        type: string
+                      message:
+                        nullable: true
+                        type: string
+                      modifiedStatus:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            delete:
+                              type: boolean
+                            kind:
+                              nullable: true
+                              type: string
+                            missing:
+                              type: boolean
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            patch:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                      name:
+                        nullable: true
+                        type: string
+                      nonReadyStatus:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            kind:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            summary:
+                              properties:
+                                error:
+                                  type: boolean
+                                message:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                state:
+                                  nullable: true
+                                  type: string
+                                transitioning:
+                                  type: boolean
+                              type: object
+                            uid:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  nullable: true
+                  type: array
+                notReady:
+                  type: integer
+                outOfSync:
+                  type: integer
+                pending:
+                  type: integer
+                ready:
+                  type: integer
+                waitApplied:
+                  type: integer
+              type: object
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterregistrationtokens.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.secretName
+    name: Secret-Name
+    type: string
+  group: fleet.cattle.io
+  names:
+    kind: ClusterRegistrationToken
+    plural: clusterregistrationtokens
+    singular: clusterregistrationtoken
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            ttl:
+              nullable: true
+              type: string
+          type: object
+        status:
+          properties:
+            expires:
+              nullable: true
+              type: string
+            secretName:
+              nullable: true
+              type: string
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: gitrepos.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.repo
+    name: Repo
+    type: string
+  - JSONPath: .status.commit
+    name: Commit
+    type: string
+  - JSONPath: .status.display.readyBundleDeployments
+    name: BundleDeployments-Ready
+    type: string
+  - JSONPath: .status.conditions[?(@.type=="Ready")].message
+    name: Status
+    type: string
+  group: fleet.cattle.io
+  names:
+    categories:
+    - fleet
+    kind: GitRepo
+    plural: gitrepos
+    singular: gitrepo
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            branch:
+              nullable: true
+              type: string
+            caBundle:
+              nullable: true
+              type: string
+            clientSecretName:
+              nullable: true
+              type: string
+            forceSyncGeneration:
+              type: integer
+            helmSecretName:
+              nullable: true
+              type: string
+            imageScanCommit:
+              properties:
+                authorEmail:
+                  nullable: true
+                  type: string
+                authorName:
+                  nullable: true
+                  type: string
+                messageTemplate:
+                  nullable: true
+                  type: string
+              type: object
+            imageScanInterval:
+              nullable: true
+              type: string
+            insecureSkipTLSVerify:
+              type: boolean
+            paths:
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+            paused:
+              type: boolean
+            pollingInterval:
+              nullable: true
+              type: string
+            repo:
+              nullable: true
+              type: string
+            revision:
+              nullable: true
+              type: string
+            serviceAccount:
+              nullable: true
+              type: string
+            targetNamespace:
+              nullable: true
+              type: string
+            targets:
+              items:
+                properties:
+                  clusterGroup:
+                    nullable: true
+                    type: string
+                  clusterGroupSelector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                  clusterName:
+                    nullable: true
+                    type: string
+                  clusterSelector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                  name:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+          type: object
+        status:
+          properties:
+            commit:
+              nullable: true
+              type: string
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            desiredReadyClusters:
+              type: integer
+            display:
+              properties:
+                error:
+                  type: boolean
+                message:
+                  nullable: true
+                  type: string
+                readyBundleDeployments:
+                  nullable: true
+                  type: string
+                state:
+                  nullable: true
+                  type: string
+              type: object
+            gitJobStatus:
+              nullable: true
+              type: string
+            lastSyncedImageScanTime:
+              nullable: true
+              type: string
+            observedGeneration:
+              type: integer
+            readyClusters:
+              type: integer
+            resourceCounts:
+              properties:
+                desiredReady:
+                  type: integer
+                missing:
+                  type: integer
+                modified:
+                  type: integer
+                notReady:
+                  type: integer
+                orphaned:
+                  type: integer
+                ready:
+                  type: integer
+                unknown:
+                  type: integer
+                waitApplied:
+                  type: integer
+              type: object
+            resourceErrors:
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+            resources:
+              items:
+                properties:
+                  apiVersion:
+                    nullable: true
+                    type: string
+                  error:
+                    type: boolean
+                  id:
+                    nullable: true
+                    type: string
+                  incompleteState:
+                    type: boolean
+                  kind:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  name:
+                    nullable: true
+                    type: string
+                  namespace:
+                    nullable: true
+                    type: string
+                  perClusterState:
+                    items:
+                      properties:
+                        clusterId:
+                          nullable: true
+                          type: string
+                        error:
+                          type: boolean
+                        message:
+                          nullable: true
+                          type: string
+                        patch:
+                          nullable: true
+                          type: object
+                          x-kubernetes-preserve-unknown-fields: true
+                        state:
+                          nullable: true
+                          type: string
+                        transitioning:
+                          type: boolean
+                      type: object
+                    nullable: true
+                    type: array
+                  state:
+                    nullable: true
+                    type: string
+                  transitioning:
+                    type: boolean
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            summary:
+              properties:
+                desiredReady:
+                  type: integer
+                errApplied:
+                  type: integer
+                modified:
+                  type: integer
+                nonReadyResources:
+                  items:
+                    properties:
+                      bundleState:
+                        nullable: true
+                        type: string
+                      message:
+                        nullable: true
+                        type: string
+                      modifiedStatus:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            delete:
+                              type: boolean
+                            kind:
+                              nullable: true
+                              type: string
+                            missing:
+                              type: boolean
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            patch:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                      name:
+                        nullable: true
+                        type: string
+                      nonReadyStatus:
+                        items:
+                          properties:
+                            apiVersion:
+                              nullable: true
+                              type: string
+                            kind:
+                              nullable: true
+                              type: string
+                            name:
+                              nullable: true
+                              type: string
+                            namespace:
+                              nullable: true
+                              type: string
+                            summary:
+                              properties:
+                                error:
+                                  type: boolean
+                                message:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                state:
+                                  nullable: true
+                                  type: string
+                                transitioning:
+                                  type: boolean
+                              type: object
+                            uid:
+                              nullable: true
+                              type: string
+                          type: object
+                        nullable: true
+                        type: array
+                    type: object
+                  nullable: true
+                  type: array
+                notReady:
+                  type: integer
+                outOfSync:
+                  type: integer
+                pending:
+                  type: integer
+                ready:
+                  type: integer
+                waitApplied:
+                  type: integer
+              type: object
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterregistrations.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.clusterName
+    name: Cluster-Name
+    type: string
+  - JSONPath: .spec.clusterLabels
+    name: Labels
+    type: string
+  group: fleet.cattle.io
+  names:
+    kind: ClusterRegistration
+    plural: clusterregistrations
+    singular: clusterregistration
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            clientID:
+              nullable: true
+              type: string
+            clientRandom:
+              nullable: true
+              type: string
+            clusterLabels:
+              additionalProperties:
+                nullable: true
+                type: string
+              nullable: true
+              type: object
+          type: object
+        status:
+          properties:
+            clusterName:
+              nullable: true
+              type: string
+            granted:
+              type: boolean
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: gitreporestrictions.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .defaultServiceAccount
+    name: Default-ServiceAccount
+    type: string
+  - JSONPath: .allowedServiceAccounts
+    name: Allowed-ServiceAccounts
+    type: string
+  group: fleet.cattle.io
+  names:
+    kind: GitRepoRestriction
+    plural: gitreporestrictions
+    singular: gitreporestriction
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        allowedClientSecretNames:
+          items:
+            nullable: true
+            type: string
+          nullable: true
+          type: array
+        allowedRepoPatterns:
+          items:
+            nullable: true
+            type: string
+          nullable: true
+          type: array
+        allowedServiceAccounts:
+          items:
+            nullable: true
+            type: string
+          nullable: true
+          type: array
+        defaultClientSecretName:
+          nullable: true
+          type: string
+        defaultServiceAccount:
+          nullable: true
+          type: string
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: contents.fleet.cattle.io
+spec:
+  group: fleet.cattle.io
+  names:
+    kind: Content
+    plural: contents
+    singular: content
+  preserveUnknownFields: false
+  scope: Cluster
+  validation:
+    openAPIV3Schema:
+      properties:
+        content:
+          nullable: true
+          type: string
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: imagescans.fleet.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.image
+    name: Repository
+    type: string
+  - JSONPath: .status.latestTag
+    name: Latest
+    type: string
+  group: fleet.cattle.io
+  names:
+    categories:
+    - fleet
+    kind: ImageScan
+    plural: imagescans
+    singular: imagescan
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            gitrepoName:
+              nullable: true
+              type: string
+            image:
+              nullable: true
+              type: string
+            interval:
+              nullable: true
+              type: string
+            policy:
+              properties:
+                alphabetical:
+                  nullable: true
+                  properties:
+                    order:
+                      nullable: true
+                      type: string
+                  type: object
+                semver:
+                  nullable: true
+                  properties:
+                    range:
+                      nullable: true
+                      type: string
+                  type: object
+              type: object
+            secretRef:
+              nullable: true
+              properties:
+                name:
+                  nullable: true
+                  type: string
+              type: object
+            suspend:
+              type: boolean
+            tagName:
+              nullable: true
+              type: string
+          type: object
+        status:
+          properties:
+            canonicalImageName:
+              nullable: true
+              type: string
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            lastScanTime:
+              nullable: true
+              type: string
+            latestDigest:
+              nullable: true
+              type: string
+            latestImage:
+              nullable: true
+              type: string
+            latestTag:
+              nullable: true
+              type: string
+            observedGeneration:
+              type: integer
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet-crd/fleet-crd/100.0.1+up0.3.7/templates/gitjobs-crds.yaml b/charts/fleet-crd/fleet-crd/100.0.1+up0.3.7/templates/gitjobs-crds.yaml
new file mode 100644
index 000000000..958aad932
--- /dev/null
+++ b/charts/fleet-crd/fleet-crd/100.0.1+up0.3.7/templates/gitjobs-crds.yaml
@@ -0,0 +1,6876 @@
+{{- if .Capabilities.APIVersions.Has "apiextensions.k8s.io/v1" -}}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: gitjobs.gitjob.cattle.io
+spec:
+  group: gitjob.cattle.io
+  names:
+    kind: GitJob
+    plural: gitjobs
+    singular: gitjob
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.git.repo
+      name: REPO
+      type: string
+    - jsonPath: .spec.git.branch
+      name: BRANCH
+      type: string
+    - jsonPath: .status.commit
+      name: COMMIT
+      type: string
+    - jsonPath: .status.jobStatus
+      name: JOBSTATUS
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              forceUpdateGeneration:
+                type: integer
+              git:
+                properties:
+                  branch:
+                    nullable: true
+                    type: string
+                  caBundle:
+                    nullable: true
+                    type: string
+                  clientSecretName:
+                    nullable: true
+                    type: string
+                  insecureSkipTLSVerify:
+                    type: boolean
+                  provider:
+                    nullable: true
+                    type: string
+                  repo:
+                    nullable: true
+                    type: string
+                  revision:
+                    nullable: true
+                    type: string
+                type: object
+              jobSpec:
+                properties:
+                  activeDeadlineSeconds:
+                    nullable: true
+                    type: integer
+                  backoffLimit:
+                    nullable: true
+                    type: integer
+                  completions:
+                    nullable: true
+                    type: integer
+                  manualSelector:
+                    nullable: true
+                    type: boolean
+                  parallelism:
+                    nullable: true
+                    type: integer
+                  selector:
+                    nullable: true
+                    properties:
+                      matchExpressions:
+                        items:
+                          properties:
+                            key:
+                              nullable: true
+                              type: string
+                            operator:
+                              nullable: true
+                              type: string
+                            values:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        nullable: true
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          nullable: true
+                          type: string
+                        nullable: true
+                        type: object
+                    type: object
+                  template:
+                    properties:
+                      metadata:
+                        properties:
+                          annotations:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          clusterName:
+                            nullable: true
+                            type: string
+                          creationTimestamp:
+                            nullable: true
+                            type: string
+                          deletionGracePeriodSeconds:
+                            nullable: true
+                            type: integer
+                          deletionTimestamp:
+                            nullable: true
+                            type: string
+                          finalizers:
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                          generateName:
+                            nullable: true
+                            type: string
+                          generation:
+                            type: integer
+                          labels:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          managedFields:
+                            items:
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                fieldsType:
+                                  nullable: true
+                                  type: string
+                                fieldsV1:
+                                  nullable: true
+                                  type: object
+                                manager:
+                                  nullable: true
+                                  type: string
+                                operation:
+                                  nullable: true
+                                  type: string
+                                time:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          name:
+                            nullable: true
+                            type: string
+                          namespace:
+                            nullable: true
+                            type: string
+                          ownerReferences:
+                            items:
+                              properties:
+                                apiVersion:
+                                  nullable: true
+                                  type: string
+                                blockOwnerDeletion:
+                                  nullable: true
+                                  type: boolean
+                                controller:
+                                  nullable: true
+                                  type: boolean
+                                kind:
+                                  nullable: true
+                                  type: string
+                                name:
+                                  nullable: true
+                                  type: string
+                                uid:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          resourceVersion:
+                            nullable: true
+                            type: string
+                          selfLink:
+                            nullable: true
+                            type: string
+                          uid:
+                            nullable: true
+                            type: string
+                        type: object
+                      spec:
+                        properties:
+                          activeDeadlineSeconds:
+                            nullable: true
+                            type: integer
+                          affinity:
+                            nullable: true
+                            properties:
+                              nodeAffinity:
+                                nullable: true
+                                properties:
+                                  preferredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        preference:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchFields:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        weight:
+                                          type: integer
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  requiredDuringSchedulingIgnoredDuringExecution:
+                                    nullable: true
+                                    properties:
+                                      nodeSelectorTerms:
+                                        items:
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchFields:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                type: object
+                              podAffinity:
+                                nullable: true
+                                properties:
+                                  preferredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        podAffinityTerm:
+                                          properties:
+                                            labelSelector:
+                                              nullable: true
+                                              properties:
+                                                matchExpressions:
+                                                  items:
+                                                    properties:
+                                                      key:
+                                                        nullable: true
+                                                        type: string
+                                                      operator:
+                                                        nullable: true
+                                                        type: string
+                                                      values:
+                                                        items:
+                                                          nullable: true
+                                                          type: string
+                                                        nullable: true
+                                                        type: array
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            namespaces:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                            topologyKey:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        weight:
+                                          type: integer
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  requiredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        labelSelector:
+                                          nullable: true
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                          type: object
+                                        namespaces:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        topologyKey:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                              podAntiAffinity:
+                                nullable: true
+                                properties:
+                                  preferredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        podAffinityTerm:
+                                          properties:
+                                            labelSelector:
+                                              nullable: true
+                                              properties:
+                                                matchExpressions:
+                                                  items:
+                                                    properties:
+                                                      key:
+                                                        nullable: true
+                                                        type: string
+                                                      operator:
+                                                        nullable: true
+                                                        type: string
+                                                      values:
+                                                        items:
+                                                          nullable: true
+                                                          type: string
+                                                        nullable: true
+                                                        type: array
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            namespaces:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                            topologyKey:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        weight:
+                                          type: integer
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  requiredDuringSchedulingIgnoredDuringExecution:
+                                    items:
+                                      properties:
+                                        labelSelector:
+                                          nullable: true
+                                          properties:
+                                            matchExpressions:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  operator:
+                                                    nullable: true
+                                                    type: string
+                                                  values:
+                                                    items:
+                                                      nullable: true
+                                                      type: string
+                                                    nullable: true
+                                                    type: array
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            matchLabels:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                          type: object
+                                        namespaces:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        topologyKey:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                            type: object
+                          automountServiceAccountToken:
+                            nullable: true
+                            type: boolean
+                          containers:
+                            items:
+                              properties:
+                                args:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                command:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                env:
+                                  items:
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      value:
+                                        nullable: true
+                                        type: string
+                                      valueFrom:
+                                        nullable: true
+                                        properties:
+                                          configMapKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          fieldRef:
+                                            nullable: true
+                                            properties:
+                                              apiVersion:
+                                                nullable: true
+                                                type: string
+                                              fieldPath:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          resourceFieldRef:
+                                            nullable: true
+                                            properties:
+                                              containerName:
+                                                nullable: true
+                                                type: string
+                                              divisor:
+                                                nullable: true
+                                                type: string
+                                              resource:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          secretKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                envFrom:
+                                  items:
+                                    properties:
+                                      configMapRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                      prefix:
+                                        nullable: true
+                                        type: string
+                                      secretRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                image:
+                                  nullable: true
+                                  type: string
+                                imagePullPolicy:
+                                  nullable: true
+                                  type: string
+                                lifecycle:
+                                  nullable: true
+                                  properties:
+                                    postStart:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                    preStop:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                  type: object
+                                livenessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                name:
+                                  nullable: true
+                                  type: string
+                                ports:
+                                  items:
+                                    properties:
+                                      containerPort:
+                                        type: integer
+                                      hostIP:
+                                        nullable: true
+                                        type: string
+                                      hostPort:
+                                        type: integer
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      protocol:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                readinessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                resources:
+                                  properties:
+                                    limits:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                    requests:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                securityContext:
+                                  nullable: true
+                                  properties:
+                                    allowPrivilegeEscalation:
+                                      nullable: true
+                                      type: boolean
+                                    capabilities:
+                                      nullable: true
+                                      properties:
+                                        add:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        drop:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    privileged:
+                                      nullable: true
+                                      type: boolean
+                                    procMount:
+                                      nullable: true
+                                      type: string
+                                    readOnlyRootFilesystem:
+                                      nullable: true
+                                      type: boolean
+                                    runAsGroup:
+                                      nullable: true
+                                      type: integer
+                                    runAsNonRoot:
+                                      nullable: true
+                                      type: boolean
+                                    runAsUser:
+                                      nullable: true
+                                      type: integer
+                                    seLinuxOptions:
+                                      nullable: true
+                                      properties:
+                                        level:
+                                          nullable: true
+                                          type: string
+                                        role:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                        user:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    seccompProfile:
+                                      nullable: true
+                                      properties:
+                                        localhostProfile:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    windowsOptions:
+                                      nullable: true
+                                      properties:
+                                        gmsaCredentialSpec:
+                                          nullable: true
+                                          type: string
+                                        gmsaCredentialSpecName:
+                                          nullable: true
+                                          type: string
+                                        runAsUserName:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                  type: object
+                                startupProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                stdin:
+                                  type: boolean
+                                stdinOnce:
+                                  type: boolean
+                                terminationMessagePath:
+                                  nullable: true
+                                  type: string
+                                terminationMessagePolicy:
+                                  nullable: true
+                                  type: string
+                                tty:
+                                  type: boolean
+                                volumeDevices:
+                                  items:
+                                    properties:
+                                      devicePath:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                volumeMounts:
+                                  items:
+                                    properties:
+                                      mountPath:
+                                        nullable: true
+                                        type: string
+                                      mountPropagation:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      readOnly:
+                                        type: boolean
+                                      subPath:
+                                        nullable: true
+                                        type: string
+                                      subPathExpr:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                workingDir:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          dnsConfig:
+                            nullable: true
+                            properties:
+                              nameservers:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              options:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              searches:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                            type: object
+                          dnsPolicy:
+                            nullable: true
+                            type: string
+                          enableServiceLinks:
+                            nullable: true
+                            type: boolean
+                          ephemeralContainers:
+                            items:
+                              properties:
+                                args:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                command:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                env:
+                                  items:
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      value:
+                                        nullable: true
+                                        type: string
+                                      valueFrom:
+                                        nullable: true
+                                        properties:
+                                          configMapKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          fieldRef:
+                                            nullable: true
+                                            properties:
+                                              apiVersion:
+                                                nullable: true
+                                                type: string
+                                              fieldPath:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          resourceFieldRef:
+                                            nullable: true
+                                            properties:
+                                              containerName:
+                                                nullable: true
+                                                type: string
+                                              divisor:
+                                                nullable: true
+                                                type: string
+                                              resource:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          secretKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                envFrom:
+                                  items:
+                                    properties:
+                                      configMapRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                      prefix:
+                                        nullable: true
+                                        type: string
+                                      secretRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                image:
+                                  nullable: true
+                                  type: string
+                                imagePullPolicy:
+                                  nullable: true
+                                  type: string
+                                lifecycle:
+                                  nullable: true
+                                  properties:
+                                    postStart:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                    preStop:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                  type: object
+                                livenessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                name:
+                                  nullable: true
+                                  type: string
+                                ports:
+                                  items:
+                                    properties:
+                                      containerPort:
+                                        type: integer
+                                      hostIP:
+                                        nullable: true
+                                        type: string
+                                      hostPort:
+                                        type: integer
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      protocol:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                readinessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                resources:
+                                  properties:
+                                    limits:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                    requests:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                securityContext:
+                                  nullable: true
+                                  properties:
+                                    allowPrivilegeEscalation:
+                                      nullable: true
+                                      type: boolean
+                                    capabilities:
+                                      nullable: true
+                                      properties:
+                                        add:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        drop:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    privileged:
+                                      nullable: true
+                                      type: boolean
+                                    procMount:
+                                      nullable: true
+                                      type: string
+                                    readOnlyRootFilesystem:
+                                      nullable: true
+                                      type: boolean
+                                    runAsGroup:
+                                      nullable: true
+                                      type: integer
+                                    runAsNonRoot:
+                                      nullable: true
+                                      type: boolean
+                                    runAsUser:
+                                      nullable: true
+                                      type: integer
+                                    seLinuxOptions:
+                                      nullable: true
+                                      properties:
+                                        level:
+                                          nullable: true
+                                          type: string
+                                        role:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                        user:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    seccompProfile:
+                                      nullable: true
+                                      properties:
+                                        localhostProfile:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    windowsOptions:
+                                      nullable: true
+                                      properties:
+                                        gmsaCredentialSpec:
+                                          nullable: true
+                                          type: string
+                                        gmsaCredentialSpecName:
+                                          nullable: true
+                                          type: string
+                                        runAsUserName:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                  type: object
+                                startupProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                stdin:
+                                  type: boolean
+                                stdinOnce:
+                                  type: boolean
+                                targetContainerName:
+                                  nullable: true
+                                  type: string
+                                terminationMessagePath:
+                                  nullable: true
+                                  type: string
+                                terminationMessagePolicy:
+                                  nullable: true
+                                  type: string
+                                tty:
+                                  type: boolean
+                                volumeDevices:
+                                  items:
+                                    properties:
+                                      devicePath:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                volumeMounts:
+                                  items:
+                                    properties:
+                                      mountPath:
+                                        nullable: true
+                                        type: string
+                                      mountPropagation:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      readOnly:
+                                        type: boolean
+                                      subPath:
+                                        nullable: true
+                                        type: string
+                                      subPathExpr:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                workingDir:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          hostAliases:
+                            items:
+                              properties:
+                                hostnames:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                ip:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          hostIPC:
+                            type: boolean
+                          hostNetwork:
+                            type: boolean
+                          hostPID:
+                            type: boolean
+                          hostname:
+                            nullable: true
+                            type: string
+                          imagePullSecrets:
+                            items:
+                              properties:
+                                name:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          initContainers:
+                            items:
+                              properties:
+                                args:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                command:
+                                  items:
+                                    nullable: true
+                                    type: string
+                                  nullable: true
+                                  type: array
+                                env:
+                                  items:
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      value:
+                                        nullable: true
+                                        type: string
+                                      valueFrom:
+                                        nullable: true
+                                        properties:
+                                          configMapKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          fieldRef:
+                                            nullable: true
+                                            properties:
+                                              apiVersion:
+                                                nullable: true
+                                                type: string
+                                              fieldPath:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          resourceFieldRef:
+                                            nullable: true
+                                            properties:
+                                              containerName:
+                                                nullable: true
+                                                type: string
+                                              divisor:
+                                                nullable: true
+                                                type: string
+                                              resource:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          secretKeyRef:
+                                            nullable: true
+                                            properties:
+                                              key:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                envFrom:
+                                  items:
+                                    properties:
+                                      configMapRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                      prefix:
+                                        nullable: true
+                                        type: string
+                                      secretRef:
+                                        nullable: true
+                                        properties:
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          optional:
+                                            nullable: true
+                                            type: boolean
+                                        type: object
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                image:
+                                  nullable: true
+                                  type: string
+                                imagePullPolicy:
+                                  nullable: true
+                                  type: string
+                                lifecycle:
+                                  nullable: true
+                                  properties:
+                                    postStart:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                    preStop:
+                                      nullable: true
+                                      properties:
+                                        exec:
+                                          nullable: true
+                                          properties:
+                                            command:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        httpGet:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            httpHeaders:
+                                              items:
+                                                properties:
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  value:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            path:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                            scheme:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        tcpSocket:
+                                          nullable: true
+                                          properties:
+                                            host:
+                                              nullable: true
+                                              type: string
+                                            port:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                  type: object
+                                livenessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                name:
+                                  nullable: true
+                                  type: string
+                                ports:
+                                  items:
+                                    properties:
+                                      containerPort:
+                                        type: integer
+                                      hostIP:
+                                        nullable: true
+                                        type: string
+                                      hostPort:
+                                        type: integer
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      protocol:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                readinessProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                resources:
+                                  properties:
+                                    limits:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                    requests:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                securityContext:
+                                  nullable: true
+                                  properties:
+                                    allowPrivilegeEscalation:
+                                      nullable: true
+                                      type: boolean
+                                    capabilities:
+                                      nullable: true
+                                      properties:
+                                        add:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                        drop:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    privileged:
+                                      nullable: true
+                                      type: boolean
+                                    procMount:
+                                      nullable: true
+                                      type: string
+                                    readOnlyRootFilesystem:
+                                      nullable: true
+                                      type: boolean
+                                    runAsGroup:
+                                      nullable: true
+                                      type: integer
+                                    runAsNonRoot:
+                                      nullable: true
+                                      type: boolean
+                                    runAsUser:
+                                      nullable: true
+                                      type: integer
+                                    seLinuxOptions:
+                                      nullable: true
+                                      properties:
+                                        level:
+                                          nullable: true
+                                          type: string
+                                        role:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                        user:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    seccompProfile:
+                                      nullable: true
+                                      properties:
+                                        localhostProfile:
+                                          nullable: true
+                                          type: string
+                                        type:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    windowsOptions:
+                                      nullable: true
+                                      properties:
+                                        gmsaCredentialSpec:
+                                          nullable: true
+                                          type: string
+                                        gmsaCredentialSpecName:
+                                          nullable: true
+                                          type: string
+                                        runAsUserName:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                  type: object
+                                startupProbe:
+                                  nullable: true
+                                  properties:
+                                    exec:
+                                      nullable: true
+                                      properties:
+                                        command:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    failureThreshold:
+                                      type: integer
+                                    httpGet:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        httpHeaders:
+                                          items:
+                                            properties:
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              value:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          nullable: true
+                                          type: array
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                        scheme:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    initialDelaySeconds:
+                                      type: integer
+                                    periodSeconds:
+                                      type: integer
+                                    successThreshold:
+                                      type: integer
+                                    tcpSocket:
+                                      nullable: true
+                                      properties:
+                                        host:
+                                          nullable: true
+                                          type: string
+                                        port:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    timeoutSeconds:
+                                      type: integer
+                                  type: object
+                                stdin:
+                                  type: boolean
+                                stdinOnce:
+                                  type: boolean
+                                terminationMessagePath:
+                                  nullable: true
+                                  type: string
+                                terminationMessagePolicy:
+                                  nullable: true
+                                  type: string
+                                tty:
+                                  type: boolean
+                                volumeDevices:
+                                  items:
+                                    properties:
+                                      devicePath:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                volumeMounts:
+                                  items:
+                                    properties:
+                                      mountPath:
+                                        nullable: true
+                                        type: string
+                                      mountPropagation:
+                                        nullable: true
+                                        type: string
+                                      name:
+                                        nullable: true
+                                        type: string
+                                      readOnly:
+                                        type: boolean
+                                      subPath:
+                                        nullable: true
+                                        type: string
+                                      subPathExpr:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                workingDir:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          nodeName:
+                            nullable: true
+                            type: string
+                          nodeSelector:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          overhead:
+                            additionalProperties:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: object
+                          preemptionPolicy:
+                            nullable: true
+                            type: string
+                          priority:
+                            nullable: true
+                            type: integer
+                          priorityClassName:
+                            nullable: true
+                            type: string
+                          readinessGates:
+                            items:
+                              properties:
+                                conditionType:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          restartPolicy:
+                            nullable: true
+                            type: string
+                          runtimeClassName:
+                            nullable: true
+                            type: string
+                          schedulerName:
+                            nullable: true
+                            type: string
+                          securityContext:
+                            nullable: true
+                            properties:
+                              fsGroup:
+                                nullable: true
+                                type: integer
+                              fsGroupChangePolicy:
+                                nullable: true
+                                type: string
+                              runAsGroup:
+                                nullable: true
+                                type: integer
+                              runAsNonRoot:
+                                nullable: true
+                                type: boolean
+                              runAsUser:
+                                nullable: true
+                                type: integer
+                              seLinuxOptions:
+                                nullable: true
+                                properties:
+                                  level:
+                                    nullable: true
+                                    type: string
+                                  role:
+                                    nullable: true
+                                    type: string
+                                  type:
+                                    nullable: true
+                                    type: string
+                                  user:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              seccompProfile:
+                                nullable: true
+                                properties:
+                                  localhostProfile:
+                                    nullable: true
+                                    type: string
+                                  type:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              supplementalGroups:
+                                items:
+                                  type: integer
+                                nullable: true
+                                type: array
+                              sysctls:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              windowsOptions:
+                                nullable: true
+                                properties:
+                                  gmsaCredentialSpec:
+                                    nullable: true
+                                    type: string
+                                  gmsaCredentialSpecName:
+                                    nullable: true
+                                    type: string
+                                  runAsUserName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                            type: object
+                          serviceAccount:
+                            nullable: true
+                            type: string
+                          serviceAccountName:
+                            nullable: true
+                            type: string
+                          setHostnameAsFQDN:
+                            nullable: true
+                            type: boolean
+                          shareProcessNamespace:
+                            nullable: true
+                            type: boolean
+                          subdomain:
+                            nullable: true
+                            type: string
+                          terminationGracePeriodSeconds:
+                            nullable: true
+                            type: integer
+                          tolerations:
+                            items:
+                              properties:
+                                effect:
+                                  nullable: true
+                                  type: string
+                                key:
+                                  nullable: true
+                                  type: string
+                                operator:
+                                  nullable: true
+                                  type: string
+                                tolerationSeconds:
+                                  nullable: true
+                                  type: integer
+                                value:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          topologySpreadConstraints:
+                            items:
+                              properties:
+                                labelSelector:
+                                  nullable: true
+                                  properties:
+                                    matchExpressions:
+                                      items:
+                                        properties:
+                                          key:
+                                            nullable: true
+                                            type: string
+                                          operator:
+                                            nullable: true
+                                            type: string
+                                          values:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    matchLabels:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                maxSkew:
+                                  type: integer
+                                topologyKey:
+                                  nullable: true
+                                  type: string
+                                whenUnsatisfiable:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            nullable: true
+                            type: array
+                          volumes:
+                            items:
+                              properties:
+                                awsElasticBlockStore:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    partition:
+                                      type: integer
+                                    readOnly:
+                                      type: boolean
+                                    volumeID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                azureDisk:
+                                  nullable: true
+                                  properties:
+                                    cachingMode:
+                                      nullable: true
+                                      type: string
+                                    diskName:
+                                      nullable: true
+                                      type: string
+                                    diskURI:
+                                      nullable: true
+                                      type: string
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    kind:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      nullable: true
+                                      type: boolean
+                                  type: object
+                                azureFile:
+                                  nullable: true
+                                  properties:
+                                    readOnly:
+                                      type: boolean
+                                    secretName:
+                                      nullable: true
+                                      type: string
+                                    shareName:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                cephfs:
+                                  nullable: true
+                                  properties:
+                                    monitors:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretFile:
+                                      nullable: true
+                                      type: string
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    user:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                cinder:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    volumeID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                configMap:
+                                  nullable: true
+                                  properties:
+                                    defaultMode:
+                                      nullable: true
+                                      type: integer
+                                    items:
+                                      items:
+                                        properties:
+                                          key:
+                                            nullable: true
+                                            type: string
+                                          mode:
+                                            nullable: true
+                                            type: integer
+                                          path:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    optional:
+                                      nullable: true
+                                      type: boolean
+                                  type: object
+                                csi:
+                                  nullable: true
+                                  properties:
+                                    driver:
+                                      nullable: true
+                                      type: string
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    nodePublishSecretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    readOnly:
+                                      nullable: true
+                                      type: boolean
+                                    volumeAttributes:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                  type: object
+                                downwardAPI:
+                                  nullable: true
+                                  properties:
+                                    defaultMode:
+                                      nullable: true
+                                      type: integer
+                                    items:
+                                      items:
+                                        properties:
+                                          fieldRef:
+                                            nullable: true
+                                            properties:
+                                              apiVersion:
+                                                nullable: true
+                                                type: string
+                                              fieldPath:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          mode:
+                                            nullable: true
+                                            type: integer
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          resourceFieldRef:
+                                            nullable: true
+                                            properties:
+                                              containerName:
+                                                nullable: true
+                                                type: string
+                                              divisor:
+                                                nullable: true
+                                                type: string
+                                              resource:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                  type: object
+                                emptyDir:
+                                  nullable: true
+                                  properties:
+                                    medium:
+                                      nullable: true
+                                      type: string
+                                    sizeLimit:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                ephemeral:
+                                  nullable: true
+                                  properties:
+                                    readOnly:
+                                      type: boolean
+                                    volumeClaimTemplate:
+                                      nullable: true
+                                      properties:
+                                        metadata:
+                                          properties:
+                                            annotations:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                            clusterName:
+                                              nullable: true
+                                              type: string
+                                            creationTimestamp:
+                                              nullable: true
+                                              type: string
+                                            deletionGracePeriodSeconds:
+                                              nullable: true
+                                              type: integer
+                                            deletionTimestamp:
+                                              nullable: true
+                                              type: string
+                                            finalizers:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                            generateName:
+                                              nullable: true
+                                              type: string
+                                            generation:
+                                              type: integer
+                                            labels:
+                                              additionalProperties:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: object
+                                            managedFields:
+                                              items:
+                                                properties:
+                                                  apiVersion:
+                                                    nullable: true
+                                                    type: string
+                                                  fieldsType:
+                                                    nullable: true
+                                                    type: string
+                                                  fieldsV1:
+                                                    nullable: true
+                                                    type: object
+                                                  manager:
+                                                    nullable: true
+                                                    type: string
+                                                  operation:
+                                                    nullable: true
+                                                    type: string
+                                                  time:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            namespace:
+                                              nullable: true
+                                              type: string
+                                            ownerReferences:
+                                              items:
+                                                properties:
+                                                  apiVersion:
+                                                    nullable: true
+                                                    type: string
+                                                  blockOwnerDeletion:
+                                                    nullable: true
+                                                    type: boolean
+                                                  controller:
+                                                    nullable: true
+                                                    type: boolean
+                                                  kind:
+                                                    nullable: true
+                                                    type: string
+                                                  name:
+                                                    nullable: true
+                                                    type: string
+                                                  uid:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            resourceVersion:
+                                              nullable: true
+                                              type: string
+                                            selfLink:
+                                              nullable: true
+                                              type: string
+                                            uid:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        spec:
+                                          properties:
+                                            accessModes:
+                                              items:
+                                                nullable: true
+                                                type: string
+                                              nullable: true
+                                              type: array
+                                            dataSource:
+                                              nullable: true
+                                              properties:
+                                                apiGroup:
+                                                  nullable: true
+                                                  type: string
+                                                kind:
+                                                  nullable: true
+                                                  type: string
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            resources:
+                                              properties:
+                                                limits:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                                requests:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            selector:
+                                              nullable: true
+                                              properties:
+                                                matchExpressions:
+                                                  items:
+                                                    properties:
+                                                      key:
+                                                        nullable: true
+                                                        type: string
+                                                      operator:
+                                                        nullable: true
+                                                        type: string
+                                                      values:
+                                                        items:
+                                                          nullable: true
+                                                          type: string
+                                                        nullable: true
+                                                        type: array
+                                                    type: object
+                                                  nullable: true
+                                                  type: array
+                                                matchLabels:
+                                                  additionalProperties:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: object
+                                              type: object
+                                            storageClassName:
+                                              nullable: true
+                                              type: string
+                                            volumeMode:
+                                              nullable: true
+                                              type: string
+                                            volumeName:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                  type: object
+                                fc:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    lun:
+                                      nullable: true
+                                      type: integer
+                                    readOnly:
+                                      type: boolean
+                                    targetWWNs:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    wwids:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                  type: object
+                                flexVolume:
+                                  nullable: true
+                                  properties:
+                                    driver:
+                                      nullable: true
+                                      type: string
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    options:
+                                      additionalProperties:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: object
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                  type: object
+                                flocker:
+                                  nullable: true
+                                  properties:
+                                    datasetName:
+                                      nullable: true
+                                      type: string
+                                    datasetUUID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                gcePersistentDisk:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    partition:
+                                      type: integer
+                                    pdName:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                  type: object
+                                gitRepo:
+                                  nullable: true
+                                  properties:
+                                    directory:
+                                      nullable: true
+                                      type: string
+                                    repository:
+                                      nullable: true
+                                      type: string
+                                    revision:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                glusterfs:
+                                  nullable: true
+                                  properties:
+                                    endpoints:
+                                      nullable: true
+                                      type: string
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                  type: object
+                                hostPath:
+                                  nullable: true
+                                  properties:
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    type:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                iscsi:
+                                  nullable: true
+                                  properties:
+                                    chapAuthDiscovery:
+                                      type: boolean
+                                    chapAuthSession:
+                                      type: boolean
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    initiatorName:
+                                      nullable: true
+                                      type: string
+                                    iqn:
+                                      nullable: true
+                                      type: string
+                                    iscsiInterface:
+                                      nullable: true
+                                      type: string
+                                    lun:
+                                      type: integer
+                                    portals:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    targetPortal:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                name:
+                                  nullable: true
+                                  type: string
+                                nfs:
+                                  nullable: true
+                                  properties:
+                                    path:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    server:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                persistentVolumeClaim:
+                                  nullable: true
+                                  properties:
+                                    claimName:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                  type: object
+                                photonPersistentDisk:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    pdID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                portworxVolume:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    volumeID:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                projected:
+                                  nullable: true
+                                  properties:
+                                    defaultMode:
+                                      nullable: true
+                                      type: integer
+                                    sources:
+                                      items:
+                                        properties:
+                                          configMap:
+                                            nullable: true
+                                            properties:
+                                              items:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    mode:
+                                                      nullable: true
+                                                      type: integer
+                                                    path:
+                                                      nullable: true
+                                                      type: string
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          downwardAPI:
+                                            nullable: true
+                                            properties:
+                                              items:
+                                                items:
+                                                  properties:
+                                                    fieldRef:
+                                                      nullable: true
+                                                      properties:
+                                                        apiVersion:
+                                                          nullable: true
+                                                          type: string
+                                                        fieldPath:
+                                                          nullable: true
+                                                          type: string
+                                                      type: object
+                                                    mode:
+                                                      nullable: true
+                                                      type: integer
+                                                    path:
+                                                      nullable: true
+                                                      type: string
+                                                    resourceFieldRef:
+                                                      nullable: true
+                                                      properties:
+                                                        containerName:
+                                                          nullable: true
+                                                          type: string
+                                                        divisor:
+                                                          nullable: true
+                                                          type: string
+                                                        resource:
+                                                          nullable: true
+                                                          type: string
+                                                      type: object
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                            type: object
+                                          secret:
+                                            nullable: true
+                                            properties:
+                                              items:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    mode:
+                                                      nullable: true
+                                                      type: integer
+                                                    path:
+                                                      nullable: true
+                                                      type: string
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              name:
+                                                nullable: true
+                                                type: string
+                                              optional:
+                                                nullable: true
+                                                type: boolean
+                                            type: object
+                                          serviceAccountToken:
+                                            nullable: true
+                                            properties:
+                                              audience:
+                                                nullable: true
+                                                type: string
+                                              expirationSeconds:
+                                                nullable: true
+                                                type: integer
+                                              path:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                  type: object
+                                quobyte:
+                                  nullable: true
+                                  properties:
+                                    group:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    registry:
+                                      nullable: true
+                                      type: string
+                                    tenant:
+                                      nullable: true
+                                      type: string
+                                    user:
+                                      nullable: true
+                                      type: string
+                                    volume:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                rbd:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    image:
+                                      nullable: true
+                                      type: string
+                                    keyring:
+                                      nullable: true
+                                      type: string
+                                    monitors:
+                                      items:
+                                        nullable: true
+                                        type: string
+                                      nullable: true
+                                      type: array
+                                    pool:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    user:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                scaleIO:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    gateway:
+                                      nullable: true
+                                      type: string
+                                    protectionDomain:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    sslEnabled:
+                                      type: boolean
+                                    storageMode:
+                                      nullable: true
+                                      type: string
+                                    storagePool:
+                                      nullable: true
+                                      type: string
+                                    system:
+                                      nullable: true
+                                      type: string
+                                    volumeName:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                secret:
+                                  nullable: true
+                                  properties:
+                                    defaultMode:
+                                      nullable: true
+                                      type: integer
+                                    items:
+                                      items:
+                                        properties:
+                                          key:
+                                            nullable: true
+                                            type: string
+                                          mode:
+                                            nullable: true
+                                            type: integer
+                                          path:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                    optional:
+                                      nullable: true
+                                      type: boolean
+                                    secretName:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                storageos:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    volumeName:
+                                      nullable: true
+                                      type: string
+                                    volumeNamespace:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                vsphereVolume:
+                                  nullable: true
+                                  properties:
+                                    fsType:
+                                      nullable: true
+                                      type: string
+                                    storagePolicyID:
+                                      nullable: true
+                                      type: string
+                                    storagePolicyName:
+                                      nullable: true
+                                      type: string
+                                    volumePath:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                              type: object
+                            nullable: true
+                            type: array
+                        type: object
+                    type: object
+                  ttlSecondsAfterFinished:
+                    nullable: true
+                    type: integer
+                type: object
+              syncInterval:
+                type: integer
+            type: object
+          status:
+            properties:
+              commit:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              event:
+                nullable: true
+                type: string
+              hookId:
+                nullable: true
+                type: string
+              jobStatus:
+                nullable: true
+                type: string
+              lastExecutedCommit:
+                nullable: true
+                type: string
+              lastSyncedTime:
+                nullable: true
+                type: string
+              observedGeneration:
+                type: integer
+              secretToken:
+                nullable: true
+                type: string
+              updateGeneration:
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+{{- else -}}
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: gitjobs.gitjob.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.git.repo
+    name: REPO
+    type: string
+  - JSONPath: .spec.git.branch
+    name: BRANCH
+    type: string
+  - JSONPath: .status.commit
+    name: COMMIT
+    type: string
+  - JSONPath: .status.jobStatus
+    name: JOBSTATUS
+    type: string
+  - JSONPath: .metadata.creationTimestamp
+    name: Age
+    type: date
+  group: gitjob.cattle.io
+  names:
+    kind: GitJob
+    plural: gitjobs
+    singular: gitjob
+  preserveUnknownFields: false
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            forceUpdateGeneration:
+              type: integer
+            git:
+              properties:
+                branch:
+                  nullable: true
+                  type: string
+                caBundle:
+                  nullable: true
+                  type: string
+                clientSecretName:
+                  nullable: true
+                  type: string
+                insecureSkipTLSVerify:
+                  type: boolean
+                provider:
+                  nullable: true
+                  type: string
+                repo:
+                  nullable: true
+                  type: string
+                revision:
+                  nullable: true
+                  type: string
+              type: object
+            jobSpec:
+              properties:
+                activeDeadlineSeconds:
+                  nullable: true
+                  type: integer
+                backoffLimit:
+                  nullable: true
+                  type: integer
+                completions:
+                  nullable: true
+                  type: integer
+                manualSelector:
+                  nullable: true
+                  type: boolean
+                parallelism:
+                  nullable: true
+                  type: integer
+                selector:
+                  nullable: true
+                  properties:
+                    matchExpressions:
+                      items:
+                        properties:
+                          key:
+                            nullable: true
+                            type: string
+                          operator:
+                            nullable: true
+                            type: string
+                          values:
+                            items:
+                              nullable: true
+                              type: string
+                            nullable: true
+                            type: array
+                        type: object
+                      nullable: true
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: object
+                  type: object
+                template:
+                  properties:
+                    metadata:
+                      properties:
+                        annotations:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                        clusterName:
+                          nullable: true
+                          type: string
+                        creationTimestamp:
+                          nullable: true
+                          type: string
+                        deletionGracePeriodSeconds:
+                          nullable: true
+                          type: integer
+                        deletionTimestamp:
+                          nullable: true
+                          type: string
+                        finalizers:
+                          items:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: array
+                        generateName:
+                          nullable: true
+                          type: string
+                        generation:
+                          type: integer
+                        labels:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                        managedFields:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              fieldsType:
+                                nullable: true
+                                type: string
+                              fieldsV1:
+                                nullable: true
+                                type: object
+                              manager:
+                                nullable: true
+                                type: string
+                              operation:
+                                nullable: true
+                                type: string
+                              time:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        name:
+                          nullable: true
+                          type: string
+                        namespace:
+                          nullable: true
+                          type: string
+                        ownerReferences:
+                          items:
+                            properties:
+                              apiVersion:
+                                nullable: true
+                                type: string
+                              blockOwnerDeletion:
+                                nullable: true
+                                type: boolean
+                              controller:
+                                nullable: true
+                                type: boolean
+                              kind:
+                                nullable: true
+                                type: string
+                              name:
+                                nullable: true
+                                type: string
+                              uid:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        resourceVersion:
+                          nullable: true
+                          type: string
+                        selfLink:
+                          nullable: true
+                          type: string
+                        uid:
+                          nullable: true
+                          type: string
+                      type: object
+                    spec:
+                      properties:
+                        activeDeadlineSeconds:
+                          nullable: true
+                          type: integer
+                        affinity:
+                          nullable: true
+                          properties:
+                            nodeAffinity:
+                              nullable: true
+                              properties:
+                                preferredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      preference:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchFields:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      weight:
+                                        type: integer
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                requiredDuringSchedulingIgnoredDuringExecution:
+                                  nullable: true
+                                  properties:
+                                    nodeSelectorTerms:
+                                      items:
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchFields:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      nullable: true
+                                      type: array
+                                  type: object
+                              type: object
+                            podAffinity:
+                              nullable: true
+                              properties:
+                                preferredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      podAffinityTerm:
+                                        properties:
+                                          labelSelector:
+                                            nullable: true
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    operator:
+                                                      nullable: true
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        nullable: true
+                                                        type: string
+                                                      nullable: true
+                                                      type: array
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          namespaces:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          topologyKey:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      weight:
+                                        type: integer
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                requiredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      labelSelector:
+                                        nullable: true
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                        type: object
+                                      namespaces:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      topologyKey:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                              type: object
+                            podAntiAffinity:
+                              nullable: true
+                              properties:
+                                preferredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      podAffinityTerm:
+                                        properties:
+                                          labelSelector:
+                                            nullable: true
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    operator:
+                                                      nullable: true
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        nullable: true
+                                                        type: string
+                                                      nullable: true
+                                                      type: array
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          namespaces:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          topologyKey:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      weight:
+                                        type: integer
+                                    type: object
+                                  nullable: true
+                                  type: array
+                                requiredDuringSchedulingIgnoredDuringExecution:
+                                  items:
+                                    properties:
+                                      labelSelector:
+                                        nullable: true
+                                        properties:
+                                          matchExpressions:
+                                            items:
+                                              properties:
+                                                key:
+                                                  nullable: true
+                                                  type: string
+                                                operator:
+                                                  nullable: true
+                                                  type: string
+                                                values:
+                                                  items:
+                                                    nullable: true
+                                                    type: string
+                                                  nullable: true
+                                                  type: array
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          matchLabels:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                        type: object
+                                      namespaces:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      topologyKey:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  nullable: true
+                                  type: array
+                              type: object
+                          type: object
+                        automountServiceAccountToken:
+                          nullable: true
+                          type: boolean
+                        containers:
+                          items:
+                            properties:
+                              args:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              command:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              env:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                    valueFrom:
+                                      nullable: true
+                                      properties:
+                                        configMapKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        fieldRef:
+                                          nullable: true
+                                          properties:
+                                            apiVersion:
+                                              nullable: true
+                                              type: string
+                                            fieldPath:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        resourceFieldRef:
+                                          nullable: true
+                                          properties:
+                                            containerName:
+                                              nullable: true
+                                              type: string
+                                            divisor:
+                                              nullable: true
+                                              type: string
+                                            resource:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        secretKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              envFrom:
+                                items:
+                                  properties:
+                                    configMapRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                    prefix:
+                                      nullable: true
+                                      type: string
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              image:
+                                nullable: true
+                                type: string
+                              imagePullPolicy:
+                                nullable: true
+                                type: string
+                              lifecycle:
+                                nullable: true
+                                properties:
+                                  postStart:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                    type: object
+                                  preStop:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                    type: object
+                                type: object
+                              livenessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              name:
+                                nullable: true
+                                type: string
+                              ports:
+                                items:
+                                  properties:
+                                    containerPort:
+                                      type: integer
+                                    hostIP:
+                                      nullable: true
+                                      type: string
+                                    hostPort:
+                                      type: integer
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    protocol:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              readinessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              resources:
+                                properties:
+                                  limits:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                  requests:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              securityContext:
+                                nullable: true
+                                properties:
+                                  allowPrivilegeEscalation:
+                                    nullable: true
+                                    type: boolean
+                                  capabilities:
+                                    nullable: true
+                                    properties:
+                                      add:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      drop:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  privileged:
+                                    nullable: true
+                                    type: boolean
+                                  procMount:
+                                    nullable: true
+                                    type: string
+                                  readOnlyRootFilesystem:
+                                    nullable: true
+                                    type: boolean
+                                  runAsGroup:
+                                    nullable: true
+                                    type: integer
+                                  runAsNonRoot:
+                                    nullable: true
+                                    type: boolean
+                                  runAsUser:
+                                    nullable: true
+                                    type: integer
+                                  seLinuxOptions:
+                                    nullable: true
+                                    properties:
+                                      level:
+                                        nullable: true
+                                        type: string
+                                      role:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                      user:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  seccompProfile:
+                                    nullable: true
+                                    properties:
+                                      localhostProfile:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  windowsOptions:
+                                    nullable: true
+                                    properties:
+                                      gmsaCredentialSpec:
+                                        nullable: true
+                                        type: string
+                                      gmsaCredentialSpecName:
+                                        nullable: true
+                                        type: string
+                                      runAsUserName:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                type: object
+                              startupProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              stdin:
+                                type: boolean
+                              stdinOnce:
+                                type: boolean
+                              terminationMessagePath:
+                                nullable: true
+                                type: string
+                              terminationMessagePolicy:
+                                nullable: true
+                                type: string
+                              tty:
+                                type: boolean
+                              volumeDevices:
+                                items:
+                                  properties:
+                                    devicePath:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              volumeMounts:
+                                items:
+                                  properties:
+                                    mountPath:
+                                      nullable: true
+                                      type: string
+                                    mountPropagation:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    subPath:
+                                      nullable: true
+                                      type: string
+                                    subPathExpr:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              workingDir:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        dnsConfig:
+                          nullable: true
+                          properties:
+                            nameservers:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                            options:
+                              items:
+                                properties:
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  value:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                            searches:
+                              items:
+                                nullable: true
+                                type: string
+                              nullable: true
+                              type: array
+                          type: object
+                        dnsPolicy:
+                          nullable: true
+                          type: string
+                        enableServiceLinks:
+                          nullable: true
+                          type: boolean
+                        ephemeralContainers:
+                          items:
+                            properties:
+                              args:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              command:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              env:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                    valueFrom:
+                                      nullable: true
+                                      properties:
+                                        configMapKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        fieldRef:
+                                          nullable: true
+                                          properties:
+                                            apiVersion:
+                                              nullable: true
+                                              type: string
+                                            fieldPath:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        resourceFieldRef:
+                                          nullable: true
+                                          properties:
+                                            containerName:
+                                              nullable: true
+                                              type: string
+                                            divisor:
+                                              nullable: true
+                                              type: string
+                                            resource:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        secretKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              envFrom:
+                                items:
+                                  properties:
+                                    configMapRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                    prefix:
+                                      nullable: true
+                                      type: string
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              image:
+                                nullable: true
+                                type: string
+                              imagePullPolicy:
+                                nullable: true
+                                type: string
+                              lifecycle:
+                                nullable: true
+                                properties:
+                                  postStart:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                    type: object
+                                  preStop:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                    type: object
+                                type: object
+                              livenessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              name:
+                                nullable: true
+                                type: string
+                              ports:
+                                items:
+                                  properties:
+                                    containerPort:
+                                      type: integer
+                                    hostIP:
+                                      nullable: true
+                                      type: string
+                                    hostPort:
+                                      type: integer
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    protocol:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              readinessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              resources:
+                                properties:
+                                  limits:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                  requests:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              securityContext:
+                                nullable: true
+                                properties:
+                                  allowPrivilegeEscalation:
+                                    nullable: true
+                                    type: boolean
+                                  capabilities:
+                                    nullable: true
+                                    properties:
+                                      add:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      drop:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  privileged:
+                                    nullable: true
+                                    type: boolean
+                                  procMount:
+                                    nullable: true
+                                    type: string
+                                  readOnlyRootFilesystem:
+                                    nullable: true
+                                    type: boolean
+                                  runAsGroup:
+                                    nullable: true
+                                    type: integer
+                                  runAsNonRoot:
+                                    nullable: true
+                                    type: boolean
+                                  runAsUser:
+                                    nullable: true
+                                    type: integer
+                                  seLinuxOptions:
+                                    nullable: true
+                                    properties:
+                                      level:
+                                        nullable: true
+                                        type: string
+                                      role:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                      user:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  seccompProfile:
+                                    nullable: true
+                                    properties:
+                                      localhostProfile:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  windowsOptions:
+                                    nullable: true
+                                    properties:
+                                      gmsaCredentialSpec:
+                                        nullable: true
+                                        type: string
+                                      gmsaCredentialSpecName:
+                                        nullable: true
+                                        type: string
+                                      runAsUserName:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                type: object
+                              startupProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              stdin:
+                                type: boolean
+                              stdinOnce:
+                                type: boolean
+                              targetContainerName:
+                                nullable: true
+                                type: string
+                              terminationMessagePath:
+                                nullable: true
+                                type: string
+                              terminationMessagePolicy:
+                                nullable: true
+                                type: string
+                              tty:
+                                type: boolean
+                              volumeDevices:
+                                items:
+                                  properties:
+                                    devicePath:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              volumeMounts:
+                                items:
+                                  properties:
+                                    mountPath:
+                                      nullable: true
+                                      type: string
+                                    mountPropagation:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    subPath:
+                                      nullable: true
+                                      type: string
+                                    subPathExpr:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              workingDir:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        hostAliases:
+                          items:
+                            properties:
+                              hostnames:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              ip:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        hostIPC:
+                          type: boolean
+                        hostNetwork:
+                          type: boolean
+                        hostPID:
+                          type: boolean
+                        hostname:
+                          nullable: true
+                          type: string
+                        imagePullSecrets:
+                          items:
+                            properties:
+                              name:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        initContainers:
+                          items:
+                            properties:
+                              args:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              command:
+                                items:
+                                  nullable: true
+                                  type: string
+                                nullable: true
+                                type: array
+                              env:
+                                items:
+                                  properties:
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    value:
+                                      nullable: true
+                                      type: string
+                                    valueFrom:
+                                      nullable: true
+                                      properties:
+                                        configMapKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        fieldRef:
+                                          nullable: true
+                                          properties:
+                                            apiVersion:
+                                              nullable: true
+                                              type: string
+                                            fieldPath:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        resourceFieldRef:
+                                          nullable: true
+                                          properties:
+                                            containerName:
+                                              nullable: true
+                                              type: string
+                                            divisor:
+                                              nullable: true
+                                              type: string
+                                            resource:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        secretKeyRef:
+                                          nullable: true
+                                          properties:
+                                            key:
+                                              nullable: true
+                                              type: string
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              envFrom:
+                                items:
+                                  properties:
+                                    configMapRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                    prefix:
+                                      nullable: true
+                                      type: string
+                                    secretRef:
+                                      nullable: true
+                                      properties:
+                                        name:
+                                          nullable: true
+                                          type: string
+                                        optional:
+                                          nullable: true
+                                          type: boolean
+                                      type: object
+                                  type: object
+                                nullable: true
+                                type: array
+                              image:
+                                nullable: true
+                                type: string
+                              imagePullPolicy:
+                                nullable: true
+                                type: string
+                              lifecycle:
+                                nullable: true
+                                properties:
+                                  postStart:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                    type: object
+                                  preStop:
+                                    nullable: true
+                                    properties:
+                                      exec:
+                                        nullable: true
+                                        properties:
+                                          command:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                        type: object
+                                      httpGet:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          httpHeaders:
+                                            items:
+                                              properties:
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                value:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          path:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                          scheme:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      tcpSocket:
+                                        nullable: true
+                                        properties:
+                                          host:
+                                            nullable: true
+                                            type: string
+                                          port:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                    type: object
+                                type: object
+                              livenessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              name:
+                                nullable: true
+                                type: string
+                              ports:
+                                items:
+                                  properties:
+                                    containerPort:
+                                      type: integer
+                                    hostIP:
+                                      nullable: true
+                                      type: string
+                                    hostPort:
+                                      type: integer
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    protocol:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              readinessProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              resources:
+                                properties:
+                                  limits:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                  requests:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              securityContext:
+                                nullable: true
+                                properties:
+                                  allowPrivilegeEscalation:
+                                    nullable: true
+                                    type: boolean
+                                  capabilities:
+                                    nullable: true
+                                    properties:
+                                      add:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                      drop:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  privileged:
+                                    nullable: true
+                                    type: boolean
+                                  procMount:
+                                    nullable: true
+                                    type: string
+                                  readOnlyRootFilesystem:
+                                    nullable: true
+                                    type: boolean
+                                  runAsGroup:
+                                    nullable: true
+                                    type: integer
+                                  runAsNonRoot:
+                                    nullable: true
+                                    type: boolean
+                                  runAsUser:
+                                    nullable: true
+                                    type: integer
+                                  seLinuxOptions:
+                                    nullable: true
+                                    properties:
+                                      level:
+                                        nullable: true
+                                        type: string
+                                      role:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                      user:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  seccompProfile:
+                                    nullable: true
+                                    properties:
+                                      localhostProfile:
+                                        nullable: true
+                                        type: string
+                                      type:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  windowsOptions:
+                                    nullable: true
+                                    properties:
+                                      gmsaCredentialSpec:
+                                        nullable: true
+                                        type: string
+                                      gmsaCredentialSpecName:
+                                        nullable: true
+                                        type: string
+                                      runAsUserName:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                type: object
+                              startupProbe:
+                                nullable: true
+                                properties:
+                                  exec:
+                                    nullable: true
+                                    properties:
+                                      command:
+                                        items:
+                                          nullable: true
+                                          type: string
+                                        nullable: true
+                                        type: array
+                                    type: object
+                                  failureThreshold:
+                                    type: integer
+                                  httpGet:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      httpHeaders:
+                                        items:
+                                          properties:
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            value:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        nullable: true
+                                        type: array
+                                      path:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                      scheme:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  initialDelaySeconds:
+                                    type: integer
+                                  periodSeconds:
+                                    type: integer
+                                  successThreshold:
+                                    type: integer
+                                  tcpSocket:
+                                    nullable: true
+                                    properties:
+                                      host:
+                                        nullable: true
+                                        type: string
+                                      port:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  timeoutSeconds:
+                                    type: integer
+                                type: object
+                              stdin:
+                                type: boolean
+                              stdinOnce:
+                                type: boolean
+                              terminationMessagePath:
+                                nullable: true
+                                type: string
+                              terminationMessagePolicy:
+                                nullable: true
+                                type: string
+                              tty:
+                                type: boolean
+                              volumeDevices:
+                                items:
+                                  properties:
+                                    devicePath:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              volumeMounts:
+                                items:
+                                  properties:
+                                    mountPath:
+                                      nullable: true
+                                      type: string
+                                    mountPropagation:
+                                      nullable: true
+                                      type: string
+                                    name:
+                                      nullable: true
+                                      type: string
+                                    readOnly:
+                                      type: boolean
+                                    subPath:
+                                      nullable: true
+                                      type: string
+                                    subPathExpr:
+                                      nullable: true
+                                      type: string
+                                  type: object
+                                nullable: true
+                                type: array
+                              workingDir:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        nodeName:
+                          nullable: true
+                          type: string
+                        nodeSelector:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                        overhead:
+                          additionalProperties:
+                            nullable: true
+                            type: string
+                          nullable: true
+                          type: object
+                        preemptionPolicy:
+                          nullable: true
+                          type: string
+                        priority:
+                          nullable: true
+                          type: integer
+                        priorityClassName:
+                          nullable: true
+                          type: string
+                        readinessGates:
+                          items:
+                            properties:
+                              conditionType:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        restartPolicy:
+                          nullable: true
+                          type: string
+                        runtimeClassName:
+                          nullable: true
+                          type: string
+                        schedulerName:
+                          nullable: true
+                          type: string
+                        securityContext:
+                          nullable: true
+                          properties:
+                            fsGroup:
+                              nullable: true
+                              type: integer
+                            fsGroupChangePolicy:
+                              nullable: true
+                              type: string
+                            runAsGroup:
+                              nullable: true
+                              type: integer
+                            runAsNonRoot:
+                              nullable: true
+                              type: boolean
+                            runAsUser:
+                              nullable: true
+                              type: integer
+                            seLinuxOptions:
+                              nullable: true
+                              properties:
+                                level:
+                                  nullable: true
+                                  type: string
+                                role:
+                                  nullable: true
+                                  type: string
+                                type:
+                                  nullable: true
+                                  type: string
+                                user:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            seccompProfile:
+                              nullable: true
+                              properties:
+                                localhostProfile:
+                                  nullable: true
+                                  type: string
+                                type:
+                                  nullable: true
+                                  type: string
+                              type: object
+                            supplementalGroups:
+                              items:
+                                type: integer
+                              nullable: true
+                              type: array
+                            sysctls:
+                              items:
+                                properties:
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  value:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              nullable: true
+                              type: array
+                            windowsOptions:
+                              nullable: true
+                              properties:
+                                gmsaCredentialSpec:
+                                  nullable: true
+                                  type: string
+                                gmsaCredentialSpecName:
+                                  nullable: true
+                                  type: string
+                                runAsUserName:
+                                  nullable: true
+                                  type: string
+                              type: object
+                          type: object
+                        serviceAccount:
+                          nullable: true
+                          type: string
+                        serviceAccountName:
+                          nullable: true
+                          type: string
+                        setHostnameAsFQDN:
+                          nullable: true
+                          type: boolean
+                        shareProcessNamespace:
+                          nullable: true
+                          type: boolean
+                        subdomain:
+                          nullable: true
+                          type: string
+                        terminationGracePeriodSeconds:
+                          nullable: true
+                          type: integer
+                        tolerations:
+                          items:
+                            properties:
+                              effect:
+                                nullable: true
+                                type: string
+                              key:
+                                nullable: true
+                                type: string
+                              operator:
+                                nullable: true
+                                type: string
+                              tolerationSeconds:
+                                nullable: true
+                                type: integer
+                              value:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        topologySpreadConstraints:
+                          items:
+                            properties:
+                              labelSelector:
+                                nullable: true
+                                properties:
+                                  matchExpressions:
+                                    items:
+                                      properties:
+                                        key:
+                                          nullable: true
+                                          type: string
+                                        operator:
+                                          nullable: true
+                                          type: string
+                                        values:
+                                          items:
+                                            nullable: true
+                                            type: string
+                                          nullable: true
+                                          type: array
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  matchLabels:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              maxSkew:
+                                type: integer
+                              topologyKey:
+                                nullable: true
+                                type: string
+                              whenUnsatisfiable:
+                                nullable: true
+                                type: string
+                            type: object
+                          nullable: true
+                          type: array
+                        volumes:
+                          items:
+                            properties:
+                              awsElasticBlockStore:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  partition:
+                                    type: integer
+                                  readOnly:
+                                    type: boolean
+                                  volumeID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              azureDisk:
+                                nullable: true
+                                properties:
+                                  cachingMode:
+                                    nullable: true
+                                    type: string
+                                  diskName:
+                                    nullable: true
+                                    type: string
+                                  diskURI:
+                                    nullable: true
+                                    type: string
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  kind:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    nullable: true
+                                    type: boolean
+                                type: object
+                              azureFile:
+                                nullable: true
+                                properties:
+                                  readOnly:
+                                    type: boolean
+                                  secretName:
+                                    nullable: true
+                                    type: string
+                                  shareName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              cephfs:
+                                nullable: true
+                                properties:
+                                  monitors:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretFile:
+                                    nullable: true
+                                    type: string
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  user:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              cinder:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  volumeID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              configMap:
+                                nullable: true
+                                properties:
+                                  defaultMode:
+                                    nullable: true
+                                    type: integer
+                                  items:
+                                    items:
+                                      properties:
+                                        key:
+                                          nullable: true
+                                          type: string
+                                        mode:
+                                          nullable: true
+                                          type: integer
+                                        path:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  name:
+                                    nullable: true
+                                    type: string
+                                  optional:
+                                    nullable: true
+                                    type: boolean
+                                type: object
+                              csi:
+                                nullable: true
+                                properties:
+                                  driver:
+                                    nullable: true
+                                    type: string
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  nodePublishSecretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  readOnly:
+                                    nullable: true
+                                    type: boolean
+                                  volumeAttributes:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                type: object
+                              downwardAPI:
+                                nullable: true
+                                properties:
+                                  defaultMode:
+                                    nullable: true
+                                    type: integer
+                                  items:
+                                    items:
+                                      properties:
+                                        fieldRef:
+                                          nullable: true
+                                          properties:
+                                            apiVersion:
+                                              nullable: true
+                                              type: string
+                                            fieldPath:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                        mode:
+                                          nullable: true
+                                          type: integer
+                                        path:
+                                          nullable: true
+                                          type: string
+                                        resourceFieldRef:
+                                          nullable: true
+                                          properties:
+                                            containerName:
+                                              nullable: true
+                                              type: string
+                                            divisor:
+                                              nullable: true
+                                              type: string
+                                            resource:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                              emptyDir:
+                                nullable: true
+                                properties:
+                                  medium:
+                                    nullable: true
+                                    type: string
+                                  sizeLimit:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              ephemeral:
+                                nullable: true
+                                properties:
+                                  readOnly:
+                                    type: boolean
+                                  volumeClaimTemplate:
+                                    nullable: true
+                                    properties:
+                                      metadata:
+                                        properties:
+                                          annotations:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                          clusterName:
+                                            nullable: true
+                                            type: string
+                                          creationTimestamp:
+                                            nullable: true
+                                            type: string
+                                          deletionGracePeriodSeconds:
+                                            nullable: true
+                                            type: integer
+                                          deletionTimestamp:
+                                            nullable: true
+                                            type: string
+                                          finalizers:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          generateName:
+                                            nullable: true
+                                            type: string
+                                          generation:
+                                            type: integer
+                                          labels:
+                                            additionalProperties:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: object
+                                          managedFields:
+                                            items:
+                                              properties:
+                                                apiVersion:
+                                                  nullable: true
+                                                  type: string
+                                                fieldsType:
+                                                  nullable: true
+                                                  type: string
+                                                fieldsV1:
+                                                  nullable: true
+                                                  type: object
+                                                manager:
+                                                  nullable: true
+                                                  type: string
+                                                operation:
+                                                  nullable: true
+                                                  type: string
+                                                time:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          name:
+                                            nullable: true
+                                            type: string
+                                          namespace:
+                                            nullable: true
+                                            type: string
+                                          ownerReferences:
+                                            items:
+                                              properties:
+                                                apiVersion:
+                                                  nullable: true
+                                                  type: string
+                                                blockOwnerDeletion:
+                                                  nullable: true
+                                                  type: boolean
+                                                controller:
+                                                  nullable: true
+                                                  type: boolean
+                                                kind:
+                                                  nullable: true
+                                                  type: string
+                                                name:
+                                                  nullable: true
+                                                  type: string
+                                                uid:
+                                                  nullable: true
+                                                  type: string
+                                              type: object
+                                            nullable: true
+                                            type: array
+                                          resourceVersion:
+                                            nullable: true
+                                            type: string
+                                          selfLink:
+                                            nullable: true
+                                            type: string
+                                          uid:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                      spec:
+                                        properties:
+                                          accessModes:
+                                            items:
+                                              nullable: true
+                                              type: string
+                                            nullable: true
+                                            type: array
+                                          dataSource:
+                                            nullable: true
+                                            properties:
+                                              apiGroup:
+                                                nullable: true
+                                                type: string
+                                              kind:
+                                                nullable: true
+                                                type: string
+                                              name:
+                                                nullable: true
+                                                type: string
+                                            type: object
+                                          resources:
+                                            properties:
+                                              limits:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                              requests:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          selector:
+                                            nullable: true
+                                            properties:
+                                              matchExpressions:
+                                                items:
+                                                  properties:
+                                                    key:
+                                                      nullable: true
+                                                      type: string
+                                                    operator:
+                                                      nullable: true
+                                                      type: string
+                                                    values:
+                                                      items:
+                                                        nullable: true
+                                                        type: string
+                                                      nullable: true
+                                                      type: array
+                                                  type: object
+                                                nullable: true
+                                                type: array
+                                              matchLabels:
+                                                additionalProperties:
+                                                  nullable: true
+                                                  type: string
+                                                nullable: true
+                                                type: object
+                                            type: object
+                                          storageClassName:
+                                            nullable: true
+                                            type: string
+                                          volumeMode:
+                                            nullable: true
+                                            type: string
+                                          volumeName:
+                                            nullable: true
+                                            type: string
+                                        type: object
+                                    type: object
+                                type: object
+                              fc:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  lun:
+                                    nullable: true
+                                    type: integer
+                                  readOnly:
+                                    type: boolean
+                                  targetWWNs:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  wwids:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                type: object
+                              flexVolume:
+                                nullable: true
+                                properties:
+                                  driver:
+                                    nullable: true
+                                    type: string
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  options:
+                                    additionalProperties:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: object
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                type: object
+                              flocker:
+                                nullable: true
+                                properties:
+                                  datasetName:
+                                    nullable: true
+                                    type: string
+                                  datasetUUID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              gcePersistentDisk:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  partition:
+                                    type: integer
+                                  pdName:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                type: object
+                              gitRepo:
+                                nullable: true
+                                properties:
+                                  directory:
+                                    nullable: true
+                                    type: string
+                                  repository:
+                                    nullable: true
+                                    type: string
+                                  revision:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              glusterfs:
+                                nullable: true
+                                properties:
+                                  endpoints:
+                                    nullable: true
+                                    type: string
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                type: object
+                              hostPath:
+                                nullable: true
+                                properties:
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  type:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              iscsi:
+                                nullable: true
+                                properties:
+                                  chapAuthDiscovery:
+                                    type: boolean
+                                  chapAuthSession:
+                                    type: boolean
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  initiatorName:
+                                    nullable: true
+                                    type: string
+                                  iqn:
+                                    nullable: true
+                                    type: string
+                                  iscsiInterface:
+                                    nullable: true
+                                    type: string
+                                  lun:
+                                    type: integer
+                                  portals:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  targetPortal:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              name:
+                                nullable: true
+                                type: string
+                              nfs:
+                                nullable: true
+                                properties:
+                                  path:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  server:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              persistentVolumeClaim:
+                                nullable: true
+                                properties:
+                                  claimName:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                type: object
+                              photonPersistentDisk:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  pdID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              portworxVolume:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  volumeID:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              projected:
+                                nullable: true
+                                properties:
+                                  defaultMode:
+                                    nullable: true
+                                    type: integer
+                                  sources:
+                                    items:
+                                      properties:
+                                        configMap:
+                                          nullable: true
+                                          properties:
+                                            items:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  mode:
+                                                    nullable: true
+                                                    type: integer
+                                                  path:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        downwardAPI:
+                                          nullable: true
+                                          properties:
+                                            items:
+                                              items:
+                                                properties:
+                                                  fieldRef:
+                                                    nullable: true
+                                                    properties:
+                                                      apiVersion:
+                                                        nullable: true
+                                                        type: string
+                                                      fieldPath:
+                                                        nullable: true
+                                                        type: string
+                                                    type: object
+                                                  mode:
+                                                    nullable: true
+                                                    type: integer
+                                                  path:
+                                                    nullable: true
+                                                    type: string
+                                                  resourceFieldRef:
+                                                    nullable: true
+                                                    properties:
+                                                      containerName:
+                                                        nullable: true
+                                                        type: string
+                                                      divisor:
+                                                        nullable: true
+                                                        type: string
+                                                      resource:
+                                                        nullable: true
+                                                        type: string
+                                                    type: object
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                          type: object
+                                        secret:
+                                          nullable: true
+                                          properties:
+                                            items:
+                                              items:
+                                                properties:
+                                                  key:
+                                                    nullable: true
+                                                    type: string
+                                                  mode:
+                                                    nullable: true
+                                                    type: integer
+                                                  path:
+                                                    nullable: true
+                                                    type: string
+                                                type: object
+                                              nullable: true
+                                              type: array
+                                            name:
+                                              nullable: true
+                                              type: string
+                                            optional:
+                                              nullable: true
+                                              type: boolean
+                                          type: object
+                                        serviceAccountToken:
+                                          nullable: true
+                                          properties:
+                                            audience:
+                                              nullable: true
+                                              type: string
+                                            expirationSeconds:
+                                              nullable: true
+                                              type: integer
+                                            path:
+                                              nullable: true
+                                              type: string
+                                          type: object
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                type: object
+                              quobyte:
+                                nullable: true
+                                properties:
+                                  group:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  registry:
+                                    nullable: true
+                                    type: string
+                                  tenant:
+                                    nullable: true
+                                    type: string
+                                  user:
+                                    nullable: true
+                                    type: string
+                                  volume:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              rbd:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  image:
+                                    nullable: true
+                                    type: string
+                                  keyring:
+                                    nullable: true
+                                    type: string
+                                  monitors:
+                                    items:
+                                      nullable: true
+                                      type: string
+                                    nullable: true
+                                    type: array
+                                  pool:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  user:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              scaleIO:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  gateway:
+                                    nullable: true
+                                    type: string
+                                  protectionDomain:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  sslEnabled:
+                                    type: boolean
+                                  storageMode:
+                                    nullable: true
+                                    type: string
+                                  storagePool:
+                                    nullable: true
+                                    type: string
+                                  system:
+                                    nullable: true
+                                    type: string
+                                  volumeName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              secret:
+                                nullable: true
+                                properties:
+                                  defaultMode:
+                                    nullable: true
+                                    type: integer
+                                  items:
+                                    items:
+                                      properties:
+                                        key:
+                                          nullable: true
+                                          type: string
+                                        mode:
+                                          nullable: true
+                                          type: integer
+                                        path:
+                                          nullable: true
+                                          type: string
+                                      type: object
+                                    nullable: true
+                                    type: array
+                                  optional:
+                                    nullable: true
+                                    type: boolean
+                                  secretName:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              storageos:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  readOnly:
+                                    type: boolean
+                                  secretRef:
+                                    nullable: true
+                                    properties:
+                                      name:
+                                        nullable: true
+                                        type: string
+                                    type: object
+                                  volumeName:
+                                    nullable: true
+                                    type: string
+                                  volumeNamespace:
+                                    nullable: true
+                                    type: string
+                                type: object
+                              vsphereVolume:
+                                nullable: true
+                                properties:
+                                  fsType:
+                                    nullable: true
+                                    type: string
+                                  storagePolicyID:
+                                    nullable: true
+                                    type: string
+                                  storagePolicyName:
+                                    nullable: true
+                                    type: string
+                                  volumePath:
+                                    nullable: true
+                                    type: string
+                                type: object
+                            type: object
+                          nullable: true
+                          type: array
+                      type: object
+                  type: object
+                ttlSecondsAfterFinished:
+                  nullable: true
+                  type: integer
+              type: object
+            syncInterval:
+              type: integer
+          type: object
+        status:
+          properties:
+            commit:
+              nullable: true
+              type: string
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            event:
+              nullable: true
+              type: string
+            hookId:
+              nullable: true
+              type: string
+            jobStatus:
+              nullable: true
+              type: string
+            lastExecutedCommit:
+              nullable: true
+              type: string
+            lastSyncedTime:
+              nullable: true
+              type: string
+            observedGeneration:
+              type: integer
+            secretToken:
+              nullable: true
+              type: string
+            updateGeneration:
+              type: integer
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
+{{- end -}}
diff --git a/charts/fleet/fleet/100.0.1+up0.3.7/Chart.yaml b/charts/fleet/fleet/100.0.1+up0.3.7/Chart.yaml
new file mode 100644
index 000000000..2a0222352
--- /dev/null
+++ b/charts/fleet/fleet/100.0.1+up0.3.7/Chart.yaml
@@ -0,0 +1,19 @@
+annotations:
+  catalog.cattle.io/auto-install: fleet-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/experimental: "true"
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-fleet-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1
+  catalog.cattle.io/release-name: fleet
+apiVersion: v2
+appVersion: 0.3.7
+dependencies:
+- condition: gitops.enabled
+  name: gitjob
+  repository: file://./charts/gitjob
+description: Fleet Manager - GitOps at Scale
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet
+version: 100.0.1+up0.3.7
diff --git a/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/.helmignore b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/.helmignore
new file mode 100644
index 000000000..691fa13d6
--- /dev/null
+++ b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
\ No newline at end of file
diff --git a/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/Chart.yaml b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/Chart.yaml
new file mode 100644
index 000000000..cf9151510
--- /dev/null
+++ b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+appVersion: v0.1.21
+description: Controller that run jobs based on git events
+name: gitjob
+version: v0.1.21
diff --git a/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/_helpers.tpl b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/_helpers.tpl
new file mode 100644
index 000000000..f652b5643
--- /dev/null
+++ b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/_helpers.tpl
@@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/clusterrole.yaml b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/clusterrole.yaml
new file mode 100644
index 000000000..bcad90164
--- /dev/null
+++ b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/clusterrole.yaml
@@ -0,0 +1,38 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gitjob
+rules:
+  - apiGroups:
+      - "batch"
+    resources:
+      - 'jobs'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - 'pods'
+    verbs:
+      - 'list'
+      - 'get'
+      - 'watch'
+  - apiGroups:
+      - ""
+    resources:
+      - 'secrets'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - 'configmaps'
+    verbs:
+      - '*'
+  - apiGroups:
+      - "gitjob.cattle.io"
+    resources:
+      - "gitjobs"
+      - "gitjobs/status"
+    verbs:
+      - "*"
\ No newline at end of file
diff --git a/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/clusterrolebinding.yaml b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..0bf07c4ef
--- /dev/null
+++ b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: gitjob-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: gitjob
+subjects:
+  - kind: ServiceAccount
+    name: gitjob
+    namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/deployment.yaml b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/deployment.yaml
new file mode 100644
index 000000000..a12a30d92
--- /dev/null
+++ b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/deployment.yaml
@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitjob
+spec:
+  selector:
+    matchLabels:
+      app: "gitjob"
+  template:
+    metadata:
+      labels:
+        app: "gitjob"
+    spec:
+      serviceAccountName: gitjob
+      containers:
+        - image: "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}"
+          name: gitjob
+          command:
+          - gitjob
+          - --tekton-image
+          - "{{ template "system_default_registry" . }}{{ .Values.tekton.repository }}:{{ .Values.tekton.tag }}"
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          {{- if .Values.proxy }}
+            - name: HTTP_PROXY
+              value: {{ .Values.proxy }}
+            - name: HTTPS_PROXY
+              value: {{ .Values.proxy }}
+            - name: NO_PROXY
+              value: {{ .Values.noProxy }}
+          {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/service.yaml b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/service.yaml
new file mode 100644
index 000000000..bf57c1b55
--- /dev/null
+++ b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitjob
+spec:
+  ports:
+    - name: http-80
+      port: 80
+      protocol: TCP
+      targetPort: 8080
+  selector:
+    app: "gitjob"
\ No newline at end of file
diff --git a/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/serviceaccount.yaml b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/serviceaccount.yaml
new file mode 100644
index 000000000..5f8aecb04
--- /dev/null
+++ b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gitjob
diff --git a/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/values.yaml b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/values.yaml
new file mode 100644
index 000000000..0cb5b31a6
--- /dev/null
+++ b/charts/fleet/fleet/100.0.1+up0.3.7/charts/gitjob/values.yaml
@@ -0,0 +1,26 @@
+gitjob:
+  repository: rancher/gitjob
+  tag: v0.1.21
+
+tekton:
+  repository: rancher/tekton-utils
+  tag: v0.1.2
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+# http[s] proxy server
+# proxy: http://<username>@<password>:<url>:<port>
+
+# comma separated list of domains or ip addresses that will not use the proxy
+noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
+
+nodeSelector:
+  kubernetes.io/os: linux
+
+tolerations:
+  - key: cattle.io/os
+    operator: "Equal"
+    value: "linux"
+    effect: NoSchedule
diff --git a/charts/fleet/fleet/100.0.1+up0.3.7/templates/_helpers.tpl b/charts/fleet/fleet/100.0.1+up0.3.7/templates/_helpers.tpl
new file mode 100644
index 000000000..f652b5643
--- /dev/null
+++ b/charts/fleet/fleet/100.0.1+up0.3.7/templates/_helpers.tpl
@@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet/fleet/100.0.1+up0.3.7/templates/configmap.yaml b/charts/fleet/fleet/100.0.1+up0.3.7/templates/configmap.yaml
new file mode 100644
index 000000000..6b8d6f05a
--- /dev/null
+++ b/charts/fleet/fleet/100.0.1+up0.3.7/templates/configmap.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fleet-controller
+data:
+  config: |
+    {
+      "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}",
+      "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}",
+      "apiServerURL": "{{.Values.apiServerURL}}",
+      "apiServerCA": "{{b64enc .Values.apiServerCA}}",
+      "agentCheckinInterval": "{{.Values.agentCheckinInterval}}",
+      "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}},
+      "bootstrap": {
+        "paths": "{{.Values.bootstrap.paths}}",
+        "repo": "{{.Values.bootstrap.repo}}",
+        "secret": "{{.Values.bootstrap.secret}}",
+        "branch":  "{{.Values.bootstrap.branch}}",
+        "namespace": "{{.Values.bootstrap.namespace}}",
+        "agentNamespace": "{{.Values.bootstrap.agentNamespace}}",
+      },
+      "webhookReceiverURL": "{{.Values.webhookReceiverURL}}",
+      "githubURLPrefix": "{{.Values.githubURLPrefix}}"
+    }
diff --git a/charts/fleet/fleet/100.0.1+up0.3.7/templates/deployment.yaml b/charts/fleet/fleet/100.0.1+up0.3.7/templates/deployment.yaml
new file mode 100644
index 000000000..c22a23739
--- /dev/null
+++ b/charts/fleet/fleet/100.0.1+up0.3.7/templates/deployment.yaml
@@ -0,0 +1,44 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fleet-controller
+spec:
+  selector:
+    matchLabels:
+      app: fleet-controller
+  template:
+    metadata:
+      labels:
+        app: fleet-controller
+    spec:
+      containers:
+      - env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        {{- if .Values.proxy }}
+        - name: HTTP_PROXY
+          value: {{ .Values.proxy }}
+        - name: HTTPS_PROXY
+          value: {{ .Values.proxy }}
+        - name: NO_PROXY
+          value: {{ .Values.noProxy }}
+        {{- end }}
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: fleet-controller
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+        command:
+        - fleetcontroller
+        {{- if not .Values.gitops.enabled }}
+        - --disable-gitops
+        {{- end }}
+      serviceAccountName: fleet-controller
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/fleet/fleet/100.0.1+up0.3.7/templates/rbac.yaml b/charts/fleet/fleet/100.0.1+up0.3.7/templates/rbac.yaml
new file mode 100644
index 000000000..59df51b1f
--- /dev/null
+++ b/charts/fleet/fleet/100.0.1+up0.3.7/templates/rbac.yaml
@@ -0,0 +1,106 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-controller
+rules:
+- apiGroups:
+  - gitjob.cattle.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - fleet.cattle.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - serviceaccounts
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  verbs:
+  - '*'
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  - clusterrolebindings
+  - roles
+  - rolebindings
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-controller
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller
+  namespace: {{.Release.Namespace}}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: fleet-controller
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: fleet-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: fleet-controller
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-controller-bootstrap
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-controller-bootstrap
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-controller-bootstrap
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller-bootstrap
+  namespace: {{.Release.Namespace}}
diff --git a/charts/fleet/fleet/100.0.1+up0.3.7/templates/serviceaccount.yaml b/charts/fleet/fleet/100.0.1+up0.3.7/templates/serviceaccount.yaml
new file mode 100644
index 000000000..bd99d9958
--- /dev/null
+++ b/charts/fleet/fleet/100.0.1+up0.3.7/templates/serviceaccount.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-controller
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-controller-bootstrap
diff --git a/charts/fleet/fleet/100.0.1+up0.3.7/values.yaml b/charts/fleet/fleet/100.0.1+up0.3.7/values.yaml
new file mode 100644
index 000000000..cbf79619b
--- /dev/null
+++ b/charts/fleet/fleet/100.0.1+up0.3.7/values.yaml
@@ -0,0 +1,59 @@
+image:
+  repository: rancher/fleet
+  tag: v0.3.7
+  imagePullPolicy: IfNotPresent
+
+agentImage:
+  repository: rancher/fleet-agent
+  tag: v0.3.7
+  imagePullPolicy: IfNotPresent
+
+# For cluster registration the public URL of the Kubernetes API server must be set here
+# Example: https://example.com:6443
+apiServerURL: ""
+
+# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here
+# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
+apiServerCA: ""
+
+# A duration string for how often agents should report a heartbeat
+agentCheckinInterval: "15m"
+
+# Whether you want to allow cluster upon registration to specify their labels.
+ignoreClusterRegistrationLabels: false
+
+# http[s] proxy server
+# proxy: http://<username>@<password>:<url>:<port>
+
+# comma separated list of domains or ip addresses that will not use the proxy
+noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
+
+bootstrap:
+  # The namespace that will be autocreated and the local cluster will be registered in
+  namespace: fleet-local
+  # The namespace where the fleet agent for the local cluster will be ran, if empty
+  # this will default to fleet-system
+  agentNamespace: ""
+  # A repo to add at install time that will deploy to the local cluster. This allows
+  # one to fully bootstrap fleet, it's configuration and all it's downstream clusters
+  # in one shot.
+  repo: ""
+  secret: ""
+  branch: master
+  paths: ""
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+nodeSelector:
+  kubernetes.io/os: linux
+
+tolerations:
+  - key: cattle.io/os
+    operator: "Equal"
+    value: "linux"
+    effect: NoSchedule
+
+gitops:
+  enabled: true
diff --git a/charts/longhorn-1.1/longhorn-crd/100.0.0+up1.1.2/Chart.yaml b/charts/longhorn-1.1/longhorn-crd/100.0.0+up1.1.2/Chart.yaml
new file mode 100644
index 000000000..f2baeee0b
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn-crd/100.0.0+up1.1.2/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: longhorn-system
+  catalog.cattle.io/release-name: longhorn-crd
+apiVersion: v1
+description: Installs the CRDs for longhorn.
+name: longhorn-crd
+type: application
+version: 100.0.0+up1.1.2
diff --git a/charts/longhorn-1.1/longhorn-crd/100.0.0+up1.1.2/README.md b/charts/longhorn-1.1/longhorn-crd/100.0.0+up1.1.2/README.md
new file mode 100644
index 000000000..d9f7f14b3
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn-crd/100.0.0+up1.1.2/README.md
@@ -0,0 +1,2 @@
+# longhorn-crd
+A Rancher chart that installs the CRDs used by longhorn.
diff --git a/charts/longhorn-1.1/longhorn-crd/100.0.0+up1.1.2/templates/crds.yaml b/charts/longhorn-1.1/longhorn-crd/100.0.0+up1.1.2/templates/crds.yaml
new file mode 100644
index 000000000..f352ce370
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn-crd/100.0.0+up1.1.2/templates/crds.yaml
@@ -0,0 +1,524 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.1.2
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.1.2
+    longhorn-manager: Engine
+  name: engines.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: Engine
+    listKind: EngineList
+    plural: engines
+    shortNames:
+    - lhe
+    singular: engine
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: State
+      type: string
+      description: The current state of the engine
+      jsonPath: .status.currentState
+    - name: Node
+      type: string
+      description: The node that the engine is on
+      jsonPath: .spec.nodeID
+    - name: InstanceManager
+      type: string
+      description: The instance manager of the engine
+      jsonPath: .status.instanceManagerName
+    - name: Image
+      type: string
+      description: The current image of the engine
+      jsonPath: .status.currentImage
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.1.2
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.1.2
+    longhorn-manager: Replica
+  name: replicas.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: Replica
+    listKind: ReplicaList
+    plural: replicas
+    shortNames:
+    - lhr
+    singular: replica
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: State
+      type: string
+      description: The current state of the replica
+      jsonPath: .status.currentState
+    - name: Node
+      type: string
+      description: The node that the replica is on
+      jsonPath: .spec.nodeID
+    - name: Disk
+      type: string
+      description: The disk that the replica is on
+      jsonPath: .spec.diskID
+    - name: InstanceManager
+      type: string
+      description: The instance manager of the replica
+      jsonPath: .status.instanceManagerName
+    - name: Image
+      type: string
+      description: The current image of the replica
+      jsonPath: .status.currentImage
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.1.2
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.1.2
+    longhorn-manager: Setting
+  name: settings.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: Setting
+    listKind: SettingList
+    plural: settings
+    shortNames:
+    - lhs
+    singular: setting
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        x-kubernetes-preserve-unknown-fields: true
+    additionalPrinterColumns:
+    - name: Value
+      type: string
+      description: The value of the setting
+      jsonPath: .value
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.1.2
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.1.2
+    longhorn-manager: Volume
+  name: volumes.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: Volume
+    listKind: VolumeList
+    plural: volumes
+    shortNames:
+    - lhv
+    singular: volume
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: State
+      type: string
+      description: The state of the volume
+      jsonPath: .status.state
+    - name: Robustness
+      type: string
+      description: The robustness of the volume
+      jsonPath: .status.robustness
+    - name: Scheduled
+      type: string
+      description: The scheduled condition of the volume
+      jsonPath: .status.conditions['scheduled']['status']
+    - name: Size
+      type: string
+      description: The size of the volume
+      jsonPath: .spec.size
+    - name: Node
+      type: string
+      description: The node that the volume is currently attaching to
+      jsonPath: .status.currentNodeID
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.1.2
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.1.2
+    longhorn-manager: EngineImage
+  name: engineimages.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: EngineImage
+    listKind: EngineImageList
+    plural: engineimages
+    shortNames:
+    - lhei
+    singular: engineimage
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: State
+      type: string
+      description: State of the engine image
+      jsonPath: .status.state
+    - name: Image
+      type: string
+      description: The Longhorn engine image
+      jsonPath: .spec.image
+    - name: RefCount
+      type: integer
+      description: Number of volumes are using the engine image
+      jsonPath: .status.refCount
+    - name: BuildDate
+      type: date
+      description: The build date of the engine image
+      jsonPath: .status.buildDate
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.1.2
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.1.2
+    longhorn-manager: Node
+  name: nodes.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: Node
+    listKind: NodeList
+    plural: nodes
+    shortNames:
+    - lhn
+    singular: node
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: Ready
+      type: string
+      description: Indicate whether the node is ready
+      jsonPath: .status.conditions['Ready']['status']
+    - name: AllowScheduling
+      type: boolean
+      description: Indicate whether the user disabled/enabled replica scheduling for the node
+      jsonPath: .spec.allowScheduling
+    - name: Schedulable
+      type: string
+      description: Indicate whether Longhorn can schedule replicas on the node
+      jsonPath: .status.conditions['Schedulable']['status']
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.1.2
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.1.2
+    longhorn-manager: InstanceManager
+  name: instancemanagers.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: InstanceManager
+    listKind: InstanceManagerList
+    plural: instancemanagers
+    shortNames:
+    - lhim
+    singular: instancemanager
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: State
+      type: string
+      description: The state of the instance manager
+      jsonPath: .status.currentState
+    - name: Type
+      type: string
+      description: The type of the instance manager (engine or replica)
+      jsonPath: .spec.type
+    - name: Node
+      type: string
+      description: The node that the instance manager is running on
+      jsonPath: .spec.nodeID
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.1.2
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.1.2
+    longhorn-manager: ShareManager
+  name: sharemanagers.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: ShareManager
+    listKind: ShareManagerList
+    plural: sharemanagers
+    shortNames:
+    - lhsm
+    singular: sharemanager
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: State
+      type: string
+      description: The state of the share manager
+      jsonPath: .status.state
+    - name: Node
+      type: string
+      description: The node that the share manager is owned by
+      jsonPath: .status.ownerID
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.1.2
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.1.2
+    longhorn-manager: BackingImage
+  name: backingimages.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: BackingImage
+    listKind: BackingImageList
+    plural: backingimages
+    shortNames:
+      - lhbi
+    singular: backingimage
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: Image
+      type: string
+      description: The backing image name
+      jsonPath: .spec.image
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.1.2
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.1.2
+    longhorn-manager: BackingImageManager
+  name: backingimagemanagers.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: BackingImageManager
+    listKind: BackingImageManagerList
+    plural: backingimagemanagers
+    shortNames:
+      - lhbim
+    singular: backingimagemanager
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: State
+      type: string
+      description: The current state of the manager
+      jsonPath: .status.currentState
+    - name: Image
+      type: string
+      description: The image the manager pod will use
+      jsonPath: .spec.image
+    - name: Node
+      type: string
+      description: The node the manager is on
+      jsonPath: .spec.nodeID
+    - name: DiskUUID
+      type: string
+      description: The disk the manager is responsible for
+      jsonPath: .spec.diskUUID
+    - name: DiskPath
+      type: string
+      description: The disk path the manager is using
+      jsonPath: .spec.diskPath
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/.helmignore b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/.helmignore
new file mode 100644
index 000000000..f0c131944
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/Chart.yaml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/Chart.yaml
new file mode 100644
index 000000000..0afd44e06
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/Chart.yaml
@@ -0,0 +1,40 @@
+annotations:
+  catalog.cattle.io/auto-install: longhorn-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Longhorn
+  catalog.cattle.io/namespace: longhorn-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: longhorn.io/v1beta1
+  catalog.cattle.io/rancher-version: '>= 2.6.0-0'
+  catalog.cattle.io/release-name: longhorn
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/ui-component: longhorn
+apiVersion: v1
+appVersion: v1.1.2
+description: Longhorn is a distributed block storage system for Kubernetes.
+home: https://github.com/longhorn/longhorn
+icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.png
+keywords:
+- longhorn
+- storage
+- distributed
+- block
+- device
+- iscsi
+- nfs
+kubeVersion: '>=v1.16.0-r0'
+maintainers:
+- email: maintainers@longhorn.io
+  name: Longhorn maintainers
+name: longhorn
+sources:
+- https://github.com/longhorn/longhorn
+- https://github.com/longhorn/longhorn-engine
+- https://github.com/longhorn/longhorn-instance-manager
+- https://github.com/longhorn/longhorn-share-manager
+- https://github.com/longhorn/backing-image-manager
+- https://github.com/longhorn/longhorn-manager
+- https://github.com/longhorn/longhorn-ui
+- https://github.com/longhorn/longhorn-tests
+- https://github.com/longhorn/backing-image-manager
+version: 100.0.0+up1.1.2
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/README.md b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/README.md
new file mode 100644
index 000000000..765694619
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/README.md
@@ -0,0 +1,33 @@
+# Longhorn Chart
+
+> **Important**: Please install the Longhorn chart in the `longhorn-system` namespace only.
+
+> **Warning**: Longhorn doesn't support downgrading from a higher version to a lower version.
+
+## Source Code
+
+Longhorn is 100% open source software. Project source code is spread across a number of repos:
+
+1. Longhorn Engine -- Core controller/replica logic https://github.com/longhorn/longhorn-engine
+2. Longhorn Instance Manager -- Controller/replica instance lifecycle management https://github.com/longhorn/longhorn-instance-manager
+3. Longhorn Share Manager -- NFS provisioner that exposes Longhorn volumes as ReadWriteMany volumes. https://github.com/longhorn/longhorn-share-manager
+4. Backing Image Manager -- Backing image file lifecycle management. https://github.com/longhorn/backing-image-manager
+5. Longhorn Manager -- Longhorn orchestration, includes CSI driver for Kubernetes https://github.com/longhorn/longhorn-manager
+6. Longhorn UI -- Dashboard https://github.com/longhorn/longhorn-ui
+
+## Prerequisites
+
+1. A container runtime compatible with Kubernetes (Docker v1.13+, containerd v1.3.7+, etc.)
+2. Kubernetes v1.16+
+3. Make sure `bash`, `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster.
+4. Make sure `open-iscsi` has been installed, and the `iscsid` daemon is running on all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already.
+
+## Uninstallation
+
+To prevent damage to the Kubernetes cluster, we recommend deleting all Kubernetes workloads using Longhorn volumes (PersistentVolume, PersistentVolumeClaim, StorageClass, Deployment, StatefulSet, DaemonSet, etc).
+
+From Rancher Cluster Explorer UI, navigate to Apps page, delete app `longhorn` then app `longhorn-crd` in Installed Apps tab.
+
+
+---
+Please see [link](https://github.com/longhorn/longhorn) for more information.
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/app-readme.md b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/app-readme.md
new file mode 100644
index 000000000..cb23135ca
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/app-readme.md
@@ -0,0 +1,11 @@
+# Longhorn
+
+Longhorn is a lightweight, reliable and easy to use distributed block storage system for Kubernetes. Once deployed, users can leverage persistent volumes provided by Longhorn.
+
+Longhorn creates a dedicated storage controller for each volume and synchronously replicates the volume across multiple replicas stored on multiple nodes. The storage controller and replicas are themselves orchestrated using Kubernetes. Longhorn supports snapshots, backups and even allows you to schedule recurring snapshots and backups!
+
+**Important**: Please install Longhorn chart in `longhorn-system` namespace only.
+
+**Warning**: Longhorn doesn't support downgrading from a higher version to a lower version.
+
+[Chart Documentation](https://github.com/longhorn/longhorn/blob/master/chart/README.md)
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/questions.yml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/questions.yml
new file mode 100644
index 000000000..fd9326551
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/questions.yml
@@ -0,0 +1,532 @@
+categories:
+- storage
+namespace: longhorn-system
+questions:
+- variable: image.defaultImage
+  default: "true"
+  description: "Use default Longhorn images"
+  label: Use Default Images
+  type: boolean
+  show_subquestion_if: false
+  group: "Longhorn Images"
+  subquestions:
+  - variable: image.longhorn.manager.repository
+    default: rancher/mirrored-longhornio-longhorn-manager
+    description: "Specify Longhorn Manager Image Repository"
+    type: string
+    label: Longhorn Manager Image Repository
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.manager.tag
+    default: v1.1.2
+    description: "Specify Longhorn Manager Image Tag"
+    type: string
+    label: Longhorn Manager Image Tag
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.engine.repository
+    default: rancher/mirrored-longhornio-longhorn-engine
+    description: "Specify Longhorn Engine Image Repository"
+    type: string
+    label: Longhorn Engine Image Repository
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.engine.tag
+    default: v1.1.2
+    description: "Specify Longhorn Engine Image Tag"
+    type: string
+    label: Longhorn Engine Image Tag
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.ui.repository
+    default:  rancher/mirrored-longhornio-longhorn-ui
+    description: "Specify Longhorn UI Image Repository"
+    type: string
+    label: Longhorn UI Image Repository
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.ui.tag
+    default: v1.1.2
+    description: "Specify Longhorn UI Image Tag"
+    type: string
+    label: Longhorn UI Image Tag
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.instanceManager.repository
+    default: rancher/mirrored-longhornio-longhorn-instance-manager
+    description: "Specify Longhorn Instance Manager Image Repository"
+    type: string
+    label: Longhorn Instance Manager Image Repository
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.instanceManager.tag
+    default: v1_20210621
+    description: "Specify Longhorn Instance Manager Image Tag"
+    type: string
+    label: Longhorn Instance Manager Image Tag
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.shareManager.repository
+    default: rancher/mirrored-longhornio-longhorn-share-manager
+    description: "Specify Longhorn Share Manager Image Repository"
+    type: string
+    label: Longhorn Share Manager Image Repository
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.shareManager.tag
+    default: v1_20210416
+    description: "Specify Longhorn Share Manager Image Tag"
+    type: string
+    label: Longhorn Share Manager Image Tag
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.backingImageManager.repository
+    default: rancher/mirrored-longhornio-backing-image-manager
+    description: "Specify Longhorn Backing Image Manager Image Repository"
+    type: string
+    label: Longhorn Backing Image Manager Image Repository
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.backingImageManager.tag
+    default: v1_20210422
+    description: "Specify Longhorn Backing Image Manager Image Tag"
+    type: string
+    label: Longhorn Backing Image Manager Image Tag
+    group: "Longhorn Images Settings"
+  - variable: image.csi.attacher.repository
+    default: rancher/mirrored-longhornio-csi-attacher
+    description: "Specify CSI attacher image repository. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Attacher Image Repository
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.attacher.tag
+    default: v2.2.1-lh2
+    description: "Specify CSI attacher image tag. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Attacher Image Tag
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.provisioner.repository
+    default: rancher/mirrored-longhornio-csi-provisioner
+    description: "Specify CSI provisioner image repository. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Provisioner Image Repository
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.provisioner.tag
+    default: v1.6.0-lh2
+    description: "Specify CSI provisioner image tag. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Provisioner Image Tag
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.nodeDriverRegistrar.repository
+    default: rancher/mirrored-longhornio-csi-node-driver-registrar
+    description: "Specify CSI Node Driver Registrar image repository. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Node Driver Registrar Image Repository
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.nodeDriverRegistrar.tag
+    default: v1.2.0-lh1
+    description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Node Driver Registrar Image Tag
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.resizer.repository
+    default: rancher/mirrored-longhornio-csi-resizer
+    description: "Specify CSI Driver Resizer image repository. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Driver Resizer Image Repository
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.resizer.tag
+    default: v0.5.1-lh2
+    description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Driver Resizer Image Tag
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.snapshotter.repository
+    default: rancher/mirrored-longhornio-csi-snapshotter
+    description: "Specify CSI Driver Snapshotter image repository. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Driver Snapshotter Image Repository
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.snapshotter.tag
+    default: v2.1.1-lh2
+    description: "Specify CSI Driver Snapshotter image tag. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Driver Snapshotter Image Tag
+    group: "Longhorn CSI Driver Images"
+- variable: privateRegistry.registryUrl
+  label: Private registry URL
+  description: "URL of private registry. Leave blank to apply system default registry."
+  group: "Private Registry Settings"
+  type: string
+  default: ""
+- variable: privateRegistry.registryUser
+  label: Private registry user
+  description: "User used to authenticate to private registry"
+  group: "Private Registry Settings"
+  type: string
+  default: ""
+- variable: privateRegistry.registryPasswd
+  label: Private registry password
+  description: "Password used to authenticate to private registry"
+  group: "Private Registry Settings"
+  type: password
+  default: ""
+- variable: privateRegistry.registrySecret
+  label: Private registry secret name
+  description: "Longhorn will automatically generate a Kubernetes secret with this name and use it to pull images from your private registry."
+  group: "Private Registry Settings"
+  type: string
+  default: ""
+- variable: longhorn.default_setting
+  default: "false"
+  description: "Customize the default settings before installing Longhorn for the first time. This option will only work if the cluster hasn't installed Longhorn."
+  label: "Customize Default Settings"
+  type: boolean
+  show_subquestion_if: true
+  group: "Longhorn Default Settings"
+  subquestions:
+  - variable: csi.kubeletRootDir
+    default:
+    description: "Specify kubelet root-dir. Leave blank to autodetect."
+    type: string
+    label: Kubelet Root Directory
+    group: "Longhorn CSI Driver Settings"
+  - variable: csi.attacherReplicaCount
+    type: int
+    default: 3
+    min: 1
+    max: 10
+    description: "Specify replica count of CSI Attacher. By default 3."
+    label: Longhorn CSI Attacher replica count
+    group: "Longhorn CSI Driver Settings"
+  - variable: csi.provisionerReplicaCount
+    type: int
+    default: 3
+    min: 1
+    max: 10
+    description: "Specify replica count of CSI Provisioner. By default 3."
+    label: Longhorn CSI Provisioner replica count
+    group: "Longhorn CSI Driver Settings"
+  - variable: csi.resizerReplicaCount
+    type: int
+    default: 3
+    min: 1
+    max: 10
+    description: "Specify replica count of CSI Resizer. By default 3."
+    label: Longhorn CSI Resizer replica count
+    group: "Longhorn CSI Driver Settings"
+  - variable: csi.snapshotterReplicaCount
+    type: int
+    default: 3
+    min: 1
+    max: 10
+    description: "Specify replica count of CSI Snapshotter. By default 3."
+    label: Longhorn CSI Snapshotter replica count
+    group: "Longhorn CSI Driver Settings"
+  - variable: defaultSettings.backupTarget
+    label: Backup Target
+    description: "The endpoint used to access the backupstore. NFS and S3 are supported."
+    group: "Longhorn Default Settings"
+    type: string
+    default:
+  - variable: defaultSettings.backupTargetCredentialSecret
+    label: Backup Target Credential Secret
+    description: "The name of the Kubernetes secret associated with the backup target."
+    group: "Longhorn Default Settings"
+    type: string
+    default:
+  - variable: defaultSettings.allowRecurringJobWhileVolumeDetached
+    label: Allow Recurring Job While Volume Is Detached
+    description: 'If this setting is enabled, Longhorn will automatically attaches the volume and takes snapshot/backup when it is the time to do recurring snapshot/backup.
+Note that the volume is not ready for workload during the period when the volume was automatically attached. Workload will have to wait until the recurring job finishes.'
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "false"
+  - variable: defaultSettings.createDefaultDiskLabeledNodes
+    label: Create Default Disk on Labeled Nodes
+    description: 'Create default Disk automatically only on Nodes with the label "node.longhorn.io/create-default-disk=true" if no other disks exist. If disabled, the default disk will be created on all new nodes when each node is first added.'
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "false"
+  - variable: defaultSettings.defaultDataPath
+    label: Default Data Path
+    description: 'Default path to use for storing data on a host. By default "/var/lib/longhorn/"'
+    group: "Longhorn Default Settings"
+    type: string
+    default: "/var/lib/longhorn/"
+  - variable: defaultSettings.defaultDataLocality
+    label: Default Data Locality
+    description: 'We say a Longhorn volume has data locality if there is a local replica of the volume on the same node as the pod which is using the volume.
+This setting specifies the default data locality when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `dataLocality` in the StorageClass
+The available modes are:
+- **disabled**. This is the default option. There may or may not be a replica on the same node as the attached volume (workload)
+- **best-effort**. This option instructs Longhorn to try to keep a replica on the same node as the attached volume (workload). Longhorn will not stop the volume, even if it cannot keep a replica local to the attached volume (workload) due to environment limitation, e.g. not enough disk space, incompatible disk tags, etc.'
+    group: "Longhorn Default Settings"
+    type: enum
+    options:
+    - "disabled"
+    - "best-effort"
+    default: "disabled"
+  - variable: defaultSettings.replicaSoftAntiAffinity
+    label: Replica Node Level Soft Anti-Affinity
+    description: 'Allow scheduling on nodes with existing healthy replicas of the same volume. By default false.'
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "false"
+  - variable: defaultSettings.storageOverProvisioningPercentage
+    label: Storage Over Provisioning Percentage
+    description: "The over-provisioning percentage defines how much storage can be allocated relative to the hard drive's capacity. By default 200."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    default: 200
+  - variable: defaultSettings.storageMinimalAvailablePercentage
+    label: Storage Minimal Available Percentage
+    description: "If the minimum available disk capacity exceeds the actual percentage of available disk capacity, the disk becomes unschedulable until more space is freed up. By default 25."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    max: 100
+    default: 25
+  - variable: defaultSettings.upgradeChecker
+    label: Enable Upgrade Checker
+    description: 'Upgrade Checker will check for new Longhorn version periodically. When there is a new version available, a notification will appear in the UI. By default true.'
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "true"
+  - variable: defaultSettings.defaultReplicaCount
+    label: Default Replica Count
+    description: "The default number of replicas when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `numberOfReplicas` in the StorageClass. By default 3."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 1
+    max: 20
+    default: 3
+  - variable: defaultSettings.defaultLonghornStaticStorageClass
+    label: Default Longhorn Static StorageClass Name
+    description: "The 'storageClassName' is given to PVs and PVCs that are created for an existing Longhorn volume. The StorageClass name can also be used as a label, so it is possible to use a Longhorn StorageClass to bind a workload to an existing PV without creating a Kubernetes StorageClass object. By default 'longhorn-static'."
+    group: "Longhorn Default Settings"
+    type: string
+    default: "longhorn-static"
+  - variable: defaultSettings.backupstorePollInterval
+    label: Backupstore Poll Interval
+    description: "In seconds. The backupstore poll interval determines how often Longhorn checks the backupstore for new backups. Set to 0 to disable the polling. By default 300."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    default: 300
+  - variable: defaultSettings.autoSalvage
+    label: Automatic salvage
+    description: "If enabled, volumes will be automatically salvaged when all the replicas become faulty e.g. due to network disconnection. Longhorn will try to figure out which replica(s) are usable, then use them for the volume. By default true."
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "true"
+  - variable: defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly
+    label: Automatically Delete Workload Pod when The Volume Is Detached Unexpectedly
+    description: 'If enabled, Longhorn will automatically delete the workload pod that is managed by a controller (e.g. deployment, statefulset, daemonset, etc...) when Longhorn volume is detached unexpectedly (e.g. during Kubernetes upgrade, Docker reboot, or network disconnect). By deleting the pod, its controller restarts the pod and Kubernetes handles volume reattachment and remount.
+If disabled, Longhorn will not delete the workload pod that is managed by a controller. You will have to manually restart the pod to reattach and remount the volume.
+**Note:** This setting does not apply to the workload pods that do not have a controller. Longhorn never deletes them.'
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "true"
+  - variable: defaultSettings.disableSchedulingOnCordonedNode
+    label: Disable Scheduling On Cordoned Node
+    description: "Disable Longhorn manager to schedule replica on Kubernetes cordoned node. By default true."
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "true"
+  - variable: defaultSettings.replicaZoneSoftAntiAffinity
+    label: Replica Zone Level Soft Anti-Affinity
+    description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. By default true."
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "true"
+  - variable: defaultSettings.nodeDownPodDeletionPolicy
+    label: Pod Deletion Policy When Node is Down
+    description: "Defines the Longhorn action when a Volume is stuck with a StatefulSet/Deployment Pod on a node that is down.
+- **do-nothing** is the default Kubernetes behavior of never force deleting StatefulSet/Deployment terminating pods. Since the pod on the node that is down isn't removed, Longhorn volumes are stuck on nodes that are down.
+- **delete-statefulset-pod** Longhorn will force delete StatefulSet terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods.
+- **delete-deployment-pod** Longhorn will force delete Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods.
+- **delete-both-statefulset-and-deployment-pod** Longhorn will force delete StatefulSet/Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods."
+    group: "Longhorn Default Settings"
+    type: enum
+    options:
+    - "do-nothing"
+    - "delete-statefulset-pod"
+    - "delete-deployment-pod"
+    - "delete-both-statefulset-and-deployment-pod"
+    default: "do-nothing"
+  - variable: defaultSettings.allowNodeDrainWithLastHealthyReplica
+    label: Allow Node Drain with the Last Healthy Replica
+    description: "By default, Longhorn will block `kubectl drain` action on a node if the node contains the last healthy replica of a volume.
+If this setting is enabled, Longhorn will **not** block `kubectl drain` action on a node even if the node contains the last healthy replica of a volume."
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "false"
+  - variable: defaultSettings.mkfsExt4Parameters
+    label: Custom mkfs.ext4 parameters
+    description: "Allows setting additional filesystem creation parameters for ext4. For older host kernels it might be necessary to disable the optional ext4 metadata_csum feature by specifying `-O ^64bit,^metadata_csum`."
+    group: "Longhorn Default Settings"
+    type: string
+  - variable: defaultSettings.disableReplicaRebuild
+    label: Disable Replica Rebuild
+    description: "This setting disable replica rebuild cross the whole cluster, eviction and data locality feature won't work if this setting is true. But doesn't have any impact to any current replica rebuild and restore disaster recovery volume."
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "false"
+  - variable: defaultSettings.replicaReplenishmentWaitInterval
+    label: Replica Replenishment Wait Interval
+    description: "In seconds. The interval determines how long Longhorn will wait at least in order to reuse the existing data on a failed replica rather than directly creating a new replica for a degraded volume.
+Warning: This option works only when there is a failed replica in the volume. And this option may block the rebuilding for a while in the case."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    default: 600
+  - variable: defaultSettings.disableRevisionCounter
+    label: Disable Revision Counter
+    description: "This setting is only for volumes created by UI. By default, this is false meaning there will be a reivision counter file to track every write to the volume. During salvage recovering Longhorn will pick the repica with largest reivision counter as candidate to recover the whole volume. If revision counter is disabled, Longhorn will not track every write to the volume. During the salvage recovering, Longhorn will use the 'volume-head-xxx.img' file last modification time and file size to pick the replica candidate to recover the whole volume."
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "false"
+  - variable: defaultSettings.systemManagedPodsImagePullPolicy
+    label: System Managed Pod Image Pull Policy
+    description: "This setting defines the Image Pull Policy of Longhorn system managed pods, e.g. instance manager, engine image, CSI driver, etc. The new Image Pull Policy will only apply after the system managed pods restart."
+    group: "Longhorn Default Settings"
+    type: enum
+    options:
+    - "if-not-present"
+    - "always"
+    - "never"
+    default: "if-not-present"
+  - variable: defaultSettings.allowVolumeCreationWithDegradedAvailability
+    label: Allow Volume Creation with Degraded Availability
+    description: "This setting allows user to create and attach a volume that doesn't have all the replicas scheduled at the time of creation."
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "true"
+  - variable: defaultSettings.autoCleanupSystemGeneratedSnapshot
+    label: Automatically Cleanup System Generated Snapshot
+    description: "This setting enables Longhorn to automatically cleanup the system generated snapshot after replica rebuild is done."
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "true"
+  - variable: defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit
+    label: Concurrent Automatic Engine Upgrade Per Node Limit
+    description: "This setting controls how Longhorn automatically upgrades volumes' engines to the new default engine image after upgrading Longhorn manager. The value of this setting specifies the maximum number of engines per node that are allowed to upgrade to the default engine image at the same time. If the value is 0, Longhorn will not automatically upgrade volumes' engines to default version."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    default: 0
+  - variable: defaultSettings.backingImageCleanupWaitInterval
+    label: Backing Image Cleanup Wait Interval
+    description: "This interval in minutes determines how long Longhorn will wait before cleaning up the backing image file when there is no replica in the disk using it."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    default: 60
+  - variable: defaultSettings.guaranteedEngineManagerCPU
+    label: Guaranteed Engine Manager CPU
+    description: "This integer value indicates how many percentage of the total allocatable CPU on each node will be reserved for each engine manager Pod. For example, 10 means 10% of the total CPU on a node will be allocated to each engine manager pod on this node. This will help maintain engine stability during high node workload.
+    In order to prevent unexpected volume engine crash as well as guarantee a relative acceptable IO performance, you can use the following formula to calculate a value for this setting:
+    Guaranteed Engine Manager CPU = The estimated max Longhorn volume engine count on a node * 0.1 / The total allocatable CPUs on the node * 100.
+    The result of above calculation doesn't mean that's the maximum CPU resources the Longhorn workloads require. To fully exploit the Longhorn volume I/O performance, you can allocate/guarantee more CPU resources via this setting.
+    If it's hard to estimate the usage now, you can leave it with the default value, which is 12%. Then you can tune it when there is no running workload using Longhorn volumes.
+    WARNING:
+      - Value 0 means unsetting CPU requests for engine manager pods.
+      - Considering the possible new instance manager pods in the further system upgrade, this integer value is range from 0 to 40. And the sum with setting 'Guaranteed Engine Manager CPU' should not be greater than 40.
+      - One more set of instance manager pods may need to be deployed when the Longhorn system is upgraded. If current available CPUs of the nodes are not enough for the new instance manager pods, you need to detach the volumes using the oldest instance manager pods so that Longhorn can clean up the old pods automatically and release the CPU resources. And the new pods with the latest instance manager image will be launched then.
+      - This global setting will be ignored for a node if the field \"EngineManagerCPURequest\" on the node is set.
+      - After this setting is changed, all engine manager pods using this global setting on all the nodes will be automatically restarted. In other words, DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    max: 40
+    default: 12
+  - variable: defaultSettings.guaranteedReplicaManagerCPU
+    label: Guaranteed Replica Manager CPU
+    description: "This integer value indicates how many percentage of the total allocatable CPU on each node will be reserved for each replica manager Pod. 10 means 10% of the total CPU on a node will be allocated to each replica manager pod on this node. This will help maintain replica stability during high node workload.
+    In order to prevent unexpected volume replica crash as well as guarantee a relative acceptable IO performance, you can use the following formula to calculate a value for this setting:
+    Guaranteed Replica Manager CPU = The estimated max Longhorn volume replica count on a node * 0.1 / The total allocatable CPUs on the node * 100.
+    The result of above calculation doesn't mean that's the maximum CPU resources the Longhorn workloads require. To fully exploit the Longhorn volume I/O performance, you can allocate/guarantee more CPU resources via this setting.
+    If it's hard to estimate the usage now, you can leave it with the default value, which is 12%. Then you can tune it when there is no running workload using Longhorn volumes.
+    WARNING:
+      - Value 0 means unsetting CPU requests for replica manager pods.
+      - Considering the possible new instance manager pods in the further system upgrade, this integer value is range from 0 to 40. And the sum with setting 'Guaranteed Replica Manager CPU' should not be greater than 40.
+      - One more set of instance manager pods may need to be deployed when the Longhorn system is upgraded. If current available CPUs of the nodes are not enough for the new instance manager pods, you need to detach the volumes using the oldest instance manager pods so that Longhorn can clean up the old pods automatically and release the CPU resources. And the new pods with the latest instance manager image will be launched then.
+      - This global setting will be ignored for a node if the field \"ReplicaManagerCPURequest\" on the node is set.
+      - After this setting is changed, all replica manager pods using this global setting on all the nodes will be automatically restarted. In other words, DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    max: 40
+    default: 12
+- variable: persistence.defaultClass
+  default: "true"
+  description: "Set as default StorageClass for Longhorn"
+  label: Default Storage Class
+  group: "Longhorn Storage Class Settings"
+  required: true
+  type: boolean
+- variable: persistence.reclaimPolicy
+  label: Storage Class Retain Policy
+  description: "Define reclaim policy (Retain or Delete)"
+  group: "Longhorn Storage Class Settings"
+  required: true
+  type: enum
+  options:
+  - "Delete"
+  - "Retain"
+  default: "Delete"
+- variable: persistence.defaultClassReplicaCount
+  description: "Set replica count for Longhorn StorageClass"
+  label: Default Storage Class Replica Count
+  group: "Longhorn Storage Class Settings"
+  type: int
+  min: 1
+  max: 10
+  default: 3
+- variable: persistence.recurringJobs.enable
+  description: "Enable recurring job for Longhorn StorageClass"
+  group: "Longhorn Storage Class Settings"
+  label: Enable Storage Class Recurring Job
+  type: boolean
+  default: false
+  show_subquestion_if: true
+  subquestions:
+  - variable: persistence.recurringJobs.jobList
+    description: 'Recurring job list for Longhorn StorageClass. Please be careful of quotes of input. e.g., [{"name":"backup", "task":"backup", "cron":"*/2 * * * *", "retain":1,"labels": {"interval":"2m"}}]'
+    label: Storage Class Recurring Job List
+    group: "Longhorn Storage Class Settings"
+    type: string
+    default:
+- variable: ingress.enabled
+  default: "false"
+  description: "Expose app using Layer 7 Load Balancer - ingress"
+  type: boolean
+  group: "Services and Load Balancing"
+  label: Expose app using Layer 7 Load Balancer
+  show_subquestion_if: true
+  subquestions:
+  - variable: ingress.host
+    default: "xip.io"
+    description: "layer 7 Load Balancer hostname"
+    type: hostname
+    required: true
+    label: Layer 7 Load Balancer Hostname
+- variable: service.ui.type
+  default: "Rancher-Proxy"
+  description: "Define Longhorn UI service type"
+  type: enum
+  options:
+    - "ClusterIP"
+    - "NodePort"
+    - "LoadBalancer"
+    - "Rancher-Proxy"
+  label: Longhorn UI Service
+  show_if: "ingress.enabled=false"
+  group: "Services and Load Balancing"
+  show_subquestion_if: "NodePort"
+  subquestions:
+  - variable: service.ui.nodePort
+    default: ""
+    description: "NodePort port number(to set explicitly, choose port between 30000-32767)"
+    type: int
+    min: 30000
+    max: 32767
+    show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer"
+    label: UI Service NodePort number
+- variable: enablePSP
+  default: "true"
+  description: "Setup a pod security policy for Longhorn workloads."
+  label: Pod Security Policy
+  type: boolean
+  group: "Other Settings"
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/NOTES.txt b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/NOTES.txt
new file mode 100644
index 000000000..cca7cd77b
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/NOTES.txt
@@ -0,0 +1,5 @@
+Longhorn is now installed on the cluster!
+
+Please wait a few minutes for other Longhorn components such as CSI deployments, Engine Images, and Instance Managers to be initialized.
+
+Visit our documentation at https://longhorn.io/docs/
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/_helpers.tpl b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/_helpers.tpl
new file mode 100644
index 000000000..3fbc2ac02
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/_helpers.tpl
@@ -0,0 +1,66 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "longhorn.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "longhorn.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "longhorn.managerIP" -}}
+{{- $fullname := (include "longhorn.fullname" .) -}}
+{{- printf "http://%s-backend:9500" $fullname | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "secret" }}
+{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }}
+{{- end }}
+
+{{- /*
+longhorn.labels generates the standard Helm labels.
+*/ -}}
+{{- define "longhorn.labels" -}}
+app.kubernetes.io/name: {{ template "longhorn.name" . }}
+helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/version: {{ .Chart.AppVersion }}
+{{- end -}}
+
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "registry_url" -}}
+{{- if .Values.privateRegistry.registryUrl -}}
+{{- printf "%s/" .Values.privateRegistry.registryUrl -}}
+{{- else -}}
+{{ include "system_default_registry" . }}
+{{- end -}}
+{{- end -}}
+
+{{- /*
+ define the longhorn release namespace
+*/ -}}
+{{- define "release_namespace" -}}
+{{- if .Values.namespaceOverride -}}
+{{- .Values.namespaceOverride -}}
+{{- else -}}
+{{- .Release.Namespace -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/clusterrole.yaml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/clusterrole.yaml
new file mode 100644
index 000000000..cd5aafb50
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/clusterrole.yaml
@@ -0,0 +1,47 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: longhorn-role
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - "*"
+- apiGroups: [""]
+  resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps"]
+  verbs: ["*"]
+- apiGroups: [""]
+  resources: ["namespaces"]
+  verbs: ["get", "list"]
+- apiGroups: ["apps"]
+  resources: ["daemonsets", "statefulsets", "deployments"]
+  verbs: ["*"]
+- apiGroups: ["batch"]
+  resources: ["jobs", "cronjobs"]
+  verbs: ["*"]
+- apiGroups: ["policy"]
+  resources: ["poddisruptionbudgets"]
+  verbs: ["*"]
+- apiGroups: ["scheduling.k8s.io"]
+  resources: ["priorityclasses"]
+  verbs: ["watch", "list"]
+- apiGroups: ["storage.k8s.io"]
+  resources: ["storageclasses", "volumeattachments", "csinodes", "csidrivers"]
+  verbs: ["*"]
+- apiGroups: ["snapshot.storage.k8s.io"]
+  resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"]
+  verbs: ["*"]
+- apiGroups: ["longhorn.io"]
+  resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
+              "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
+              "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status"]
+  verbs: ["*"]
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["*"]
+- apiGroups: ["metrics.k8s.io"]
+  resources: ["pods", "nodes"]
+  verbs: ["get", "list"]
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/clusterrolebinding.yaml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..66ac62f9b
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: longhorn-bind
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: longhorn-role
+subjects:
+- kind: ServiceAccount
+  name: longhorn-service-account
+  namespace: {{ include "release_namespace" . }}
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/daemonset-sa.yaml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/daemonset-sa.yaml
new file mode 100644
index 000000000..636a4c0c2
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/daemonset-sa.yaml
@@ -0,0 +1,125 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+    app: longhorn-manager
+  name: longhorn-manager
+  namespace: {{ include "release_namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      app: longhorn-manager
+  template:
+    metadata:
+      labels: {{- include "longhorn.labels" . | nindent 8 }}
+        app: longhorn-manager
+      {{- with .Values.annotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      containers:
+      - name: longhorn-manager
+        image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          privileged: true
+        command:
+        - longhorn-manager
+        - -d
+        - daemon
+        - --engine-image
+        - "{{ template "registry_url" . }}{{ .Values.image.longhorn.engine.repository }}:{{ .Values.image.longhorn.engine.tag }}"
+        - --instance-manager-image
+        - "{{ template "registry_url" . }}{{ .Values.image.longhorn.instanceManager.repository }}:{{ .Values.image.longhorn.instanceManager.tag }}"
+        - --share-manager-image
+        - "{{ template "registry_url" . }}{{ .Values.image.longhorn.shareManager.repository }}:{{ .Values.image.longhorn.shareManager.tag }}"
+        - --backing-image-manager-image
+        - "{{ template "registry_url" . }}{{ .Values.image.longhorn.backingImageManager.repository }}:{{ .Values.image.longhorn.backingImageManager.tag }}"
+        - --manager-image
+        - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}"
+        - --service-account
+        - longhorn-service-account
+        ports:
+        - containerPort: 9500
+          name: manager
+        readinessProbe:
+          tcpSocket:
+            port: 9500
+        volumeMounts:
+        - name: dev
+          mountPath: /host/dev/
+        - name: proc
+          mountPath: /host/proc/
+        - name: longhorn
+          mountPath: /var/lib/longhorn/
+          mountPropagation: Bidirectional
+        - name: longhorn-default-setting
+          mountPath: /var/lib/longhorn-setting/
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: DEFAULT_SETTING_PATH
+          value: /var/lib/longhorn-setting/default-setting.yaml
+      volumes:
+      - name: dev
+        hostPath:
+          path: /dev/
+      - name: proc
+        hostPath:
+          path: /proc/
+      - name: longhorn
+        hostPath:
+          path: /var/lib/longhorn/
+      - name: longhorn-default-setting
+        configMap:
+          name: longhorn-default-setting
+      {{- if .Values.privateRegistry.registrySecret }}
+      imagePullSecrets:
+      - name: {{ .Values.privateRegistry.registrySecret }}
+      {{- end }}
+      {{- if .Values.longhornManager.priorityClass }}
+      priorityClassName: {{ .Values.longhornManager.priorityClass | quote}}
+      {{- end }}
+      serviceAccountName: longhorn-service-account
+      {{- if .Values.longhornManager.tolerations }}
+      tolerations:
+{{ toYaml .Values.longhornManager.tolerations | indent 6 }}
+      {{- end }}
+      {{- if .Values.longhornManager.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }}
+      {{- end }}
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: "100%"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+    app: longhorn-manager
+  name: longhorn-backend
+  namespace: {{ include "release_namespace" . }}
+spec:
+  type: {{ .Values.service.manager.type }}
+  sessionAffinity: ClientIP
+  selector:
+    app: longhorn-manager
+  ports:
+  - name: manager
+    port: 9500
+    targetPort: manager
+    {{- if .Values.service.manager.nodePort }}
+    nodePort: {{ .Values.service.manager.nodePort }}
+    {{- end }}
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/default-setting.yaml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/default-setting.yaml
new file mode 100644
index 000000000..7c1861a78
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/default-setting.yaml
@@ -0,0 +1,41 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: longhorn-default-setting
+  namespace: {{ include "release_namespace" . }}
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+data:
+  default-setting.yaml: |-
+    backup-target: {{ .Values.defaultSettings.backupTarget }}
+    backup-target-credential-secret: {{ .Values.defaultSettings.backupTargetCredentialSecret }}
+    allow-recurring-job-while-volume-detached: {{ .Values.defaultSettings.allowRecurringJobWhileVolumeDetached }}
+    create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }}
+    default-data-path: {{ .Values.defaultSettings.defaultDataPath }}
+    replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }}
+    storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }}
+    storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }}
+    upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }}
+    default-replica-count: {{ .Values.defaultSettings.defaultReplicaCount }}
+    default-data-locality: {{ .Values.defaultSettings.defaultDataLocality }}
+    default-longhorn-static-storage-class: {{ .Values.defaultSettings.defaultLonghornStaticStorageClass }}
+    backupstore-poll-interval: {{ .Values.defaultSettings.backupstorePollInterval }}
+    taint-toleration: {{ .Values.defaultSettings.taintToleration }}
+    system-managed-components-node-selector: {{ .Values.defaultSettings.systemManagedComponentsNodeSelector }}
+    priority-class: {{ .Values.defaultSettings.priorityClass }}
+    auto-salvage: {{ .Values.defaultSettings.autoSalvage }}
+    auto-delete-pod-when-volume-detached-unexpectedly: {{ .Values.defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly }}
+    disable-scheduling-on-cordoned-node: {{ .Values.defaultSettings.disableSchedulingOnCordonedNode }}
+    replica-zone-soft-anti-affinity: {{ .Values.defaultSettings.replicaZoneSoftAntiAffinity }}
+    node-down-pod-deletion-policy: {{ .Values.defaultSettings.nodeDownPodDeletionPolicy }}
+    allow-node-drain-with-last-healthy-replica: {{ .Values.defaultSettings.allowNodeDrainWithLastHealthyReplica }}
+    mkfs-ext4-parameters: {{ .Values.defaultSettings.mkfsExt4Parameters }}
+    disable-replica-rebuild: {{ .Values.defaultSettings.disableReplicaRebuild }}
+    replica-replenishment-wait-interval: {{ .Values.defaultSettings.replicaReplenishmentWaitInterval }}
+    disable-revision-counter: {{ .Values.defaultSettings.disableRevisionCounter }}
+    system-managed-pods-image-pull-policy: {{ .Values.defaultSettings.systemManagedPodsImagePullPolicy }}
+    allow-volume-creation-with-degraded-availability: {{ .Values.defaultSettings.allowVolumeCreationWithDegradedAvailability }}
+    auto-cleanup-system-generated-snapshot: {{ .Values.defaultSettings.autoCleanupSystemGeneratedSnapshot }}
+    concurrent-automatic-engine-upgrade-per-node-limit: {{ .Values.defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit }}
+    backing-image-cleanup-wait-interval: {{ .Values.defaultSettings.backingImageCleanupWaitInterval }}
+    guaranteed-engine-manager-cpu: {{ .Values.defaultSettings.guaranteedEngineManagerCPU }}
+    guaranteed-replica-manager-cpu: {{ .Values.defaultSettings.guaranteedReplicaManagerCPU }}
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/deployment-driver.yaml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/deployment-driver.yaml
new file mode 100644
index 000000000..fb0390a6b
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/deployment-driver.yaml
@@ -0,0 +1,104 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: longhorn-driver-deployer
+  namespace: {{ include "release_namespace" . }}
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: longhorn-driver-deployer
+  template:
+    metadata:
+      labels: {{- include "longhorn.labels" . | nindent 8 }}
+        app: longhorn-driver-deployer
+    spec:
+      initContainers:
+        - name: wait-longhorn-manager
+          image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+          command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done']
+      containers:
+        - name: longhorn-driver-deployer
+          image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+          imagePullPolicy: IfNotPresent
+          command:
+          - longhorn-manager
+          - -d
+          - deploy-driver
+          - --manager-image
+          - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}"
+          - --manager-url
+          - http://longhorn-backend:9500/v1
+          env:
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: NODE_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.nodeName
+          - name: SERVICE_ACCOUNT
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.serviceAccountName
+          {{- if .Values.csi.kubeletRootDir }}
+          - name: KUBELET_ROOT_DIR
+            value: {{ .Values.csi.kubeletRootDir }}
+          {{- end }}
+          {{- if and .Values.image.csi.attacher.repository .Values.image.csi.attacher.tag }}
+          - name: CSI_ATTACHER_IMAGE
+            value: "{{ template "registry_url" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}"
+          {{- end }}
+          {{- if and .Values.image.csi.provisioner.repository .Values.image.csi.provisioner.tag }}
+          - name: CSI_PROVISIONER_IMAGE
+            value: "{{ template "registry_url" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}"
+          {{- end }}
+          {{- if and .Values.image.csi.nodeDriverRegistrar.repository .Values.image.csi.nodeDriverRegistrar.tag }}
+          - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE
+            value: "{{ template "registry_url" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}"
+          {{- end }}
+          {{- if and .Values.image.csi.resizer.repository .Values.image.csi.resizer.tag }}
+          - name: CSI_RESIZER_IMAGE
+            value: "{{ template "registry_url" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}"
+          {{- end }}
+          {{- if and .Values.image.csi.snapshotter.repository .Values.image.csi.snapshotter.tag }}
+          - name: CSI_SNAPSHOTTER_IMAGE
+            value: "{{ template "registry_url" . }}{{ .Values.image.csi.snapshotter.repository }}:{{ .Values.image.csi.snapshotter.tag }}"
+          {{- end }}
+          {{- if .Values.csi.attacherReplicaCount }}
+          - name: CSI_ATTACHER_REPLICA_COUNT
+            value: {{ .Values.csi.attacherReplicaCount | quote }}
+          {{- end }}
+          {{- if .Values.csi.provisionerReplicaCount }}
+          - name: CSI_PROVISIONER_REPLICA_COUNT
+            value: {{ .Values.csi.provisionerReplicaCount | quote }}
+          {{- end }}
+          {{- if .Values.csi.resizerReplicaCount }}
+          - name: CSI_RESIZER_REPLICA_COUNT
+            value: {{ .Values.csi.resizerReplicaCount | quote }}
+          {{- end }}
+          {{- if .Values.csi.snapshotterReplicaCount }}
+          - name: CSI_SNAPSHOTTER_REPLICA_COUNT
+            value: {{ .Values.csi.snapshotterReplicaCount | quote }}
+          {{- end }}
+
+      {{- if .Values.privateRegistry.registrySecret }}
+      imagePullSecrets:
+      - name: {{ .Values.privateRegistry.registrySecret }}
+      {{- end }}
+      {{- if .Values.longhornDriver.priorityClass }}
+      priorityClassName: {{ .Values.longhornDriver.priorityClass | quote}}
+      {{- end }}
+      {{- if .Values.longhornDriver.tolerations }}
+      tolerations:
+{{ toYaml .Values.longhornDriver.tolerations | indent 6 }}
+      {{- end }}
+      {{- if .Values.longhornDriver.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.longhornDriver.nodeSelector | indent 8 }}
+      {{- end }}
+      serviceAccountName: longhorn-service-account
+      securityContext:
+        runAsUser: 0
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/deployment-ui.yaml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/deployment-ui.yaml
new file mode 100644
index 000000000..e46a84213
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/deployment-ui.yaml
@@ -0,0 +1,72 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+    app: longhorn-ui
+  name: longhorn-ui
+  namespace: {{ include "release_namespace" . }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: longhorn-ui
+  template:
+    metadata:
+      labels: {{- include "longhorn.labels" . | nindent 8 }}
+        app: longhorn-ui
+    spec:
+      containers:
+      - name: longhorn-ui
+        image: {{ template "registry_url" . }}{{ .Values.image.longhorn.ui.repository }}:{{ .Values.image.longhorn.ui.tag }}
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          runAsUser: 0
+        ports:
+        - containerPort: 8000
+          name: http
+        env:
+          - name: LONGHORN_MANAGER_IP
+            value: "http://longhorn-backend:9500"
+      {{- if .Values.privateRegistry.registrySecret }}
+      imagePullSecrets:
+      - name: {{ .Values.privateRegistry.registrySecret }}
+      {{- end }}
+      {{- if .Values.longhornUI.priorityClass }}
+      priorityClassName: {{ .Values.longhornUI.priorityClass | quote}}
+      {{- end }}
+      {{- if .Values.longhornUI.tolerations }}
+      tolerations:
+{{ toYaml .Values.longhornManager.tolerations | indent 6 }}
+      {{- end }}
+      {{- if .Values.longhornUI.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }}
+      {{- end }}
+---
+kind: Service
+apiVersion: v1
+metadata:
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+    app: longhorn-ui
+    {{- if eq .Values.service.ui.type "Rancher-Proxy" }}
+    kubernetes.io/cluster-service: "true"
+    {{- end }}
+  name: longhorn-frontend
+  namespace: {{ include "release_namespace" . }}
+spec:
+  {{- if eq .Values.service.ui.type "Rancher-Proxy" }}
+  type: ClusterIP
+  {{- else }}
+  type: {{ .Values.service.ui.type }}
+  {{- end }}
+  selector:
+    app: longhorn-ui
+  ports:
+  - name: http
+    port: 80
+    targetPort: http
+    {{- if .Values.service.ui.nodePort }}
+    nodePort: {{ .Values.service.ui.nodePort }}
+    {{- else }}
+    nodePort: null
+    {{- end }}
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/ingress.yaml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/ingress.yaml
new file mode 100644
index 000000000..13555f814
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/ingress.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: longhorn-ingress
+  namespace: {{ include "release_namespace" . }}
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+    app: longhorn-ingress
+  annotations:
+    {{- if .Values.ingress.tls }}
+    ingress.kubernetes.io/secure-backends: "true"
+    {{- end }}
+    {{- range $key, $value := .Values.ingress.annotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+  {{- if .Values.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.ingress.ingressClassName }}
+  {{- end }}
+  rules:
+  - host: {{ .Values.ingress.host }}
+    http:
+      paths:
+        - path: {{ default "" .Values.ingress.path }}
+          backend:
+            serviceName: longhorn-frontend
+            servicePort: 80
+{{- if .Values.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.ingress.host }}
+    secretName: {{ .Values.ingress.tlsSecret }}
+{{- end }}
+{{- end }}
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/postupgrade-job.yaml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/postupgrade-job.yaml
new file mode 100644
index 000000000..4af75e236
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/postupgrade-job.yaml
@@ -0,0 +1,48 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  annotations:
+    "helm.sh/hook": post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+  name: longhorn-post-upgrade
+  namespace: {{ include "release_namespace" . }}
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+spec:
+  activeDeadlineSeconds: 900
+  backoffLimit: 1
+  template:
+    metadata:
+      name: longhorn-post-upgrade
+      labels: {{- include "longhorn.labels" . | nindent 8 }}
+    spec:
+      containers:
+      - name: longhorn-post-upgrade
+        image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          privileged: true
+        command:
+        - longhorn-manager
+        - post-upgrade
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+      restartPolicy: OnFailure
+      {{- if .Values.privateRegistry.registrySecret }}
+      imagePullSecrets:
+      - name: {{ .Values.privateRegistry.registrySecret }}
+      {{- end }}
+      {{- if .Values.longhornManager.priorityClass }}
+      priorityClassName: {{ .Values.longhornManager.priorityClass | quote}}
+      {{- end }}
+      serviceAccountName: longhorn-service-account
+      {{- if .Values.longhornManager.tolerations }}
+      tolerations:
+{{ toYaml .Values.longhornManager.tolerations | indent 6 }}
+      {{- end }}
+      {{- if .Values.longhornManager.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }}
+      {{- end }}
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/psp.yaml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/psp.yaml
new file mode 100644
index 000000000..a2dfc05be
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/psp.yaml
@@ -0,0 +1,66 @@
+{{- if .Values.enablePSP }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: longhorn-psp
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+spec:
+  privileged: true
+  allowPrivilegeEscalation: true
+  requiredDropCapabilities:
+  - NET_RAW
+  allowedCapabilities:
+  - SYS_ADMIN
+  hostNetwork: false
+  hostIPC: false
+  hostPID: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  fsGroup:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+  - configMap
+  - downwardAPI
+  - emptyDir
+  - secret
+  - projected
+  - hostPath
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: longhorn-psp-role
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+  namespace: {{ include "release_namespace" . }}
+rules:
+- apiGroups:
+  - policy
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+  resourceNames:
+  - longhorn-psp
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: longhorn-psp-binding
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+  namespace: {{ include "release_namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: longhorn-psp-role
+subjects:
+- kind: ServiceAccount
+  name: longhorn-service-account
+  namespace: {{ include "release_namespace" . }}
+- kind: ServiceAccount
+  name: default
+  namespace: {{ include "release_namespace" . }}
+{{- end }}
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/registry-secret.yml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/registry-secret.yml
new file mode 100644
index 000000000..1c7565fea
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/registry-secret.yml
@@ -0,0 +1,11 @@
+{{- if .Values.privateRegistry.registrySecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.privateRegistry.registrySecret }}
+  namespace: {{ include "release_namespace" . }}
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "secret" . }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/serviceaccount.yaml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/serviceaccount.yaml
new file mode 100644
index 000000000..ad576c353
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/serviceaccount.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: longhorn-service-account
+  namespace: {{ include "release_namespace" . }}
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/storageclass.yaml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/storageclass.yaml
new file mode 100644
index 000000000..dea6aafd4
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/storageclass.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: longhorn-storageclass
+  namespace: {{ include "release_namespace" . }}
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+data:
+  storageclass.yaml: |
+    kind: StorageClass
+    apiVersion: storage.k8s.io/v1
+    metadata:
+      name: longhorn
+      annotations:
+        storageclass.kubernetes.io/is-default-class: {{ .Values.persistence.defaultClass | quote }}
+    provisioner: driver.longhorn.io
+    allowVolumeExpansion: true
+    reclaimPolicy: "{{ .Values.persistence.reclaimPolicy }}"
+    volumeBindingMode: Immediate
+    parameters:
+      numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}"
+      staleReplicaTimeout: "30"
+      fromBackup: ""
+      baseImage: ""
+      {{- if .Values.persistence.recurringJobs.enable }}
+      recurringJobs: '{{ .Values.persistence.recurringJobs.jobList }}'
+      {{- end }}
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/tls-secrets.yaml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/tls-secrets.yaml
new file mode 100644
index 000000000..74c43426d
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/tls-secrets.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ include "release_namespace" $ }}
+  labels: {{- include "longhorn.labels" $ | nindent 4 }}
+    app: longhorn
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ .certificate | b64enc }}
+  tls.key: {{ .key | b64enc }}
+---
+{{- end }}
+{{- end }}
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/uninstall-job.yaml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/uninstall-job.yaml
new file mode 100644
index 000000000..5f21b1024
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/uninstall-job.yaml
@@ -0,0 +1,49 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-delete-policy": hook-succeeded
+  name: longhorn-uninstall
+  namespace: {{ include "release_namespace" . }}
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+spec:
+  activeDeadlineSeconds: 900
+  backoffLimit: 1
+  template:
+    metadata:
+      name: longhorn-uninstall
+      labels: {{- include "longhorn.labels" . | nindent 8 }}
+    spec:
+      containers:
+      - name: longhorn-uninstall
+        image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          privileged: true
+        command:
+        - longhorn-manager
+        - uninstall
+        - --force
+        env:
+        - name: LONGHORN_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+      restartPolicy: OnFailure
+      {{- if .Values.privateRegistry.registrySecret }}
+      imagePullSecrets:
+      - name: {{ .Values.privateRegistry.registrySecret }}
+      {{- end }}
+      {{- if .Values.longhornManager.priorityClass }}
+      priorityClassName: {{ .Values.longhornManager.priorityClass | quote}}
+      {{- end }}
+      serviceAccountName: longhorn-service-account
+      {{- if .Values.longhornManager.tolerations }}
+      tolerations:
+{{ toYaml .Values.longhornManager.tolerations | indent 6 }}
+      {{- end }}
+      {{- if .Values.longhornManager.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }}
+      {{- end }}
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/userroles.yaml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/userroles.yaml
new file mode 100644
index 000000000..00dda116a
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/userroles.yaml
@@ -0,0 +1,38 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: "longhorn-admin"
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+  - apiGroups: [ "longhorn.io" ]
+    resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
+                "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
+                "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status"]
+    verbs: [ "*" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: "longhorn-edit"
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+rules:
+  - apiGroups: [ "longhorn.io" ]
+    resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
+                "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
+                "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status"]
+    verbs: [ "*" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: "longhorn-view"
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+rules:
+  - apiGroups: [ "longhorn.io" ]
+    resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
+                "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
+                "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status"]
+    verbs: [ "get", "list", "watch" ]
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/validate-install-crd.yaml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..f93413640
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/templates/validate-install-crd.yaml
@@ -0,0 +1,23 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "longhorn.io/v1beta1/Engine" false -}}
+# {{- set $found "longhorn.io/v1beta1/Replica" false -}}
+# {{- set $found "longhorn.io/v1beta1/Setting" false -}}
+# {{- set $found "longhorn.io/v1beta1/Volume" false -}}
+# {{- set $found "longhorn.io/v1beta1/EngineImage" false -}}
+# {{- set $found "longhorn.io/v1beta1/Node" false -}}
+# {{- set $found "longhorn.io/v1beta1/InstanceManager" false -}}
+# {{- set $found "longhorn.io/v1beta1/ShareManager" false -}}
+# {{- set $found "longhorn.io/v1beta1/BackingImage" false -}}
+# {{- set $found "longhorn.io/v1beta1/BackingImageManager" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/values.yaml b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/values.yaml
new file mode 100644
index 000000000..1d2e75890
--- /dev/null
+++ b/charts/longhorn-1.1/longhorn/100.0.0+up1.1.2/values.yaml
@@ -0,0 +1,218 @@
+# Default values for longhorn.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+image:
+  longhorn:
+    engine:
+      repository: rancher/mirrored-longhornio-longhorn-engine
+      tag: v1.1.2
+    manager:
+      repository: rancher/mirrored-longhornio-longhorn-manager
+      tag: v1.1.2
+    ui:
+      repository: rancher/mirrored-longhornio-longhorn-ui
+      tag: v1.1.2
+    instanceManager:
+      repository: rancher/mirrored-longhornio-longhorn-instance-manager
+      tag: v1_20210621
+    shareManager:
+      repository: rancher/mirrored-longhornio-longhorn-share-manager
+      tag: v1_20210416
+    backingImageManager:
+      repository: rancher/mirrored-longhornio-backing-image-manager
+      tag: v1_20210422
+  csi:
+    attacher:
+      repository: rancher/mirrored-longhornio-csi-attacher
+      tag: v2.2.1-lh2
+    provisioner:
+      repository: rancher/mirrored-longhornio-csi-provisioner
+      tag: v1.6.0-lh2
+    nodeDriverRegistrar:
+      repository: rancher/mirrored-longhornio-csi-node-driver-registrar
+      tag: v1.2.0-lh1
+    resizer:
+      repository: rancher/mirrored-longhornio-csi-resizer
+      tag: v0.5.1-lh2
+    snapshotter:
+      repository: rancher/mirrored-longhornio-csi-snapshotter
+      tag: v2.1.1-lh2
+  pullPolicy: IfNotPresent
+
+service:
+  ui:
+    type: ClusterIP
+    nodePort: null
+  manager:
+    type: ClusterIP
+    nodePort: ""
+
+persistence:
+  defaultClass: true
+  defaultClassReplicaCount: 3
+  reclaimPolicy: Delete
+  recurringJobs:
+    enable: false
+    jobList: []
+
+csi:
+  kubeletRootDir: ~
+  attacherReplicaCount: ~
+  provisionerReplicaCount: ~
+  resizerReplicaCount: ~
+  snapshotterReplicaCount: ~
+
+defaultSettings:
+  backupTarget: ~
+  backupTargetCredentialSecret: ~
+  allowRecurringJobWhileVolumeDetached: ~
+  createDefaultDiskLabeledNodes: ~
+  defaultDataPath: ~
+  defaultDataLocality: ~
+  replicaSoftAntiAffinity: ~
+  storageOverProvisioningPercentage: ~
+  storageMinimalAvailablePercentage: ~
+  upgradeChecker: ~
+  defaultReplicaCount: ~
+  defaultLonghornStaticStorageClass: ~
+  backupstorePollInterval: ~
+  taintToleration: ~
+  systemManagedComponentsNodeSelector: ~
+  priorityClass: ~
+  autoSalvage: ~
+  autoDeletePodWhenVolumeDetachedUnexpectedly: ~
+  disableSchedulingOnCordonedNode: ~
+  replicaZoneSoftAntiAffinity: ~
+  nodeDownPodDeletionPolicy: ~
+  allowNodeDrainWithLastHealthyReplica: ~
+  mkfsExt4Parameters: ~
+  disableReplicaRebuild: ~
+  replicaReplenishmentWaitInterval: ~
+  disableRevisionCounter: ~
+  systemManagedPodsImagePullPolicy: ~
+  allowVolumeCreationWithDegradedAvailability: ~
+  autoCleanupSystemGeneratedSnapshot: ~
+  concurrentAutomaticEngineUpgradePerNodeLimit: ~
+  backingImageCleanupWaitInterval: ~
+  guaranteedEngineManagerCPU: ~
+  guaranteedReplicaManagerCPU: ~
+privateRegistry:
+  registryUrl: ~
+  registryUser: ~
+  registryPasswd: ~
+  registrySecret: ~
+
+longhornManager:
+  priorityClass: ~
+  tolerations: []
+  ## If you want to set tolerations for Longhorn Manager DaemonSet, delete the `[]` in the line above
+  ## and uncomment this example block
+  # - key: "key"
+  #   operator: "Equal"
+  #   value: "value"
+  #   effect: "NoSchedule"
+  nodeSelector: {}
+  ## If you want to set node selector for Longhorn Manager DaemonSet, delete the `{}` in the line above
+  ## and uncomment this example block
+  #  label-key1: "label-value1"
+  #  label-key2: "label-value2"
+
+longhornDriver:
+  priorityClass: ~
+  tolerations: []
+  ## If you want to set tolerations for Longhorn Driver Deployer Deployment, delete the `[]` in the line above
+  ## and uncomment this example block
+  # - key: "key"
+  #   operator: "Equal"
+  #   value: "value"
+  #   effect: "NoSchedule"
+  nodeSelector: {}
+  ## If you want to set node selector for Longhorn Driver Deployer Deployment, delete the `{}` in the line above
+  ## and uncomment this example block
+  #  label-key1: "label-value1"
+  #  label-key2: "label-value2"
+
+longhornUI:
+  priorityClass: ~
+  tolerations: []
+  ## If you want to set tolerations for Longhorn UI Deployment, delete the `[]` in the line above
+  ## and uncomment this example block
+  # - key: "key"
+  #   operator: "Equal"
+  #   value: "value"
+  #   effect: "NoSchedule"
+  nodeSelector: {}
+  ## If you want to set node selector for Longhorn UI Deployment, delete the `{}` in the line above
+  ## and uncomment this example block
+  #  label-key1: "label-value1"
+  #  label-key2: "label-value2"
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+  #
+
+ingress:
+  ## Set to true to enable ingress record generation
+  enabled: false
+
+  ## Add ingressClassName to the Ingress
+  ## Can replace the kubernetes.io/ingress.class annotation on v1.18+
+  ingressClassName: ~
+
+  host: xip.io
+
+  ## Set this to true in order to enable TLS on the ingress record
+  ## A side effect of this will be that the backend service will be connected at port 443
+  tls: false
+
+  ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS
+  tlsSecret: longhorn.local-tls
+
+  ## Ingress annotations done as key:value pairs
+  ## If you're using kube-lego, you will want to add:
+  ## kubernetes.io/tls-acme: true
+  ##
+  ## For a full list of possible ingress annotations, please see
+  ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md
+  ##
+  ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
+  annotations:
+  #  kubernetes.io/ingress.class: nginx
+  #  kubernetes.io/tls-acme: true
+
+  secrets:
+  ## If you're providing your own certificates, please use this to add the certificates as secrets
+  ## key and certificate should start with -----BEGIN CERTIFICATE----- or
+  ## -----BEGIN RSA PRIVATE KEY-----
+  ##
+  ## name should line up with a tlsSecret set further up
+  ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set
+  ##
+  ## It is also possible to create and manage the certificates outside of this helm chart
+  ## Please see README.md for more information
+  # - name: longhorn.local-tls
+  #   key:
+  #   certificate:
+
+# Configure a pod security policy in the Longhorn namespace to allow privileged pods
+enablePSP: true
+
+## Specify override namespace, specifically this is useful for using longhorn as sub-chart
+## and its release namespace is not the `longhorn-system`
+namespaceOverride: ""
+
+# Annotations to add to the Longhorn Manager DaemonSet Pods. Optional.
+annotations: {}
diff --git a/charts/longhorn-1.2/longhorn-crd/100.1.0+up1.2.2/Chart.yaml b/charts/longhorn-1.2/longhorn-crd/100.1.0+up1.2.2/Chart.yaml
new file mode 100644
index 000000000..7d34f046a
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn-crd/100.1.0+up1.2.2/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: longhorn-system
+  catalog.cattle.io/release-name: longhorn-crd
+apiVersion: v1
+description: Installs the CRDs for longhorn.
+name: longhorn-crd
+type: application
+version: 100.1.0+up1.2.2
diff --git a/charts/longhorn-1.2/longhorn-crd/100.1.0+up1.2.2/README.md b/charts/longhorn-1.2/longhorn-crd/100.1.0+up1.2.2/README.md
new file mode 100644
index 000000000..d9f7f14b3
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn-crd/100.1.0+up1.2.2/README.md
@@ -0,0 +1,2 @@
+# longhorn-crd
+A Rancher chart that installs the CRDs used by longhorn.
diff --git a/charts/longhorn-1.2/longhorn-crd/100.1.0+up1.2.2/templates/crds.yaml b/charts/longhorn-1.2/longhorn-crd/100.1.0+up1.2.2/templates/crds.yaml
new file mode 100644
index 000000000..427a39723
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn-crd/100.1.0+up1.2.2/templates/crds.yaml
@@ -0,0 +1,832 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.2.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.2.0
+    longhorn-manager: Engine
+  name: engines.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: Engine
+    listKind: EngineList
+    plural: engines
+    shortNames:
+    - lhe
+    singular: engine
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: State
+      type: string
+      description: The current state of the engine
+      jsonPath: .status.currentState
+    - name: Node
+      type: string
+      description: The node that the engine is on
+      jsonPath: .spec.nodeID
+    - name: InstanceManager
+      type: string
+      description: The instance manager of the engine
+      jsonPath: .status.instanceManagerName
+    - name: Image
+      type: string
+      description: The current image of the engine
+      jsonPath: .status.currentImage
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.2.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.2.0
+    longhorn-manager: Replica
+  name: replicas.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: Replica
+    listKind: ReplicaList
+    plural: replicas
+    shortNames:
+    - lhr
+    singular: replica
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: State
+      type: string
+      description: The current state of the replica
+      jsonPath: .status.currentState
+    - name: Node
+      type: string
+      description: The node that the replica is on
+      jsonPath: .spec.nodeID
+    - name: Disk
+      type: string
+      description: The disk that the replica is on
+      jsonPath: .spec.diskID
+    - name: InstanceManager
+      type: string
+      description: The instance manager of the replica
+      jsonPath: .status.instanceManagerName
+    - name: Image
+      type: string
+      description: The current image of the replica
+      jsonPath: .status.currentImage
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.2.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.2.0
+    longhorn-manager: Setting
+  name: settings.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: Setting
+    listKind: SettingList
+    plural: settings
+    shortNames:
+    - lhs
+    singular: setting
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        x-kubernetes-preserve-unknown-fields: true
+    additionalPrinterColumns:
+    - name: Value
+      type: string
+      description: The value of the setting
+      jsonPath: .value
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.2.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.2.0
+    longhorn-manager: Volume
+  name: volumes.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: Volume
+    listKind: VolumeList
+    plural: volumes
+    shortNames:
+    - lhv
+    singular: volume
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: State
+      type: string
+      description: The state of the volume
+      jsonPath: .status.state
+    - name: Robustness
+      type: string
+      description: The robustness of the volume
+      jsonPath: .status.robustness
+    - name: Scheduled
+      type: string
+      description: The scheduled condition of the volume
+      jsonPath: .status.conditions['scheduled']['status']
+    - name: Size
+      type: string
+      description: The size of the volume
+      jsonPath: .spec.size
+    - name: Node
+      type: string
+      description: The node that the volume is currently attaching to
+      jsonPath: .status.currentNodeID
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.2.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.2.0
+    longhorn-manager: EngineImage
+  name: engineimages.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: EngineImage
+    listKind: EngineImageList
+    plural: engineimages
+    shortNames:
+    - lhei
+    singular: engineimage
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: State
+      type: string
+      description: State of the engine image
+      jsonPath: .status.state
+    - name: Image
+      type: string
+      description: The Longhorn engine image
+      jsonPath: .spec.image
+    - name: RefCount
+      type: integer
+      description: Number of volumes are using the engine image
+      jsonPath: .status.refCount
+    - name: BuildDate
+      type: date
+      description: The build date of the engine image
+      jsonPath: .status.buildDate
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.2.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.2.0
+    longhorn-manager: Node
+  name: nodes.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: Node
+    listKind: NodeList
+    plural: nodes
+    shortNames:
+    - lhn
+    singular: node
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: Ready
+      type: string
+      description: Indicate whether the node is ready
+      jsonPath: .status.conditions['Ready']['status']
+    - name: AllowScheduling
+      type: boolean
+      description: Indicate whether the user disabled/enabled replica scheduling for the node
+      jsonPath: .spec.allowScheduling
+    - name: Schedulable
+      type: string
+      description: Indicate whether Longhorn can schedule replicas on the node
+      jsonPath: .status.conditions['Schedulable']['status']
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.2.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.2.0
+    longhorn-manager: InstanceManager
+  name: instancemanagers.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: InstanceManager
+    listKind: InstanceManagerList
+    plural: instancemanagers
+    shortNames:
+    - lhim
+    singular: instancemanager
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: State
+      type: string
+      description: The state of the instance manager
+      jsonPath: .status.currentState
+    - name: Type
+      type: string
+      description: The type of the instance manager (engine or replica)
+      jsonPath: .spec.type
+    - name: Node
+      type: string
+      description: The node that the instance manager is running on
+      jsonPath: .spec.nodeID
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.2.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.2.0
+    longhorn-manager: ShareManager
+  name: sharemanagers.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: ShareManager
+    listKind: ShareManagerList
+    plural: sharemanagers
+    shortNames:
+    - lhsm
+    singular: sharemanager
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: State
+      type: string
+      description: The state of the share manager
+      jsonPath: .status.state
+    - name: Node
+      type: string
+      description: The node that the share manager is owned by
+      jsonPath: .status.ownerID
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.2.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.2.0
+    longhorn-manager: BackingImage
+  name: backingimages.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: BackingImage
+    listKind: BackingImageList
+    plural: backingimages
+    shortNames:
+    - lhbi
+    singular: backingimage
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: Image
+      type: string
+      description: The backing image name
+      jsonPath: .spec.image
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.2.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.2.0
+    longhorn-manager: BackingImageManager
+  name: backingimagemanagers.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: BackingImageManager
+    listKind: BackingImageManagerList
+    plural: backingimagemanagers
+    shortNames:
+    - lhbim
+    singular: backingimagemanager
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: State
+      type: string
+      description: The current state of the manager
+      jsonPath: .status.currentState
+    - name: Image
+      type: string
+      description: The image the manager pod will use
+      jsonPath: .spec.image
+    - name: Node
+      type: string
+      description: The node the manager is on
+      jsonPath: .spec.nodeID
+    - name: DiskUUID
+      type: string
+      description: The disk the manager is responsible for
+      jsonPath: .spec.diskUUID
+    - name: DiskPath
+      type: string
+      description: The disk path the manager is using
+      jsonPath: .spec.diskPath
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.2.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.2.0
+    longhorn-manager: BackingImageDataSource
+  name: backingimagedatasources.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: BackingImageDataSource
+    listKind: BackingImageDataSourceList
+    plural: backingimagedatasources
+    shortNames:
+    - lhbids
+    singular: backingimagedatasource
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: State
+      type: string
+      description: The current state of the pod used to provisione the backing image file from source
+      jsonPath: .status.currentState
+    - name: SourceType
+      type: string
+      description: The data source type
+      jsonPath: .spec.sourceType
+    - name: Node
+      type: string
+      description: The node the backing image file will be prepared on
+      jsonPath: .spec.nodeID
+    - name: DiskUUID
+      type: string
+      description: The disk the backing image file will be prepared on
+      jsonPath: .spec.diskUUID
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.2.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.2.0
+    longhorn-manager: BackupTarget
+  name: backuptargets.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: BackupTarget
+    listKind: BackupTargetList
+    plural: backuptargets
+    shortNames:
+    - lhbt
+    singular: backuptarget
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: URL
+      type: string
+      description: The backup target URL
+      jsonPath: .spec.backupTargetURL
+    - name: Credential
+      type: string
+      description: The backup target credential secret
+      jsonPath: .spec.credentialSecret
+    - name: Interval
+      type: string
+      description: The backup target poll interval
+      jsonPath: .spec.pollInterval
+    - name: Available
+      type: boolean
+      description: Indicate whether the backup target is available or not
+      jsonPath: .status.available
+    - name: LastSyncedAt
+      type: string
+      description: The backup target last synced time
+      jsonPath: .status.lastSyncedAt
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.2.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.2.0
+    longhorn-manager: BackupVolume
+  name: backupvolumes.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: BackupVolume
+    listKind: BackupVolumeList
+    plural: backupvolumes
+    shortNames:
+    - lhbv
+    singular: backupvolume
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: CreatedAt
+      type: string
+      description: The backup volume creation time
+      jsonPath: .status.createdAt
+    - name: LastBackupName
+      type: string
+      description: The backup volume last backup name
+      jsonPath: .status.lastBackupName
+    - name: LastBackupAt
+      type: string
+      description: The backup volume last backup time
+      jsonPath: .status.lastBackupAt
+    - name: LastSyncedAt
+      type: string
+      description: The backup volume last synced time
+      jsonPath: .status.lastSyncedAt
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.2.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.2.0
+    longhorn-manager: Backup
+  name: backups.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: Backup
+    listKind: BackupList
+    plural: backups
+    shortNames:
+    - lhb
+    singular: backup
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: SnapshotName
+      type: string
+      description: The snapshot name
+      jsonPath: .status.snapshotName
+    - name: SnapshotSize
+      type: string
+      description: The snapshot size
+      jsonPath: .status.size
+    - name: SnapshotCreatedAt
+      type: string
+      description: The snapshot creation time
+      jsonPath: .status.snapshotCreatedAt
+    - name: State
+      type: string
+      description: The backup state
+      jsonPath: .status.state
+    - name: LastSyncedAt
+      type: string
+      description: The backup last synced time
+      jsonPath: .status.lastSyncedAt
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/name: longhorn
+    helm.sh/chart: longhorn-1.2.0
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: longhorn
+    app.kubernetes.io/version: v1.2.0
+    longhorn-manager: RecurringJob
+  name: recurringjobs.longhorn.io
+spec:
+  group: longhorn.io
+  names:
+    kind: RecurringJob
+    listKind: RecurringJobList
+    plural: recurringjobs
+    shortNames:
+    - lhrj
+    singular: recurringjob
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          metadata:
+            type: object
+            properties:
+              name:
+                type: string
+          spec:
+            type: object
+            properties:
+              groups:
+                type: array
+                items:
+                  type: string
+              task:
+                type: string
+                pattern: "^snapshot|backup$"
+              cron:
+                type: string
+              retain:
+                type: integer
+              concurrency:
+                type: integer
+              labels:
+                x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+    additionalPrinterColumns:
+    - name: Groups
+      type: string
+      description: Sets groupings to the jobs. When set to "default" group will be added to the volume label when no other job label exist in volume.
+      jsonPath: .spec.groups
+    - name: Task
+      type: string
+      description: Should be one of "backup" or "snapshot".
+      jsonPath: .spec.task
+    - name: Cron
+      type: string
+      description: The cron expression represents recurring job scheduling.
+      jsonPath: .spec.cron
+    - name: Retain
+      type: integer
+      description: The number of snapshots/backups to keep for the volume.
+      jsonPath: .spec.retain
+    - name: Concurrency
+      type: integer
+      description: The concurrent job to run by each cron job.
+      jsonPath: .spec.concurrency
+    - name: Age
+      type: date
+      jsonPath: .metadata.creationTimestamp
+    - name: Labels
+      type: string
+      description: Specify the labels
+      jsonPath: .spec.labels
\ No newline at end of file
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/.helmignore b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/.helmignore
new file mode 100644
index 000000000..f0c131944
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/Chart.yaml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/Chart.yaml
new file mode 100644
index 000000000..4f37ce1f5
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/Chart.yaml
@@ -0,0 +1,39 @@
+annotations:
+  catalog.cattle.io/auto-install: longhorn-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Longhorn
+  catalog.cattle.io/namespace: longhorn-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: longhorn.io/v1beta1
+  catalog.cattle.io/rancher-version: '>= 2.6.0-0'
+  catalog.cattle.io/release-name: longhorn
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/ui-component: longhorn
+apiVersion: v1
+appVersion: v1.2.2
+description: Longhorn is a distributed block storage system for Kubernetes.
+home: https://github.com/longhorn/longhorn
+icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.png
+keywords:
+- longhorn
+- storage
+- distributed
+- block
+- device
+- iscsi
+- nfs
+kubeVersion: '>=1.18.0-0'
+maintainers:
+- email: maintainers@longhorn.io
+  name: Longhorn maintainers
+name: longhorn
+sources:
+- https://github.com/longhorn/longhorn
+- https://github.com/longhorn/longhorn-engine
+- https://github.com/longhorn/longhorn-instance-manager
+- https://github.com/longhorn/longhorn-share-manager
+- https://github.com/longhorn/longhorn-manager
+- https://github.com/longhorn/longhorn-ui
+- https://github.com/longhorn/longhorn-tests
+- https://github.com/longhorn/backing-image-manager
+version: 100.1.0+up1.2.2
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/README.md b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/README.md
new file mode 100644
index 000000000..f6a605c8b
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/README.md
@@ -0,0 +1,33 @@
+# Longhorn Chart
+
+> **Important**: Please install the Longhorn chart in the `longhorn-system` namespace only.
+
+> **Warning**: Longhorn doesn't support downgrading from a higher version to a lower version.
+
+## Source Code
+
+Longhorn is 100% open source software. Project source code is spread across a number of repos:
+
+1. Longhorn Engine -- Core controller/replica logic https://github.com/longhorn/longhorn-engine
+2. Longhorn Instance Manager -- Controller/replica instance lifecycle management https://github.com/longhorn/longhorn-instance-manager
+3. Longhorn Share Manager -- NFS provisioner that exposes Longhorn volumes as ReadWriteMany volumes. https://github.com/longhorn/longhorn-share-manager
+4. Backing Image Manager -- Backing image file lifecycle management. https://github.com/longhorn/backing-image-manager
+5. Longhorn Manager -- Longhorn orchestration, includes CSI driver for Kubernetes https://github.com/longhorn/longhorn-manager
+6. Longhorn UI -- Dashboard https://github.com/longhorn/longhorn-ui
+
+## Prerequisites
+
+1. A container runtime compatible with Kubernetes (Docker v1.13+, containerd v1.3.7+, etc.)
+2. Kubernetes v1.18+
+3. Make sure `bash`, `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster.
+4. Make sure `open-iscsi` has been installed, and the `iscsid` daemon is running on all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already.
+
+## Uninstallation
+
+To prevent damage to the Kubernetes cluster, we recommend deleting all Kubernetes workloads using Longhorn volumes (PersistentVolume, PersistentVolumeClaim, StorageClass, Deployment, StatefulSet, DaemonSet, etc).
+
+From Rancher Cluster Explorer UI, navigate to Apps page, delete app `longhorn` then app `longhorn-crd` in Installed Apps tab.
+
+
+---
+Please see [link](https://github.com/longhorn/longhorn) for more information.
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/app-readme.md b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/app-readme.md
new file mode 100644
index 000000000..cb23135ca
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/app-readme.md
@@ -0,0 +1,11 @@
+# Longhorn
+
+Longhorn is a lightweight, reliable and easy to use distributed block storage system for Kubernetes. Once deployed, users can leverage persistent volumes provided by Longhorn.
+
+Longhorn creates a dedicated storage controller for each volume and synchronously replicates the volume across multiple replicas stored on multiple nodes. The storage controller and replicas are themselves orchestrated using Kubernetes. Longhorn supports snapshots, backups and even allows you to schedule recurring snapshots and backups!
+
+**Important**: Please install Longhorn chart in `longhorn-system` namespace only.
+
+**Warning**: Longhorn doesn't support downgrading from a higher version to a lower version.
+
+[Chart Documentation](https://github.com/longhorn/longhorn/blob/master/chart/README.md)
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/questions.yml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/questions.yml
new file mode 100644
index 000000000..655ed965f
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/questions.yml
@@ -0,0 +1,623 @@
+categories:
+- storage
+namespace: longhorn-system
+questions:
+- variable: image.defaultImage
+  default: "true"
+  description: "Use default Longhorn images"
+  label: Use Default Images
+  type: boolean
+  show_subquestion_if: false
+  group: "Longhorn Images"
+  subquestions:
+  - variable: image.longhorn.manager.repository
+    default: rancher/mirrored-longhornio-longhorn-manager
+    description: "Specify Longhorn Manager Image Repository"
+    type: string
+    label: Longhorn Manager Image Repository
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.manager.tag
+    default: v1.2.2
+    description: "Specify Longhorn Manager Image Tag"
+    type: string
+    label: Longhorn Manager Image Tag
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.engine.repository
+    default: rancher/mirrored-longhornio-longhorn-engine
+    description: "Specify Longhorn Engine Image Repository"
+    type: string
+    label: Longhorn Engine Image Repository
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.engine.tag
+    default: v1.2.2
+    description: "Specify Longhorn Engine Image Tag"
+    type: string
+    label: Longhorn Engine Image Tag
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.ui.repository
+    default:  rancher/mirrored-longhornio-longhorn-ui
+    description: "Specify Longhorn UI Image Repository"
+    type: string
+    label: Longhorn UI Image Repository
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.ui.tag
+    default: v1.2.2
+    description: "Specify Longhorn UI Image Tag"
+    type: string
+    label: Longhorn UI Image Tag
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.instanceManager.repository
+    default: rancher/mirrored-longhornio-longhorn-instance-manager
+    description: "Specify Longhorn Instance Manager Image Repository"
+    type: string
+    label: Longhorn Instance Manager Image Repository
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.instanceManager.tag
+    default: v1_20210731
+    description: "Specify Longhorn Instance Manager Image Tag"
+    type: string
+    label: Longhorn Instance Manager Image Tag
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.shareManager.repository
+    default: rancher/mirrored-longhornio-longhorn-share-manager
+    description: "Specify Longhorn Share Manager Image Repository"
+    type: string
+    label: Longhorn Share Manager Image Repository
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.shareManager.tag
+    default: v1_20210914
+    description: "Specify Longhorn Share Manager Image Tag"
+    type: string
+    label: Longhorn Share Manager Image Tag
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.backingImageManager.repository
+    default: rancher/mirrored-longhornio-backing-image-manager
+    description: "Specify Longhorn Backing Image Manager Image Repository"
+    type: string
+    label: Longhorn Backing Image Manager Image Repository
+    group: "Longhorn Images Settings"
+  - variable: image.longhorn.backingImageManager.tag
+    default: v2_20210820
+    description: "Specify Longhorn Backing Image Manager Image Tag"
+    type: string
+    label: Longhorn Backing Image Manager Image Tag
+    group: "Longhorn Images Settings"
+  - variable: image.csi.attacher.repository
+    default: rancher/mirrored-longhornio-csi-attacher
+    description: "Specify CSI attacher image repository. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Attacher Image Repository
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.attacher.tag
+    default: v3.2.1
+    description: "Specify CSI attacher image tag. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Attacher Image Tag
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.provisioner.repository
+    default: rancher/mirrored-longhornio-csi-provisioner
+    description: "Specify CSI provisioner image repository. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Provisioner Image Repository
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.provisioner.tag
+    default: v2.1.2
+    description: "Specify CSI provisioner image tag. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Provisioner Image Tag
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.nodeDriverRegistrar.repository
+    default: rancher/mirrored-longhornio-csi-node-driver-registrar
+    description: "Specify CSI Node Driver Registrar image repository. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Node Driver Registrar Image Repository
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.nodeDriverRegistrar.tag
+    default: v2.3.0
+    description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Node Driver Registrar Image Tag
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.resizer.repository
+    default: rancher/mirrored-longhornio-csi-resizer
+    description: "Specify CSI Driver Resizer image repository. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Driver Resizer Image Repository
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.resizer.tag
+    default: v1.2.0
+    description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Driver Resizer Image Tag
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.snapshotter.repository
+    default: rancher/mirrored-longhornio-csi-snapshotter
+    description: "Specify CSI Driver Snapshotter image repository. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Driver Snapshotter Image Repository
+    group: "Longhorn CSI Driver Images"
+  - variable: image.csi.snapshotter.tag
+    default: v3.0.3
+    description: "Specify CSI Driver Snapshotter image tag. Leave blank to autodetect."
+    type: string
+    label: Longhorn CSI Driver Snapshotter Image Tag
+    group: "Longhorn CSI Driver Images"
+- variable: privateRegistry.registryUrl
+  label: Private registry URL
+  description: "URL of private registry. Leave blank to apply system default registry."
+  group: "Private Registry Settings"
+  type: string
+  default: ""
+- variable: privateRegistry.registryUser
+  label: Private registry user
+  description: "User used to authenticate to private registry"
+  group: "Private Registry Settings"
+  type: string
+  default: ""
+- variable: privateRegistry.registryPasswd
+  label: Private registry password
+  description: "Password used to authenticate to private registry"
+  group: "Private Registry Settings"
+  type: password
+  default: ""
+- variable: privateRegistry.registrySecret
+  label: Private registry secret name
+  description: "Longhorn will automatically generate a Kubernetes secret with this name and use it to pull images from your private registry."
+  group: "Private Registry Settings"
+  type: string
+  default: ""
+- variable: longhorn.default_setting
+  default: "false"
+  description: "Customize the default settings before installing Longhorn for the first time. This option will only work if the cluster hasn't installed Longhorn."
+  label: "Customize Default Settings"
+  type: boolean
+  show_subquestion_if: true
+  group: "Longhorn Default Settings"
+  subquestions:
+  - variable: csi.kubeletRootDir
+    default:
+    description: "Specify kubelet root-dir. Leave blank to autodetect."
+    type: string
+    label: Kubelet Root Directory
+    group: "Longhorn CSI Driver Settings"
+  - variable: csi.attacherReplicaCount
+    type: int
+    default: 3
+    min: 1
+    max: 10
+    description: "Specify replica count of CSI Attacher. By default 3."
+    label: Longhorn CSI Attacher replica count
+    group: "Longhorn CSI Driver Settings"
+  - variable: csi.provisionerReplicaCount
+    type: int
+    default: 3
+    min: 1
+    max: 10
+    description: "Specify replica count of CSI Provisioner. By default 3."
+    label: Longhorn CSI Provisioner replica count
+    group: "Longhorn CSI Driver Settings"
+  - variable: csi.resizerReplicaCount
+    type: int
+    default: 3
+    min: 1
+    max: 10
+    description: "Specify replica count of CSI Resizer. By default 3."
+    label: Longhorn CSI Resizer replica count
+    group: "Longhorn CSI Driver Settings"
+  - variable: csi.snapshotterReplicaCount
+    type: int
+    default: 3
+    min: 1
+    max: 10
+    description: "Specify replica count of CSI Snapshotter. By default 3."
+    label: Longhorn CSI Snapshotter replica count
+    group: "Longhorn CSI Driver Settings"
+  - variable: defaultSettings.backupTarget
+    label: Backup Target
+    description: "The endpoint used to access the backupstore. NFS and S3 are supported."
+    group: "Longhorn Default Settings"
+    type: string
+    default:
+  - variable: defaultSettings.backupTargetCredentialSecret
+    label: Backup Target Credential Secret
+    description: "The name of the Kubernetes secret associated with the backup target."
+    group: "Longhorn Default Settings"
+    type: string
+    default:
+  - variable: defaultSettings.allowRecurringJobWhileVolumeDetached
+    label: Allow Recurring Job While Volume Is Detached
+    description: 'If this setting is enabled, Longhorn will automatically attaches the volume and takes snapshot/backup when it is the time to do recurring snapshot/backup.
+Note that the volume is not ready for workload during the period when the volume was automatically attached. Workload will have to wait until the recurring job finishes.'
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "false"
+  - variable: defaultSettings.createDefaultDiskLabeledNodes
+    label: Create Default Disk on Labeled Nodes
+    description: 'Create default Disk automatically only on Nodes with the label "node.longhorn.io/create-default-disk=true" if no other disks exist. If disabled, the default disk will be created on all new nodes when each node is first added.'
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "false"
+  - variable: defaultSettings.defaultDataPath
+    label: Default Data Path
+    description: 'Default path to use for storing data on a host. By default "/var/lib/longhorn/"'
+    group: "Longhorn Default Settings"
+    type: string
+    default: "/var/lib/longhorn/"
+  - variable: defaultSettings.defaultDataLocality
+    label: Default Data Locality
+    description: 'We say a Longhorn volume has data locality if there is a local replica of the volume on the same node as the pod which is using the volume.
+This setting specifies the default data locality when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `dataLocality` in the StorageClass
+The available modes are:
+- **disabled**. This is the default option. There may or may not be a replica on the same node as the attached volume (workload)
+- **best-effort**. This option instructs Longhorn to try to keep a replica on the same node as the attached volume (workload). Longhorn will not stop the volume, even if it cannot keep a replica local to the attached volume (workload) due to environment limitation, e.g. not enough disk space, incompatible disk tags, etc.'
+    group: "Longhorn Default Settings"
+    type: enum
+    options:
+    - "disabled"
+    - "best-effort"
+    default: "disabled"
+  - variable: defaultSettings.replicaSoftAntiAffinity
+    label: Replica Node Level Soft Anti-Affinity
+    description: 'Allow scheduling on nodes with existing healthy replicas of the same volume. By default false.'
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "false"
+  - variable: defaultSettings.replicaAutoBalance
+    label: Replica Auto Balance
+    description: 'Enable this setting automatically rebalances replicas when discovered an available node.
+The available global options are:
+- **disabled**. This is the default option. No replica auto-balance will be done.
+- **least-effort**. This option instructs Longhorn to balance replicas for minimal redundancy.
+- **best-effort**. This option instructs Longhorn to balance replicas for even redundancy.
+Longhorn also support individual volume setting. The setting can be specified in volume.spec.replicaAutoBalance, this overrules the global setting.
+The available volume spec options are:
+- **ignored**. This is the default option that instructs Longhorn to inherit from the global setting.
+- **disabled**. This option instructs Longhorn no replica auto-balance should be done.
+- **least-effort**. This option instructs Longhorn to balance replicas for minimal redundancy.
+- **best-effort**. This option instructs Longhorn to balance replicas for even redundancy.'
+    group: "Longhorn Default Settings"
+    type: enum
+    options:
+    - "disabled"
+    - "least-effort"
+    - "best-effort"
+    default: "disabled"
+  - variable: defaultSettings.storageOverProvisioningPercentage
+    label: Storage Over Provisioning Percentage
+    description: "The over-provisioning percentage defines how much storage can be allocated relative to the hard drive's capacity. By default 200."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    default: 200
+  - variable: defaultSettings.storageMinimalAvailablePercentage
+    label: Storage Minimal Available Percentage
+    description: "If the minimum available disk capacity exceeds the actual percentage of available disk capacity, the disk becomes unschedulable until more space is freed up. By default 25."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    max: 100
+    default: 25
+  - variable: defaultSettings.upgradeChecker
+    label: Enable Upgrade Checker
+    description: 'Upgrade Checker will check for new Longhorn version periodically. When there is a new version available, a notification will appear in the UI. By default true.'
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "true"
+  - variable: defaultSettings.defaultReplicaCount
+    label: Default Replica Count
+    description: "The default number of replicas when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `numberOfReplicas` in the StorageClass. By default 3."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 1
+    max: 20
+    default: 3
+  - variable: defaultSettings.defaultLonghornStaticStorageClass
+    label: Default Longhorn Static StorageClass Name
+    description: "The 'storageClassName' is given to PVs and PVCs that are created for an existing Longhorn volume. The StorageClass name can also be used as a label, so it is possible to use a Longhorn StorageClass to bind a workload to an existing PV without creating a Kubernetes StorageClass object. By default 'longhorn-static'."
+    group: "Longhorn Default Settings"
+    type: string
+    default: "longhorn-static"
+  - variable: defaultSettings.backupstorePollInterval
+    label: Backupstore Poll Interval
+    description: "In seconds. The backupstore poll interval determines how often Longhorn checks the backupstore for new backups. Set to 0 to disable the polling. By default 300."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    default: 300
+  - variable: defaultSettings.autoSalvage
+    label: Automatic salvage
+    description: "If enabled, volumes will be automatically salvaged when all the replicas become faulty e.g. due to network disconnection. Longhorn will try to figure out which replica(s) are usable, then use them for the volume. By default true."
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "true"
+  - variable: defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly
+    label: Automatically Delete Workload Pod when The Volume Is Detached Unexpectedly
+    description: 'If enabled, Longhorn will automatically delete the workload pod that is managed by a controller (e.g. deployment, statefulset, daemonset, etc...) when Longhorn volume is detached unexpectedly (e.g. during Kubernetes upgrade, Docker reboot, or network disconnect). By deleting the pod, its controller restarts the pod and Kubernetes handles volume reattachment and remount.
+If disabled, Longhorn will not delete the workload pod that is managed by a controller. You will have to manually restart the pod to reattach and remount the volume.
+**Note:** This setting does not apply to the workload pods that do not have a controller. Longhorn never deletes them.'
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "true"
+  - variable: defaultSettings.disableSchedulingOnCordonedNode
+    label: Disable Scheduling On Cordoned Node
+    description: "Disable Longhorn manager to schedule replica on Kubernetes cordoned node. By default true."
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "true"
+  - variable: defaultSettings.replicaZoneSoftAntiAffinity
+    label: Replica Zone Level Soft Anti-Affinity
+    description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. Notice that Longhorn relies on label `topology.kubernetes.io/zone=<Zone name of the node>` in the Kubernetes node object to identify the zone. By default true."
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "true"
+  - variable: defaultSettings.nodeDownPodDeletionPolicy
+    label: Pod Deletion Policy When Node is Down
+    description: "Defines the Longhorn action when a Volume is stuck with a StatefulSet/Deployment Pod on a node that is down.
+- **do-nothing** is the default Kubernetes behavior of never force deleting StatefulSet/Deployment terminating pods. Since the pod on the node that is down isn't removed, Longhorn volumes are stuck on nodes that are down.
+- **delete-statefulset-pod** Longhorn will force delete StatefulSet terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods.
+- **delete-deployment-pod** Longhorn will force delete Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods.
+- **delete-both-statefulset-and-deployment-pod** Longhorn will force delete StatefulSet/Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods."
+    group: "Longhorn Default Settings"
+    type: enum
+    options:
+    - "do-nothing"
+    - "delete-statefulset-pod"
+    - "delete-deployment-pod"
+    - "delete-both-statefulset-and-deployment-pod"
+    default: "do-nothing"
+  - variable: defaultSettings.allowNodeDrainWithLastHealthyReplica
+    label: Allow Node Drain with the Last Healthy Replica
+    description: "By default, Longhorn will block `kubectl drain` action on a node if the node contains the last healthy replica of a volume.
+If this setting is enabled, Longhorn will **not** block `kubectl drain` action on a node even if the node contains the last healthy replica of a volume."
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "false"
+  - variable: defaultSettings.mkfsExt4Parameters
+    label: Custom mkfs.ext4 parameters
+    description: "Allows setting additional filesystem creation parameters for ext4. For older host kernels it might be necessary to disable the optional ext4 metadata_csum feature by specifying `-O ^64bit,^metadata_csum`."
+    group: "Longhorn Default Settings"
+    type: string
+  - variable: defaultSettings.disableReplicaRebuild
+    label: Disable Replica Rebuild
+    description: "This setting disable replica rebuild cross the whole cluster, eviction and data locality feature won't work if this setting is true. But doesn't have any impact to any current replica rebuild and restore disaster recovery volume."
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "false"
+  - variable: defaultSettings.replicaReplenishmentWaitInterval
+    label: Replica Replenishment Wait Interval
+    description: "In seconds. The interval determines how long Longhorn will wait at least in order to reuse the existing data on a failed replica rather than directly creating a new replica for a degraded volume.
+Warning: This option works only when there is a failed replica in the volume. And this option may block the rebuilding for a while in the case."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    default: 600
+  - variable: defaultSettings.concurrentReplicaRebuildPerNodeLimit
+    label: Concurrent Replica Rebuild Per Node Limit
+    description: "This setting controls how many replicas on a node can be rebuilt simultaneously.
+Typically, Longhorn can block the replica starting once the current rebuilding count on a node exceeds the limit. But when the value is 0, it means disabling the replica rebuilding.
+WARNING:
+- The old setting \"Disable Replica Rebuild\" is replaced by this setting.
+- Different from relying on replica starting delay to limit the concurrent rebuilding, if the rebuilding is disabled, replica object replenishment will be directly skipped.
+- When the value is 0, the eviction and data locality feature won't work. But this shouldn't have any impact to any current replica rebuild and backup restore."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    default: 5
+  - variable: defaultSettings.disableRevisionCounter
+    label: Disable Revision Counter
+    description: "This setting is only for volumes created by UI. By default, this is false meaning there will be a reivision counter file to track every write to the volume. During salvage recovering Longhorn will pick the repica with largest reivision counter as candidate to recover the whole volume. If revision counter is disabled, Longhorn will not track every write to the volume. During the salvage recovering, Longhorn will use the 'volume-head-xxx.img' file last modification time and file size to pick the replica candidate to recover the whole volume."
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "false"
+  - variable: defaultSettings.systemManagedPodsImagePullPolicy
+    label: System Managed Pod Image Pull Policy
+    description: "This setting defines the Image Pull Policy of Longhorn system managed pods, e.g. instance manager, engine image, CSI driver, etc. The new Image Pull Policy will only apply after the system managed pods restart."
+    group: "Longhorn Default Settings"
+    type: enum
+    options:
+    - "if-not-present"
+    - "always"
+    - "never"
+    default: "if-not-present"
+  - variable: defaultSettings.allowVolumeCreationWithDegradedAvailability
+    label: Allow Volume Creation with Degraded Availability
+    description: "This setting allows user to create and attach a volume that doesn't have all the replicas scheduled at the time of creation."
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "true"
+  - variable: defaultSettings.autoCleanupSystemGeneratedSnapshot
+    label: Automatically Cleanup System Generated Snapshot
+    description: "This setting enables Longhorn to automatically cleanup the system generated snapshot after replica rebuild is done."
+    group: "Longhorn Default Settings"
+    type: boolean
+    default: "true"
+  - variable: defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit
+    label: Concurrent Automatic Engine Upgrade Per Node Limit
+    description: "This setting controls how Longhorn automatically upgrades volumes' engines to the new default engine image after upgrading Longhorn manager. The value of this setting specifies the maximum number of engines per node that are allowed to upgrade to the default engine image at the same time. If the value is 0, Longhorn will not automatically upgrade volumes' engines to default version."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    default: 0
+  - variable: defaultSettings.backingImageCleanupWaitInterval
+    label: Backing Image Cleanup Wait Interval
+    description: "This interval in minutes determines how long Longhorn will wait before cleaning up the backing image file when there is no replica in the disk using it."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    default: 60
+  - variable: defaultSettings.backingImageRecoveryWaitInterval
+    label: Backing Image Recovery Wait Interval
+    description: "This interval in seconds determines how long Longhorn will wait before re-downloading the backing image file when all disk files of this backing image become failed or unknown.
+    WARNING:
+      - This recovery only works for the backing image of which the creation type is \"download\".
+      - File state \"unknown\" means the related manager pods on the pod is not running or the node itself is down/disconnected."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    default: 300
+  - variable: defaultSettings.guaranteedEngineManagerCPU
+    label: Guaranteed Engine Manager CPU
+    description: "This integer value indicates how many percentage of the total allocatable CPU on each node will be reserved for each engine manager Pod. For example, 10 means 10% of the total CPU on a node will be allocated to each engine manager pod on this node. This will help maintain engine stability during high node workload.
+    In order to prevent unexpected volume engine crash as well as guarantee a relative acceptable IO performance, you can use the following formula to calculate a value for this setting:
+    Guaranteed Engine Manager CPU = The estimated max Longhorn volume engine count on a node * 0.1 / The total allocatable CPUs on the node * 100.
+    The result of above calculation doesn't mean that's the maximum CPU resources the Longhorn workloads require. To fully exploit the Longhorn volume I/O performance, you can allocate/guarantee more CPU resources via this setting.
+    If it's hard to estimate the usage now, you can leave it with the default value, which is 12%. Then you can tune it when there is no running workload using Longhorn volumes.
+    WARNING:
+      - Value 0 means unsetting CPU requests for engine manager pods.
+      - Considering the possible new instance manager pods in the further system upgrade, this integer value is range from 0 to 40. And the sum with setting 'Guaranteed Engine Manager CPU' should not be greater than 40.
+      - One more set of instance manager pods may need to be deployed when the Longhorn system is upgraded. If current available CPUs of the nodes are not enough for the new instance manager pods, you need to detach the volumes using the oldest instance manager pods so that Longhorn can clean up the old pods automatically and release the CPU resources. And the new pods with the latest instance manager image will be launched then.
+      - This global setting will be ignored for a node if the field \"EngineManagerCPURequest\" on the node is set.
+      - After this setting is changed, all engine manager pods using this global setting on all the nodes will be automatically restarted. In other words, DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    max: 40
+    default: 12
+  - variable: defaultSettings.guaranteedReplicaManagerCPU
+    label: Guaranteed Replica Manager CPU
+    description: "This integer value indicates how many percentage of the total allocatable CPU on each node will be reserved for each replica manager Pod. 10 means 10% of the total CPU on a node will be allocated to each replica manager pod on this node. This will help maintain replica stability during high node workload.
+    In order to prevent unexpected volume replica crash as well as guarantee a relative acceptable IO performance, you can use the following formula to calculate a value for this setting:
+    Guaranteed Replica Manager CPU = The estimated max Longhorn volume replica count on a node * 0.1 / The total allocatable CPUs on the node * 100.
+    The result of above calculation doesn't mean that's the maximum CPU resources the Longhorn workloads require. To fully exploit the Longhorn volume I/O performance, you can allocate/guarantee more CPU resources via this setting.
+    If it's hard to estimate the usage now, you can leave it with the default value, which is 12%. Then you can tune it when there is no running workload using Longhorn volumes.
+    WARNING:
+      - Value 0 means unsetting CPU requests for replica manager pods.
+      - Considering the possible new instance manager pods in the further system upgrade, this integer value is range from 0 to 40. And the sum with setting 'Guaranteed Replica Manager CPU' should not be greater than 40.
+      - One more set of instance manager pods may need to be deployed when the Longhorn system is upgraded. If current available CPUs of the nodes are not enough for the new instance manager pods, you need to detach the volumes using the oldest instance manager pods so that Longhorn can clean up the old pods automatically and release the CPU resources. And the new pods with the latest instance manager image will be launched then.
+      - This global setting will be ignored for a node if the field \"ReplicaManagerCPURequest\" on the node is set.
+      - After this setting is changed, all replica manager pods using this global setting on all the nodes will be automatically restarted. In other words, DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES."
+    group: "Longhorn Default Settings"
+    type: int
+    min: 0
+    max: 40
+    default: 12
+- variable: persistence.defaultClass
+  default: "true"
+  description: "Set as default StorageClass for Longhorn"
+  label: Default Storage Class
+  group: "Longhorn Storage Class Settings"
+  required: true
+  type: boolean
+- variable: persistence.reclaimPolicy
+  label: Storage Class Retain Policy
+  description: "Define reclaim policy (Retain or Delete)"
+  group: "Longhorn Storage Class Settings"
+  required: true
+  type: enum
+  options:
+  - "Delete"
+  - "Retain"
+  default: "Delete"
+- variable: persistence.defaultClassReplicaCount
+  description: "Set replica count for Longhorn StorageClass"
+  label: Default Storage Class Replica Count
+  group: "Longhorn Storage Class Settings"
+  type: int
+  min: 1
+  max: 10
+  default: 3
+- variable: persistence.recurringJobSelector.enable
+  description: "Enable recurring job selector for Longhorn StorageClass"
+  group: "Longhorn Storage Class Settings"
+  label: Enable Storage Class Recurring Job Selector
+  type: boolean
+  default: false
+  show_subquestion_if: true
+  subquestions:
+  - variable: persistence.recurringJobSelector.jobList
+    description: 'Recurring job selector list for Longhorn StorageClass. Please be careful of quotes of input. e.g., [{"name":"backup", "isGroup":true}]'
+    label: Storage Class Recurring Job Selector List
+    group: "Longhorn Storage Class Settings"
+    type: string
+    default:
+- variable: persistence.backingImage.enable
+  description: "Set backing image for Longhorn StorageClass"
+  group: "Longhorn Storage Class Settings"
+  label: Default Storage Class Backing Image
+  type: boolean
+  default: false
+  show_subquestion_if: true
+  subquestions:
+  - variable: persistence.backingImage.name
+    description: 'Specify a backing image that will be used by Longhorn volumes in Longhorn StorageClass. If not exists, the backing image data source type and backing image data source parameters should be specified so that Longhorn will create the backing image before using it.'
+    label: Storage Class Backing Image Name
+    group: "Longhorn Storage Class Settings"
+    type: string
+    default:
+  - variable: persistence.backingImage.expectedChecksum
+    description: 'Specify the expected SHA512 checksum of the selected backing image in Longhorn StorageClass.
+    WARNING:
+      - If the backing image name is not specified, setting this field is meaningless.
+      - It is not recommended to set this field if the data source type is \"export-from-volume\".'
+    label: Storage Class Backing Image Expected SHA512 Checksum
+    group: "Longhorn Storage Class Settings"
+    type: string
+    default:
+  - variable: persistence.backingImage.dataSourceType
+    description: 'Specify the data source type for the backing image used in Longhorn StorageClass.
+    If the backing image does not exists, Longhorn will use this field to create a backing image. Otherwise, Longhorn will use it to verify the selected backing image.
+    WARNING:
+      - If the backing image name is not specified, setting this field is meaningless.
+      - As for backing image creation with data source type \"upload\", it is recommended to do it via UI rather than StorageClass here. Uploading requires file data sending to the Longhorn backend after the object creation, which is complicated if you want to handle it manually.'
+    label: Storage Class Backing Image Data Source Type
+    group: "Longhorn Storage Class Settings"
+    type: enum
+    options:
+    - ""
+    - "download"
+    - "upload"
+    - "export-from-volume"
+    default: ""
+  - variable: persistence.backingImage.dataSourceParameters
+    description: "Specify the data source parameters for the backing image used in Longhorn StorageClass.
+    If the backing image does not exists, Longhorn will use this field to create a backing image. Otherwise, Longhorn will use it to verify the selected backing image.
+    This option accepts a json string of a map. e.g., '{\"url\":\"https://backing-image-example.s3-region.amazonaws.com/test-backing-image\"}'.
+    WARNING:
+      - If the backing image name is not specified, setting this field is meaningless.
+      - Be careful of the quotes here."
+    label: Storage Class Backing Image Data Source Parameters
+    group: "Longhorn Storage Class Settings"
+    type: string
+    default:
+- variable: ingress.enabled
+  default: "false"
+  description: "Expose app using Layer 7 Load Balancer - ingress"
+  type: boolean
+  group: "Services and Load Balancing"
+  label: Expose app using Layer 7 Load Balancer
+  show_subquestion_if: true
+  subquestions:
+  - variable: ingress.host
+    default: "xip.io"
+    description: "layer 7 Load Balancer hostname"
+    type: hostname
+    required: true
+    label: Layer 7 Load Balancer Hostname
+- variable: service.ui.type
+  default: "Rancher-Proxy"
+  description: "Define Longhorn UI service type"
+  type: enum
+  options:
+    - "ClusterIP"
+    - "NodePort"
+    - "LoadBalancer"
+    - "Rancher-Proxy"
+  label: Longhorn UI Service
+  show_if: "ingress.enabled=false"
+  group: "Services and Load Balancing"
+  show_subquestion_if: "NodePort"
+  subquestions:
+  - variable: service.ui.nodePort
+    default: ""
+    description: "NodePort port number(to set explicitly, choose port between 30000-32767)"
+    type: int
+    min: 30000
+    max: 32767
+    show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer"
+    label: UI Service NodePort number
+- variable: enablePSP
+  default: "true"
+  description: "Setup a pod security policy for Longhorn workloads."
+  label: Pod Security Policy
+  type: boolean
+  group: "Other Settings"
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/NOTES.txt b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/NOTES.txt
new file mode 100644
index 000000000..cca7cd77b
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/NOTES.txt
@@ -0,0 +1,5 @@
+Longhorn is now installed on the cluster!
+
+Please wait a few minutes for other Longhorn components such as CSI deployments, Engine Images, and Instance Managers to be initialized.
+
+Visit our documentation at https://longhorn.io/docs/
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/_helpers.tpl b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/_helpers.tpl
new file mode 100644
index 000000000..3fbc2ac02
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/_helpers.tpl
@@ -0,0 +1,66 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "longhorn.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "longhorn.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "longhorn.managerIP" -}}
+{{- $fullname := (include "longhorn.fullname" .) -}}
+{{- printf "http://%s-backend:9500" $fullname | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "secret" }}
+{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }}
+{{- end }}
+
+{{- /*
+longhorn.labels generates the standard Helm labels.
+*/ -}}
+{{- define "longhorn.labels" -}}
+app.kubernetes.io/name: {{ template "longhorn.name" . }}
+helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/version: {{ .Chart.AppVersion }}
+{{- end -}}
+
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "registry_url" -}}
+{{- if .Values.privateRegistry.registryUrl -}}
+{{- printf "%s/" .Values.privateRegistry.registryUrl -}}
+{{- else -}}
+{{ include "system_default_registry" . }}
+{{- end -}}
+{{- end -}}
+
+{{- /*
+ define the longhorn release namespace
+*/ -}}
+{{- define "release_namespace" -}}
+{{- if .Values.namespaceOverride -}}
+{{- .Values.namespaceOverride -}}
+{{- else -}}
+{{- .Release.Namespace -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/clusterrole.yaml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/clusterrole.yaml
new file mode 100644
index 000000000..48ebf54f1
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/clusterrole.yaml
@@ -0,0 +1,50 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: longhorn-role
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - "*"
+- apiGroups: [""]
+  resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps"]
+  verbs: ["*"]
+- apiGroups: [""]
+  resources: ["namespaces"]
+  verbs: ["get", "list"]
+- apiGroups: ["apps"]
+  resources: ["daemonsets", "statefulsets", "deployments"]
+  verbs: ["*"]
+- apiGroups: ["batch"]
+  resources: ["jobs", "cronjobs"]
+  verbs: ["*"]
+- apiGroups: ["policy"]
+  resources: ["poddisruptionbudgets"]
+  verbs: ["*"]
+- apiGroups: ["scheduling.k8s.io"]
+  resources: ["priorityclasses"]
+  verbs: ["watch", "list"]
+- apiGroups: ["storage.k8s.io"]
+  resources: ["storageclasses", "volumeattachments", "volumeattachments/status", "csinodes", "csidrivers"]
+  verbs: ["*"]
+- apiGroups: ["snapshot.storage.k8s.io"]
+  resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"]
+  verbs: ["*"]
+- apiGroups: ["longhorn.io"]
+  resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
+              "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
+              "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status",
+              "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status",
+              "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status",
+              "recurringjobs", "recurringjobs/status"]
+  verbs: ["*"]
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["*"]
+- apiGroups: ["metrics.k8s.io"]
+  resources: ["pods", "nodes"]
+  verbs: ["get", "list"]
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/clusterrolebinding.yaml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..66ac62f9b
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: longhorn-bind
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: longhorn-role
+subjects:
+- kind: ServiceAccount
+  name: longhorn-service-account
+  namespace: {{ include "release_namespace" . }}
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/daemonset-sa.yaml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/daemonset-sa.yaml
new file mode 100644
index 000000000..9ce2dd060
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/daemonset-sa.yaml
@@ -0,0 +1,125 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+    app: longhorn-manager
+  name: longhorn-manager
+  namespace: {{ include "release_namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      app: longhorn-manager
+  template:
+    metadata:
+      labels: {{- include "longhorn.labels" . | nindent 8 }}
+        app: longhorn-manager
+      {{- with .Values.annotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      containers:
+      - name: longhorn-manager
+        image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          privileged: true
+        command:
+        - longhorn-manager
+        - -d
+        - daemon
+        - --engine-image
+        - "{{ template "registry_url" . }}{{ .Values.image.longhorn.engine.repository }}:{{ .Values.image.longhorn.engine.tag }}"
+        - --instance-manager-image
+        - "{{ template "registry_url" . }}{{ .Values.image.longhorn.instanceManager.repository }}:{{ .Values.image.longhorn.instanceManager.tag }}"
+        - --share-manager-image
+        - "{{ template "registry_url" . }}{{ .Values.image.longhorn.shareManager.repository }}:{{ .Values.image.longhorn.shareManager.tag }}"
+        - --backing-image-manager-image
+        - "{{ template "registry_url" . }}{{ .Values.image.longhorn.backingImageManager.repository }}:{{ .Values.image.longhorn.backingImageManager.tag }}"
+        - --manager-image
+        - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}"
+        - --service-account
+        - longhorn-service-account
+        ports:
+        - containerPort: 9500
+          name: manager
+        readinessProbe:
+          tcpSocket:
+            port: 9500
+        volumeMounts:
+        - name: dev
+          mountPath: /host/dev/
+        - name: proc
+          mountPath: /host/proc/
+        - name: longhorn
+          mountPath: /var/lib/longhorn/
+          mountPropagation: Bidirectional
+        - name: longhorn-default-setting
+          mountPath: /var/lib/longhorn-setting/
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: DEFAULT_SETTING_PATH
+          value: /var/lib/longhorn-setting/default-setting.yaml
+      volumes:
+      - name: dev
+        hostPath:
+          path: /dev/
+      - name: proc
+        hostPath:
+          path: /proc/
+      - name: longhorn
+        hostPath:
+          path: /var/lib/longhorn/
+      - name: longhorn-default-setting
+        configMap:
+          name: longhorn-default-setting
+      {{- if .Values.privateRegistry.registrySecret }}
+      imagePullSecrets:
+      - name: {{ .Values.privateRegistry.registrySecret }}
+      {{- end }}
+      {{- if .Values.longhornManager.priorityClass }}
+      priorityClassName: {{ .Values.longhornManager.priorityClass | quote}}
+      {{- end }}
+      {{- if .Values.longhornManager.tolerations }}
+      tolerations:
+{{ toYaml .Values.longhornManager.tolerations | indent 6 }}
+      {{- end }}
+      {{- if .Values.longhornManager.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }}
+      {{- end }}
+      serviceAccountName: longhorn-service-account
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: "100%"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+    app: longhorn-manager
+  name: longhorn-backend
+  namespace: {{ include "release_namespace" . }}
+spec:
+  type: {{ .Values.service.manager.type }}
+  sessionAffinity: ClientIP
+  selector:
+    app: longhorn-manager
+  ports:
+  - name: manager
+    port: 9500
+    targetPort: manager
+    {{- if .Values.service.manager.nodePort }}
+    nodePort: {{ .Values.service.manager.nodePort }}
+    {{- end }}
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/default-setting.yaml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/default-setting.yaml
new file mode 100644
index 000000000..6f8799671
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/default-setting.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: longhorn-default-setting
+  namespace: {{ include "release_namespace" . }}
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+data:
+  default-setting.yaml: |-
+    backup-target: {{ .Values.defaultSettings.backupTarget }}
+    backup-target-credential-secret: {{ .Values.defaultSettings.backupTargetCredentialSecret }}
+    allow-recurring-job-while-volume-detached: {{ .Values.defaultSettings.allowRecurringJobWhileVolumeDetached }}
+    create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }}
+    default-data-path: {{ .Values.defaultSettings.defaultDataPath }}
+    replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }}
+    replica-auto-balance: {{ .Values.defaultSettings.replicaAutoBalance }}
+    storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }}
+    storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }}
+    upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }}
+    default-replica-count: {{ .Values.defaultSettings.defaultReplicaCount }}
+    default-data-locality: {{ .Values.defaultSettings.defaultDataLocality }}
+    default-longhorn-static-storage-class: {{ .Values.defaultSettings.defaultLonghornStaticStorageClass }}
+    backupstore-poll-interval: {{ .Values.defaultSettings.backupstorePollInterval }}
+    taint-toleration: {{ .Values.defaultSettings.taintToleration }}
+    system-managed-components-node-selector: {{ .Values.defaultSettings.systemManagedComponentsNodeSelector }}
+    priority-class: {{ .Values.defaultSettings.priorityClass }}
+    auto-salvage: {{ .Values.defaultSettings.autoSalvage }}
+    auto-delete-pod-when-volume-detached-unexpectedly: {{ .Values.defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly }}
+    disable-scheduling-on-cordoned-node: {{ .Values.defaultSettings.disableSchedulingOnCordonedNode }}
+    replica-zone-soft-anti-affinity: {{ .Values.defaultSettings.replicaZoneSoftAntiAffinity }}
+    node-down-pod-deletion-policy: {{ .Values.defaultSettings.nodeDownPodDeletionPolicy }}
+    allow-node-drain-with-last-healthy-replica: {{ .Values.defaultSettings.allowNodeDrainWithLastHealthyReplica }}
+    mkfs-ext4-parameters: {{ .Values.defaultSettings.mkfsExt4Parameters }}
+    disable-replica-rebuild: {{ .Values.defaultSettings.disableReplicaRebuild }}
+    replica-replenishment-wait-interval: {{ .Values.defaultSettings.replicaReplenishmentWaitInterval }}
+    concurrent-replica-rebuild-per-node-limit: {{ .Values.defaultSettings.concurrentReplicaRebuildPerNodeLimit }}
+    disable-revision-counter: {{ .Values.defaultSettings.disableRevisionCounter }}
+    system-managed-pods-image-pull-policy: {{ .Values.defaultSettings.systemManagedPodsImagePullPolicy }}
+    allow-volume-creation-with-degraded-availability: {{ .Values.defaultSettings.allowVolumeCreationWithDegradedAvailability }}
+    auto-cleanup-system-generated-snapshot: {{ .Values.defaultSettings.autoCleanupSystemGeneratedSnapshot }}
+    concurrent-automatic-engine-upgrade-per-node-limit: {{ .Values.defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit }}
+    backing-image-cleanup-wait-interval: {{ .Values.defaultSettings.backingImageCleanupWaitInterval }}
+    backing-image-recovery-wait-interval: {{ .Values.defaultSettings.backingImageRecoveryWaitInterval }}
+    guaranteed-engine-manager-cpu: {{ .Values.defaultSettings.guaranteedEngineManagerCPU }}
+    guaranteed-replica-manager-cpu: {{ .Values.defaultSettings.guaranteedReplicaManagerCPU }}
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/deployment-driver.yaml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/deployment-driver.yaml
new file mode 100644
index 000000000..fb0390a6b
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/deployment-driver.yaml
@@ -0,0 +1,104 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: longhorn-driver-deployer
+  namespace: {{ include "release_namespace" . }}
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: longhorn-driver-deployer
+  template:
+    metadata:
+      labels: {{- include "longhorn.labels" . | nindent 8 }}
+        app: longhorn-driver-deployer
+    spec:
+      initContainers:
+        - name: wait-longhorn-manager
+          image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+          command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done']
+      containers:
+        - name: longhorn-driver-deployer
+          image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+          imagePullPolicy: IfNotPresent
+          command:
+          - longhorn-manager
+          - -d
+          - deploy-driver
+          - --manager-image
+          - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}"
+          - --manager-url
+          - http://longhorn-backend:9500/v1
+          env:
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: NODE_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.nodeName
+          - name: SERVICE_ACCOUNT
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.serviceAccountName
+          {{- if .Values.csi.kubeletRootDir }}
+          - name: KUBELET_ROOT_DIR
+            value: {{ .Values.csi.kubeletRootDir }}
+          {{- end }}
+          {{- if and .Values.image.csi.attacher.repository .Values.image.csi.attacher.tag }}
+          - name: CSI_ATTACHER_IMAGE
+            value: "{{ template "registry_url" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}"
+          {{- end }}
+          {{- if and .Values.image.csi.provisioner.repository .Values.image.csi.provisioner.tag }}
+          - name: CSI_PROVISIONER_IMAGE
+            value: "{{ template "registry_url" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}"
+          {{- end }}
+          {{- if and .Values.image.csi.nodeDriverRegistrar.repository .Values.image.csi.nodeDriverRegistrar.tag }}
+          - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE
+            value: "{{ template "registry_url" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}"
+          {{- end }}
+          {{- if and .Values.image.csi.resizer.repository .Values.image.csi.resizer.tag }}
+          - name: CSI_RESIZER_IMAGE
+            value: "{{ template "registry_url" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}"
+          {{- end }}
+          {{- if and .Values.image.csi.snapshotter.repository .Values.image.csi.snapshotter.tag }}
+          - name: CSI_SNAPSHOTTER_IMAGE
+            value: "{{ template "registry_url" . }}{{ .Values.image.csi.snapshotter.repository }}:{{ .Values.image.csi.snapshotter.tag }}"
+          {{- end }}
+          {{- if .Values.csi.attacherReplicaCount }}
+          - name: CSI_ATTACHER_REPLICA_COUNT
+            value: {{ .Values.csi.attacherReplicaCount | quote }}
+          {{- end }}
+          {{- if .Values.csi.provisionerReplicaCount }}
+          - name: CSI_PROVISIONER_REPLICA_COUNT
+            value: {{ .Values.csi.provisionerReplicaCount | quote }}
+          {{- end }}
+          {{- if .Values.csi.resizerReplicaCount }}
+          - name: CSI_RESIZER_REPLICA_COUNT
+            value: {{ .Values.csi.resizerReplicaCount | quote }}
+          {{- end }}
+          {{- if .Values.csi.snapshotterReplicaCount }}
+          - name: CSI_SNAPSHOTTER_REPLICA_COUNT
+            value: {{ .Values.csi.snapshotterReplicaCount | quote }}
+          {{- end }}
+
+      {{- if .Values.privateRegistry.registrySecret }}
+      imagePullSecrets:
+      - name: {{ .Values.privateRegistry.registrySecret }}
+      {{- end }}
+      {{- if .Values.longhornDriver.priorityClass }}
+      priorityClassName: {{ .Values.longhornDriver.priorityClass | quote}}
+      {{- end }}
+      {{- if .Values.longhornDriver.tolerations }}
+      tolerations:
+{{ toYaml .Values.longhornDriver.tolerations | indent 6 }}
+      {{- end }}
+      {{- if .Values.longhornDriver.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.longhornDriver.nodeSelector | indent 8 }}
+      {{- end }}
+      serviceAccountName: longhorn-service-account
+      securityContext:
+        runAsUser: 0
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/deployment-ui.yaml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/deployment-ui.yaml
new file mode 100644
index 000000000..772f87573
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/deployment-ui.yaml
@@ -0,0 +1,72 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+    app: longhorn-ui
+  name: longhorn-ui
+  namespace: {{ include "release_namespace" . }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: longhorn-ui
+  template:
+    metadata:
+      labels: {{- include "longhorn.labels" . | nindent 8 }}
+        app: longhorn-ui
+    spec:
+      containers:
+      - name: longhorn-ui
+        image: {{ template "registry_url" . }}{{ .Values.image.longhorn.ui.repository }}:{{ .Values.image.longhorn.ui.tag }}
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          runAsUser: 0
+        ports:
+        - containerPort: 8000
+          name: http
+        env:
+          - name: LONGHORN_MANAGER_IP
+            value: "http://longhorn-backend:9500"
+      {{- if .Values.privateRegistry.registrySecret }}
+      imagePullSecrets:
+      - name: {{ .Values.privateRegistry.registrySecret }}
+      {{- end }}
+      {{- if .Values.longhornUI.priorityClass }}
+      priorityClassName: {{ .Values.longhornUI.priorityClass | quote}}
+      {{- end }}
+      {{- if .Values.longhornUI.tolerations }}
+      tolerations:
+{{ toYaml .Values.longhornUI.tolerations | indent 6 }}
+      {{- end }}
+      {{- if .Values.longhornUI.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.longhornUI.nodeSelector | indent 8 }}
+      {{- end }}
+---
+kind: Service
+apiVersion: v1
+metadata:
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+    app: longhorn-ui
+    {{- if eq .Values.service.ui.type "Rancher-Proxy" }}
+    kubernetes.io/cluster-service: "true"
+    {{- end }}
+  name: longhorn-frontend
+  namespace: {{ include "release_namespace" . }}
+spec:
+  {{- if eq .Values.service.ui.type "Rancher-Proxy" }}
+  type: ClusterIP
+  {{- else }}
+  type: {{ .Values.service.ui.type }}
+  {{- end }}
+  selector:
+    app: longhorn-ui
+  ports:
+  - name: http
+    port: 80
+    targetPort: http
+    {{- if .Values.service.ui.nodePort }}
+    nodePort: {{ .Values.service.ui.nodePort }}
+    {{- else }}
+    nodePort: null
+    {{- end }}
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/ingress.yaml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/ingress.yaml
new file mode 100644
index 000000000..664920683
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/ingress.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.ingress.enabled }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: longhorn-ingress
+  namespace: {{ include "release_namespace" . }}
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+    app: longhorn-ingress
+  annotations:
+    {{- if .Values.ingress.tls }}
+    ingress.kubernetes.io/secure-backends: "true"
+    {{- end }}
+    {{- range $key, $value := .Values.ingress.annotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+  {{- if and .Values.ingress.ingressClassName (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.ingressClassName }}
+  {{- end }}
+  rules:
+  - host: {{ .Values.ingress.host }}
+    http:
+      paths:
+        - path: {{ default "" .Values.ingress.path }}
+          {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+          pathType: ImplementationSpecific
+          {{- end }}
+          backend:
+            {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+            service:
+              name: longhorn-frontend
+              port:
+                number: 80
+            {{- else }}
+            serviceName: longhorn-frontend
+            servicePort: 80
+            {{- end }}
+{{- if .Values.ingress.tls }}
+  tls:
+  - hosts:
+    - {{ .Values.ingress.host }}
+    secretName: {{ .Values.ingress.tlsSecret }}
+{{- end }}
+{{- end }}
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/postupgrade-job.yaml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/postupgrade-job.yaml
new file mode 100644
index 000000000..4af75e236
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/postupgrade-job.yaml
@@ -0,0 +1,48 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  annotations:
+    "helm.sh/hook": post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+  name: longhorn-post-upgrade
+  namespace: {{ include "release_namespace" . }}
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+spec:
+  activeDeadlineSeconds: 900
+  backoffLimit: 1
+  template:
+    metadata:
+      name: longhorn-post-upgrade
+      labels: {{- include "longhorn.labels" . | nindent 8 }}
+    spec:
+      containers:
+      - name: longhorn-post-upgrade
+        image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          privileged: true
+        command:
+        - longhorn-manager
+        - post-upgrade
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+      restartPolicy: OnFailure
+      {{- if .Values.privateRegistry.registrySecret }}
+      imagePullSecrets:
+      - name: {{ .Values.privateRegistry.registrySecret }}
+      {{- end }}
+      {{- if .Values.longhornManager.priorityClass }}
+      priorityClassName: {{ .Values.longhornManager.priorityClass | quote}}
+      {{- end }}
+      serviceAccountName: longhorn-service-account
+      {{- if .Values.longhornManager.tolerations }}
+      tolerations:
+{{ toYaml .Values.longhornManager.tolerations | indent 6 }}
+      {{- end }}
+      {{- if .Values.longhornManager.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }}
+      {{- end }}
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/psp.yaml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/psp.yaml
new file mode 100644
index 000000000..a2dfc05be
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/psp.yaml
@@ -0,0 +1,66 @@
+{{- if .Values.enablePSP }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: longhorn-psp
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+spec:
+  privileged: true
+  allowPrivilegeEscalation: true
+  requiredDropCapabilities:
+  - NET_RAW
+  allowedCapabilities:
+  - SYS_ADMIN
+  hostNetwork: false
+  hostIPC: false
+  hostPID: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  fsGroup:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+  - configMap
+  - downwardAPI
+  - emptyDir
+  - secret
+  - projected
+  - hostPath
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: longhorn-psp-role
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+  namespace: {{ include "release_namespace" . }}
+rules:
+- apiGroups:
+  - policy
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+  resourceNames:
+  - longhorn-psp
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: longhorn-psp-binding
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+  namespace: {{ include "release_namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: longhorn-psp-role
+subjects:
+- kind: ServiceAccount
+  name: longhorn-service-account
+  namespace: {{ include "release_namespace" . }}
+- kind: ServiceAccount
+  name: default
+  namespace: {{ include "release_namespace" . }}
+{{- end }}
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/registry-secret.yml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/registry-secret.yml
new file mode 100644
index 000000000..1c7565fea
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/registry-secret.yml
@@ -0,0 +1,11 @@
+{{- if .Values.privateRegistry.registrySecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.privateRegistry.registrySecret }}
+  namespace: {{ include "release_namespace" . }}
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "secret" . }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/serviceaccount.yaml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/serviceaccount.yaml
new file mode 100644
index 000000000..ad576c353
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/serviceaccount.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: longhorn-service-account
+  namespace: {{ include "release_namespace" . }}
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/storageclass.yaml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/storageclass.yaml
new file mode 100644
index 000000000..78ae33d22
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/storageclass.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: longhorn-storageclass
+  namespace: {{ include "release_namespace" . }}
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+data:
+  storageclass.yaml: |
+    kind: StorageClass
+    apiVersion: storage.k8s.io/v1
+    metadata:
+      name: longhorn
+      annotations:
+        storageclass.kubernetes.io/is-default-class: {{ .Values.persistence.defaultClass | quote }}
+    provisioner: driver.longhorn.io
+    allowVolumeExpansion: true
+    reclaimPolicy: "{{ .Values.persistence.reclaimPolicy }}"
+    volumeBindingMode: Immediate
+    parameters:
+      numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}"
+      staleReplicaTimeout: "30"
+      fromBackup: ""
+      {{- if .Values.persistence.defaultFsType }}
+      fsType: "{{.Values.persistence.defaultFsType}}"
+      {{- end }}
+      {{- if .Values.persistence.backingImage.enable }}
+      backingImage: {{ .Values.persistence.backingImage.name }}
+      backingImageDataSourceType: {{ .Values.persistence.backingImage.dataSourceType }}
+      backingImageDataSourceParameters: {{ .Values.persistence.backingImage.dataSourceParameters }}
+      backingImageChecksum: {{ .Values.persistence.backingImage.expectedChecksum }}
+      {{- end }}
+      {{- if .Values.persistence.recurringJobSelector.enable }}
+      recurringJobSelector: '{{ .Values.persistence.recurringJobSelector.jobList }}'
+      {{- end }}
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/tls-secrets.yaml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/tls-secrets.yaml
new file mode 100644
index 000000000..74c43426d
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/tls-secrets.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ include "release_namespace" $ }}
+  labels: {{- include "longhorn.labels" $ | nindent 4 }}
+    app: longhorn
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ .certificate | b64enc }}
+  tls.key: {{ .key | b64enc }}
+---
+{{- end }}
+{{- end }}
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/uninstall-job.yaml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/uninstall-job.yaml
new file mode 100644
index 000000000..5f21b1024
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/uninstall-job.yaml
@@ -0,0 +1,49 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-delete-policy": hook-succeeded
+  name: longhorn-uninstall
+  namespace: {{ include "release_namespace" . }}
+  labels: {{- include "longhorn.labels" . | nindent 4 }}
+spec:
+  activeDeadlineSeconds: 900
+  backoffLimit: 1
+  template:
+    metadata:
+      name: longhorn-uninstall
+      labels: {{- include "longhorn.labels" . | nindent 8 }}
+    spec:
+      containers:
+      - name: longhorn-uninstall
+        image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          privileged: true
+        command:
+        - longhorn-manager
+        - uninstall
+        - --force
+        env:
+        - name: LONGHORN_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+      restartPolicy: OnFailure
+      {{- if .Values.privateRegistry.registrySecret }}
+      imagePullSecrets:
+      - name: {{ .Values.privateRegistry.registrySecret }}
+      {{- end }}
+      {{- if .Values.longhornManager.priorityClass }}
+      priorityClassName: {{ .Values.longhornManager.priorityClass | quote}}
+      {{- end }}
+      serviceAccountName: longhorn-service-account
+      {{- if .Values.longhornManager.tolerations }}
+      tolerations:
+{{ toYaml .Values.longhornManager.tolerations | indent 6 }}
+      {{- end }}
+      {{- if .Values.longhornManager.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }}
+      {{- end }}
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/userroles.yaml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/userroles.yaml
new file mode 100644
index 000000000..24bcfbe23
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/userroles.yaml
@@ -0,0 +1,47 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: "longhorn-admin"
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+- apiGroups: [ "longhorn.io" ]
+  resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
+              "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
+              "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status",
+              "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status",
+              "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status",
+              "recurringjobs", "recurringjobs/status"]
+  verbs: [ "*" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: "longhorn-edit"
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+rules:
+- apiGroups: [ "longhorn.io" ]
+  resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
+              "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
+              "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status",
+              "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status",
+              "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status",
+              "recurringjobs", "recurringjobs/status"]
+  verbs: [ "*" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: "longhorn-view"
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+rules:
+- apiGroups: [ "longhorn.io" ]
+  resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
+              "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
+              "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status",
+              "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status",
+              "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status",
+              "recurringjobs", "recurringjobs/status"]
+  verbs: [ "get", "list", "watch" ]
\ No newline at end of file
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/validate-install-crd.yaml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..73dcdb474
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/templates/validate-install-crd.yaml
@@ -0,0 +1,28 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "longhorn.io/v1beta1/Engine" false -}}
+# {{- set $found "longhorn.io/v1beta1/Replica" false -}}
+# {{- set $found "longhorn.io/v1beta1/Setting" false -}}
+# {{- set $found "longhorn.io/v1beta1/Volume" false -}}
+# {{- set $found "longhorn.io/v1beta1/EngineImage" false -}}
+# {{- set $found "longhorn.io/v1beta1/Node" false -}}
+# {{- set $found "longhorn.io/v1beta1/InstanceManager" false -}}
+# {{- set $found "longhorn.io/v1beta1/ShareManager" false -}}
+# {{- set $found "longhorn.io/v1beta1/BackingImage" false -}}
+# {{- set $found "longhorn.io/v1beta1/BackingImageManager" false -}}
+# {{- set $found "longhorn.io/v1beta1/BackingImageDataSource" false -}}
+# {{- set $found "longhorn.io/v1beta1/BackupTarget" false -}}
+# {{- set $found "longhorn.io/v1beta1/BackupVolume" false -}}
+# {{- set $found "longhorn.io/v1beta1/Backup" false -}}
+# {{- set $found "longhorn.io/v1beta1/RecurringJob" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/values.yaml b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/values.yaml
new file mode 100644
index 000000000..8324ab10a
--- /dev/null
+++ b/charts/longhorn-1.2/longhorn/100.1.0+up1.2.2/values.yaml
@@ -0,0 +1,228 @@
+# Default values for longhorn.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+image:
+  longhorn:
+    engine:
+      repository: rancher/mirrored-longhornio-longhorn-engine
+      tag: v1.2.2
+    manager:
+      repository: rancher/mirrored-longhornio-longhorn-manager
+      tag: v1.2.2
+    ui:
+      repository: rancher/mirrored-longhornio-longhorn-ui
+      tag: v1.2.2
+    instanceManager:
+      repository: rancher/mirrored-longhornio-longhorn-instance-manager
+      tag: v1_20210731
+    shareManager:
+      repository: rancher/mirrored-longhornio-longhorn-share-manager
+      tag: v1_20210914
+    backingImageManager:
+      repository: rancher/mirrored-longhornio-backing-image-manager
+      tag: v2_20210820
+  csi:
+    attacher:
+      repository: rancher/mirrored-longhornio-csi-attacher
+      tag: v3.2.1
+    provisioner:
+      repository: rancher/mirrored-longhornio-csi-provisioner
+      tag: v2.1.2
+    nodeDriverRegistrar:
+      repository: rancher/mirrored-longhornio-csi-node-driver-registrar
+      tag: v2.3.0
+    resizer:
+      repository: rancher/mirrored-longhornio-csi-resizer
+      tag: v1.2.0
+    snapshotter:
+      repository: rancher/mirrored-longhornio-csi-snapshotter
+      tag: v3.0.3
+  pullPolicy: IfNotPresent
+
+service:
+  ui:
+    type: ClusterIP
+    nodePort: null
+  manager:
+    type: ClusterIP
+    nodePort: ""
+
+persistence:
+  defaultClass: true
+  defaultFsType: ext4
+  defaultClassReplicaCount: 3
+  reclaimPolicy: Delete
+  recurringJobSelector:
+    enable: false
+    jobList: []
+  backingImage:
+    enable: false
+    name: ~
+    dataSourceType: ~
+    dataSourceParameters: ~
+    expectedChecksum: ~
+
+csi:
+  kubeletRootDir: ~
+  attacherReplicaCount: ~
+  provisionerReplicaCount: ~
+  resizerReplicaCount: ~
+  snapshotterReplicaCount: ~
+
+defaultSettings:
+  backupTarget: ~
+  backupTargetCredentialSecret: ~
+  allowRecurringJobWhileVolumeDetached: ~
+  createDefaultDiskLabeledNodes: ~
+  defaultDataPath: ~
+  defaultDataLocality: ~
+  replicaSoftAntiAffinity: ~
+  replicaAutoBalance: ~
+  storageOverProvisioningPercentage: ~
+  storageMinimalAvailablePercentage: ~
+  upgradeChecker: ~
+  defaultReplicaCount: ~
+  defaultLonghornStaticStorageClass: ~
+  backupstorePollInterval: ~
+  taintToleration: ~
+  systemManagedComponentsNodeSelector: ~
+  priorityClass: ~
+  autoSalvage: ~
+  autoDeletePodWhenVolumeDetachedUnexpectedly: ~
+  disableSchedulingOnCordonedNode: ~
+  replicaZoneSoftAntiAffinity: ~
+  nodeDownPodDeletionPolicy: ~
+  allowNodeDrainWithLastHealthyReplica: ~
+  mkfsExt4Parameters: ~
+  disableReplicaRebuild: ~
+  replicaReplenishmentWaitInterval: ~
+  concurrentReplicaRebuildPerNodeLimit: ~
+  disableRevisionCounter: ~
+  systemManagedPodsImagePullPolicy: ~
+  allowVolumeCreationWithDegradedAvailability: ~
+  autoCleanupSystemGeneratedSnapshot: ~
+  concurrentAutomaticEngineUpgradePerNodeLimit: ~
+  backingImageCleanupWaitInterval: ~
+  backingImageRecoveryWaitInterval: ~
+  guaranteedEngineManagerCPU: ~
+  guaranteedReplicaManagerCPU: ~
+privateRegistry:
+  registryUrl: ~
+  registryUser: ~
+  registryPasswd: ~
+  registrySecret: ~
+
+longhornManager:
+  priorityClass: ~
+  tolerations: []
+  ## If you want to set tolerations for Longhorn Manager DaemonSet, delete the `[]` in the line above
+  ## and uncomment this example block
+  # - key: "key"
+  #   operator: "Equal"
+  #   value: "value"
+  #   effect: "NoSchedule"
+  nodeSelector: {}
+  ## If you want to set node selector for Longhorn Manager DaemonSet, delete the `{}` in the line above
+  ## and uncomment this example block
+  #  label-key1: "label-value1"
+  #  label-key2: "label-value2"
+
+longhornDriver:
+  priorityClass: ~
+  tolerations: []
+  ## If you want to set tolerations for Longhorn Driver Deployer Deployment, delete the `[]` in the line above
+  ## and uncomment this example block
+  # - key: "key"
+  #   operator: "Equal"
+  #   value: "value"
+  #   effect: "NoSchedule"
+  nodeSelector: {}
+  ## If you want to set node selector for Longhorn Driver Deployer Deployment, delete the `{}` in the line above
+  ## and uncomment this example block
+  #  label-key1: "label-value1"
+  #  label-key2: "label-value2"
+
+longhornUI:
+  priorityClass: ~
+  tolerations: []
+  ## If you want to set tolerations for Longhorn UI Deployment, delete the `[]` in the line above
+  ## and uncomment this example block
+  # - key: "key"
+  #   operator: "Equal"
+  #   value: "value"
+  #   effect: "NoSchedule"
+  nodeSelector: {}
+  ## If you want to set node selector for Longhorn UI Deployment, delete the `{}` in the line above
+  ## and uncomment this example block
+  #  label-key1: "label-value1"
+  #  label-key2: "label-value2"
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+  #
+
+ingress:
+  ## Set to true to enable ingress record generation
+  enabled: false
+
+  ## Add ingressClassName to the Ingress
+  ## Can replace the kubernetes.io/ingress.class annotation on v1.18+
+  ingressClassName: ~
+
+  host: xip.io
+
+  ## Set this to true in order to enable TLS on the ingress record
+  ## A side effect of this will be that the backend service will be connected at port 443
+  tls: false
+
+  ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS
+  tlsSecret: longhorn.local-tls
+
+  ## Ingress annotations done as key:value pairs
+  ## If you're using kube-lego, you will want to add:
+  ## kubernetes.io/tls-acme: true
+  ##
+  ## For a full list of possible ingress annotations, please see
+  ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md
+  ##
+  ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
+  annotations:
+  #  kubernetes.io/ingress.class: nginx
+  #  kubernetes.io/tls-acme: true
+
+  secrets:
+  ## If you're providing your own certificates, please use this to add the certificates as secrets
+  ## key and certificate should start with -----BEGIN CERTIFICATE----- or
+  ## -----BEGIN RSA PRIVATE KEY-----
+  ##
+  ## name should line up with a tlsSecret set further up
+  ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set
+  ##
+  ## It is also possible to create and manage the certificates outside of this helm chart
+  ## Please see README.md for more information
+  # - name: longhorn.local-tls
+  #   key:
+  #   certificate:
+
+# Configure a pod security policy in the Longhorn namespace to allow privileged pods
+enablePSP: true
+
+## Specify override namespace, specifically this is useful for using longhorn as sub-chart
+## and its release namespace is not the `longhorn-system`
+namespaceOverride: ""
+
+# Annotations to add to the Longhorn Manager DaemonSet Pods. Optional.
+annotations: {}
diff --git a/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.1+up1.0.2/Chart.yaml b/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.1+up1.0.2/Chart.yaml
new file mode 100644
index 000000000..97b556483
--- /dev/null
+++ b/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.1+up1.0.2/Chart.yaml
@@ -0,0 +1,11 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/release-name: rancher-aks-operator-crd
+apiVersion: v2
+appVersion: 1.0.2
+description: AKS Operator CustomResourceDefinitions
+name: rancher-aks-operator-crd
+version: 100.0.1+up1.0.2
diff --git a/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.1+up1.0.2/templates/crds.yaml b/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.1+up1.0.2/templates/crds.yaml
new file mode 100644
index 000000000..002a459bd
--- /dev/null
+++ b/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.1+up1.0.2/templates/crds.yaml
@@ -0,0 +1,178 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    helm.sh/resource-policy: keep
+  name: aksclusterconfigs.aks.cattle.io
+spec:
+  group: aks.cattle.io
+  names:
+    kind: AKSClusterConfig
+    plural: aksclusterconfigs
+    shortNames:
+    - akscc
+    singular: aksclusterconfig
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              authBaseUrl:
+                nullable: true
+                type: string
+              authorizedIpRanges:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+              azureCredentialSecret:
+                nullable: true
+                type: string
+              baseUrl:
+                nullable: true
+                type: string
+              clusterName:
+                nullable: true
+                type: string
+              dnsPrefix:
+                nullable: true
+                type: string
+              dnsServiceIp:
+                nullable: true
+                type: string
+              dockerBridgeCidr:
+                nullable: true
+                type: string
+              httpApplicationRouting:
+                nullable: true
+                type: boolean
+              imported:
+                type: boolean
+              kubernetesVersion:
+                nullable: true
+                type: string
+              linuxAdminUsername:
+                nullable: true
+                type: string
+              loadBalancerSku:
+                nullable: true
+                type: string
+              logAnalyticsWorkspaceGroup:
+                nullable: true
+                type: string
+              logAnalyticsWorkspaceName:
+                nullable: true
+                type: string
+              monitoring:
+                nullable: true
+                type: boolean
+              networkPlugin:
+                nullable: true
+                type: string
+              networkPolicy:
+                nullable: true
+                type: string
+              nodePools:
+                items:
+                  properties:
+                    availabilityZones:
+                      items:
+                        nullable: true
+                        type: string
+                      nullable: true
+                      type: array
+                    count:
+                      nullable: true
+                      type: integer
+                    enableAutoScaling:
+                      nullable: true
+                      type: boolean
+                    maxCount:
+                      nullable: true
+                      type: integer
+                    maxPods:
+                      nullable: true
+                      type: integer
+                    minCount:
+                      nullable: true
+                      type: integer
+                    mode:
+                      nullable: true
+                      type: string
+                    name:
+                      nullable: true
+                      type: string
+                    orchestratorVersion:
+                      nullable: true
+                      type: string
+                    osDiskSizeGB:
+                      nullable: true
+                      type: integer
+                    osDiskType:
+                      nullable: true
+                      type: string
+                    osType:
+                      nullable: true
+                      type: string
+                    vmSize:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              podCidr:
+                nullable: true
+                type: string
+              privateCluster:
+                nullable: true
+                type: boolean
+              resourceGroup:
+                nullable: true
+                type: string
+              resourceLocation:
+                nullable: true
+                type: string
+              serviceCidr:
+                nullable: true
+                type: string
+              sshPublicKey:
+                nullable: true
+                type: string
+              subnet:
+                nullable: true
+                type: string
+              tags:
+                additionalProperties:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: object
+              virtualNetwork:
+                nullable: true
+                type: string
+              virtualNetworkResourceGroup:
+                nullable: true
+                type: string
+            type: object
+          status:
+            properties:
+              failureMessage:
+                nullable: true
+                type: string
+              phase:
+                nullable: true
+                type: string
+              rbacEnabled:
+                nullable: true
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/Chart.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/Chart.yaml
new file mode 100644
index 000000000..f4019845f
--- /dev/null
+++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/Chart.yaml
@@ -0,0 +1,18 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-aks-operator-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: aksclusterconfigs.aks.cattle.io/v1
+  catalog.cattle.io/rancher-version: '>= 2.6.0-alpha'
+  catalog.cattle.io/release-name: rancher-aks-operator
+  catalog.cattle.io/scope: management
+apiVersion: v2
+appVersion: 1.0.2
+description: A Helm chart for provisioning AKS clusters
+home: https://github.com/rancher/aks-operator
+name: rancher-aks-operator
+sources:
+- https://github.com/rancher/aks-operator
+version: 100.0.1+up1.0.2
diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/NOTES.txt b/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/NOTES.txt
new file mode 100644
index 000000000..5ba05b482
--- /dev/null
+++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/NOTES.txt
@@ -0,0 +1,4 @@
+You have deployed the Rancher AKS operator
+Version: {{ .Chart.AppVersion }}
+Description: This operator provisions AKS clusters
+from AKSClusterConfig CRs.
diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/_helpers.tpl b/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/_helpers.tpl
new file mode 100644
index 000000000..be11b4a66
--- /dev/null
+++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/_helpers.tpl
@@ -0,0 +1,9 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/clusterrole.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/clusterrole.yaml
new file mode 100644
index 000000000..5e2ce9756
--- /dev/null
+++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/clusterrole.yaml
@@ -0,0 +1,15 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: aks-operator
+  namespace: cattle-system
+rules:
+  - apiGroups: ['']
+    resources: ['secrets']
+    verbs: ['get', 'list', 'create', 'watch', 'update']
+  - apiGroups: ['aks.cattle.io']
+    resources: ['aksclusterconfigs']
+    verbs: ['get', 'list', 'update', 'watch']
+  - apiGroups: ['aks.cattle.io']
+    resources: ['aksclusterconfigs/status']
+    verbs: ['update']
diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/clusterrolebinding.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..7aa7e785a
--- /dev/null
+++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name:  aks-operator
+  namespace: cattle-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: aks-operator
+subjects:
+- kind: ServiceAccount
+  name: aks-operator
+  namespace: cattle-system
diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/deployment.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/deployment.yaml
new file mode 100644
index 000000000..9e3dcd21c
--- /dev/null
+++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: aks-config-operator
+  namespace: cattle-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      ke.cattle.io/operator: aks
+  template:
+    metadata:
+      labels:
+        ke.cattle.io/operator: aks
+    spec:
+      serviceAccountName: aks-operator
+      securityContext:
+        fsGroup: 1007
+        runAsUser: 1007
+      containers:
+      - name: aks-operator
+        image: {{ template "system_default_registry" . }}{{ .Values.aksOperator.image.repository }}:{{ .Values.aksOperator.image.tag }}
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: HTTP_PROXY
+          value: {{ .Values.httpProxy }}
+        - name: HTTPS_PROXY
+          value: {{ .Values.httpsProxy }}
+        - name: NO_PROXY
+          value: {{ .Values.noProxy }}
+{{- if .Values.additionalTrustedCAs }}
+        # aks-operator mounts the additional CAs in two places:
+        volumeMounts:
+            # This directory is owned by the aks-operator user so c_rehash works here.
+          - mountPath: /etc/rancher/ssl/ca-additional.pem
+            name: tls-ca-additional-volume
+            subPath: ca-additional.pem
+            readOnly: true
+            # This directory is root-owned so c_rehash doesn't work here,
+            # but the cert is here in case update-ca-certificates is called in the future or by the OS.
+          - mountPath: /etc/pki/trust/anchors/ca-additional.pem
+            name: tls-ca-additional-volume
+            subPath: ca-additional.pem
+            readOnly: true
+      volumes:
+        - name: tls-ca-additional-volume
+          secret:
+            defaultMode: 0400
+            secretName: tls-ca-additional
+  {{- end }}
diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/serviceaccount.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/serviceaccount.yaml
new file mode 100644
index 000000000..9c40a152f
--- /dev/null
+++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: cattle-system
+  name: aks-operator
diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/values.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/values.yaml
new file mode 100644
index 000000000..580846525
--- /dev/null
+++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.1+up1.0.2/values.yaml
@@ -0,0 +1,12 @@
+global:
+  systemDefaultRegistry: ""
+
+aksOperator:
+  image:
+    repository: rancher/aks-operator
+    tag: v1.0.2
+
+httpProxy: ""
+httpsProxy: ""
+noProxy: ""
+additionalTrustedCAs: false
diff --git a/charts/rancher-backup-crd/rancher-backup-crd/2.0.1/Chart.yaml b/charts/rancher-backup-crd/rancher-backup-crd/2.0.1/Chart.yaml
new file mode 100644
index 000000000..4c4a470ae
--- /dev/null
+++ b/charts/rancher-backup-crd/rancher-backup-crd/2.0.1/Chart.yaml
@@ -0,0 +1,11 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-resources-system
+  catalog.cattle.io/release-name: rancher-backup-crd
+apiVersion: v2
+appVersion: 2.0.1
+description: Installs the CRDs for rancher-backup.
+name: rancher-backup-crd
+type: application
+version: 2.0.1
diff --git a/charts/rancher-backup-crd/rancher-backup-crd/2.0.1/README.md b/charts/rancher-backup-crd/rancher-backup-crd/2.0.1/README.md
new file mode 100644
index 000000000..046410962
--- /dev/null
+++ b/charts/rancher-backup-crd/rancher-backup-crd/2.0.1/README.md
@@ -0,0 +1,3 @@
+# Rancher Backup CRD
+
+A Rancher chart that installs the CRDs used by `rancher-backup`.
diff --git a/charts/rancher-backup-crd/rancher-backup-crd/2.0.1/templates/backup.yaml b/charts/rancher-backup-crd/rancher-backup-crd/2.0.1/templates/backup.yaml
new file mode 100644
index 000000000..a4b9471c0
--- /dev/null
+++ b/charts/rancher-backup-crd/rancher-backup-crd/2.0.1/templates/backup.yaml
@@ -0,0 +1,119 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: backups.resources.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.storageLocation
+    name: Location
+    type: string
+  - JSONPath: .status.backupType
+    name: Type
+    type: string
+  - JSONPath: .status.filename
+    name: Latest-Backup
+    type: string
+  - JSONPath: .spec.resourceSetName
+    name: ResourceSet
+    type: string
+  - JSONPath: .metadata.creationTimestamp
+    name: Age
+    type: date
+  - JSONPath: .status.conditions[?(@.type=="Ready")].message
+    name: Status
+    type: string
+  group: resources.cattle.io
+  names:
+    kind: Backup
+    plural: backups
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            encryptionConfigSecretName:
+              description: Name of the Secret containing the encryption config
+              type: string
+            resourceSetName:
+              description: Name of the ResourceSet CR to use for backup
+              type: string
+            retentionCount:
+              minimum: 1
+              type: integer
+            schedule:
+              description: Cron schedule for recurring backups
+              example:
+                Descriptors: '@midnight'
+                Standard crontab specs: 0 0 * * *
+              type: string
+            storageLocation:
+              nullable: true
+              properties:
+                s3:
+                  nullable: true
+                  properties:
+                    bucketName:
+                      type: string
+                    credentialSecretName:
+                      type: string
+                    credentialSecretNamespace:
+                      type: string
+                    endpoint:
+                      type: string
+                    endpointCA:
+                      type: string
+                    folder:
+                      type: string
+                    insecureTLSSkipVerify:
+                      type: boolean
+                    region:
+                      type: string
+                  type: object
+              type: object
+          required:
+          - resourceSetName
+          type: object
+        status:
+          properties:
+            backupType:
+              type: string
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    type: string
+                  lastUpdateTime:
+                    type: string
+                  message:
+                    type: string
+                  reason:
+                    type: string
+                  status:
+                    type: string
+                  type:
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            filename:
+              type: string
+            lastSnapshotTs:
+              type: string
+            nextSnapshotAt:
+              type: string
+            observedGeneration:
+              type: integer
+            storageLocation:
+              type: string
+            summary:
+              type: string
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-backup-crd/rancher-backup-crd/2.0.1/templates/resourceset.yaml b/charts/rancher-backup-crd/rancher-backup-crd/2.0.1/templates/resourceset.yaml
new file mode 100644
index 000000000..d97fbae48
--- /dev/null
+++ b/charts/rancher-backup-crd/rancher-backup-crd/2.0.1/templates/resourceset.yaml
@@ -0,0 +1,99 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: resourcesets.resources.cattle.io
+spec:
+  group: resources.cattle.io
+  names:
+    kind: ResourceSet
+    plural: resourcesets
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        controllerReferences:
+          items:
+            properties:
+              apiVersion:
+                type: string
+              name:
+                type: string
+              namespace:
+                type: string
+              replicas:
+                type: integer
+              resource:
+                type: string
+            type: object
+          nullable: true
+          type: array
+        resourceSelectors:
+          items:
+            properties:
+              apiVersion:
+                type: string
+              excludeKinds:
+                items:
+                  type: string
+                nullable: true
+                type: array
+              kinds:
+                items:
+                  type: string
+                nullable: true
+                type: array
+              kindsRegexp:
+                type: string
+              labelSelectors:
+                nullable: true
+                properties:
+                  matchExpressions:
+                    items:
+                      properties:
+                        key:
+                          type: string
+                        operator:
+                          type: string
+                        values:
+                          items:
+                            type: string
+                          nullable: true
+                          type: array
+                      type: object
+                    nullable: true
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    nullable: true
+                    type: object
+                type: object
+              namespaceRegexp:
+                type: string
+              namespaces:
+                items:
+                  type: string
+                nullable: true
+                type: array
+              resourceNameRegexp:
+                type: string
+              resourceNames:
+                items:
+                  type: string
+                nullable: true
+                type: array
+            type: object
+          nullable: true
+          required:
+          - apiVersion
+          type: array
+      required:
+      - resourceSelectors
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-backup-crd/rancher-backup-crd/2.0.1/templates/restore.yaml b/charts/rancher-backup-crd/rancher-backup-crd/2.0.1/templates/restore.yaml
new file mode 100644
index 000000000..335f44c11
--- /dev/null
+++ b/charts/rancher-backup-crd/rancher-backup-crd/2.0.1/templates/restore.yaml
@@ -0,0 +1,104 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: restores.resources.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.backupSource
+    name: Backup-Source
+    type: string
+  - JSONPath: .spec.backupFilename
+    name: Backup-File
+    type: string
+  - JSONPath: .metadata.creationTimestamp
+    name: Age
+    type: date
+  - JSONPath: .status.conditions[?(@.type=="Ready")].message
+    name: Status
+    type: string
+  group: resources.cattle.io
+  names:
+    kind: Restore
+    plural: restores
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            backupFilename:
+              type: string
+            deleteTimeoutSeconds:
+              maximum: 10
+              type: integer
+            encryptionConfigSecretName:
+              type: string
+            ignoreErrors:
+              type: boolean
+            prune:
+              nullable: true
+              type: boolean
+            storageLocation:
+              nullable: true
+              properties:
+                s3:
+                  nullable: true
+                  properties:
+                    bucketName:
+                      type: string
+                    credentialSecretName:
+                      type: string
+                    credentialSecretNamespace:
+                      type: string
+                    endpoint:
+                      type: string
+                    endpointCA:
+                      type: string
+                    folder:
+                      type: string
+                    insecureTLSSkipVerify:
+                      type: boolean
+                    region:
+                      type: string
+                  type: object
+              type: object
+          required:
+          - backupFilename
+          type: object
+        status:
+          properties:
+            backupSource:
+              type: string
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    type: string
+                  lastUpdateTime:
+                    type: string
+                  message:
+                    type: string
+                  reason:
+                    type: string
+                  status:
+                    type: string
+                  type:
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            observedGeneration:
+              type: integer
+            restoreCompletionTs:
+              type: string
+            summary:
+              type: string
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/Chart.yaml b/charts/rancher-backup/rancher-backup/2.0.1/Chart.yaml
new file mode 100644
index 000000000..bdb358eda
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/Chart.yaml
@@ -0,0 +1,22 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-backup-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Rancher Backups
+  catalog.cattle.io/namespace: cattle-resources-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1
+  catalog.cattle.io/rancher-version: '>=2.6.0-0'
+  catalog.cattle.io/release-name: rancher-backup
+  catalog.cattle.io/scope: management
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/ui-component: rancher-backup
+apiVersion: v2
+appVersion: 2.0.1
+description: Provides ability to back up and restore the Rancher application running
+  on any Kubernetes cluster
+icon: https://charts.rancher.io/assets/logos/backup-restore.svg
+keywords:
+- applications
+- infrastructure
+name: rancher-backup
+version: 2.0.1
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/README.md b/charts/rancher-backup/rancher-backup/2.0.1/README.md
new file mode 100644
index 000000000..8d645b479
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/README.md
@@ -0,0 +1,70 @@
+# Rancher Backup
+
+This chart provides ability to back up and restore the Rancher application running on any Kubernetes cluster.
+
+Refer [this](https://github.com/rancher/backup-restore-operator) repository for implementation details.
+
+-----
+
+### Get Repo Info
+```bash
+helm repo add rancher-chart https://charts.rancher.io
+helm repo update
+```
+
+-----
+
+### Install Chart
+```bash
+helm install rancher-backup-crd rancher-chart/rancher-backup-crd -n cattle-resources-system --create-namespace
+helm install rancher-backup rancher-chart/rancher-backup -n cattle-resources-system
+```
+
+-----
+
+### Configuration
+The following table lists the configurable parameters of the rancher-backup chart and their default values:
+
+| Parameter   |      Description      |  Default |
+|----------|---------------|-------|
+| image.repository |  Container image repository | rancher/backup-restore-operator |
+| image.tag |    Container image tag  |   v0.1.0-rc1 |
+| s3.enabled | Configure S3 compatible default storage location. Current version supports S3 and MinIO |    false |
+| s3.credentialSecretName | Name of the Secret containing S3 credentials. This is an optional field. Skip this field in order to use IAM Role authentication. The Secret must contain following two keys, `accessKey` and `secretKey` |    "" |
+| s3.credentialSecretNamespace | Namespace of the Secret containing S3 credentials. This can be any namespace. |    "" |
+| s3.region | Region of the S3 Bucket (Required for S3, not valid for MinIO) |    "" |
+| s3.bucketName | Name of the Bucket |    "" |
+| s3.folder | Base folder within the Bucket (optional) |    "" |
+| s3.endpoint | Endpoint for the S3 storage provider |   "" |
+| s3.endpointCA | Base64 encoded CA cert for the S3 storage provider (optional) | "" |
+| s3.insecureTLSSkipVerify |  Skip SSL verification | false |
+| persistence.enabled |  Configure a Persistent Volume as the default storage location. It accepts either a StorageClass name to create a PVC, or directly accepts the PV to use. The Persistent Volume is mounted at `/var/lib/backups` in the operator pod | false |
+| persistence.storageClass |  StorageClass to use for dynamically provisioning the Persistent Volume, which will be used for storing backups | "" |
+| persistence.volumeName |  Persistent Volume to use for storing backups | "" |
+| persistence.size |  Requested size of the Persistent Volume (Applicable when using dynamic provisioning) | "" |
+| nodeSelector | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | {} |
+| tolerations | https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration | [] |
+| affinity | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | {} |
+| serviceAccount.annotations | Annotations to apply to created service account | {} |
+
+-----
+
+### CRDs
+
+Refer [this](https://github.com/rancher/backup-restore-operator#crds) section for information on CRDs that this chart installs. Also refer [this](https://github.com/rancher/backup-restore-operator/tree/master/examples) folder containing sample manifests for the CRDs.
+
+-----
+### Upgrading Chart
+```bash
+helm upgrade rancher-backup-crd -n cattle-resources-system
+helm upgrade rancher-backup -n cattle-resources-system
+```
+
+-----
+### Uninstall Chart
+
+```bash
+helm uninstall rancher-backup -n cattle-resources-system
+helm uninstall rancher-backup-crd -n cattle-resources-system
+```
+
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/app-readme.md b/charts/rancher-backup/rancher-backup/2.0.1/app-readme.md
new file mode 100644
index 000000000..15a021cdb
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/app-readme.md
@@ -0,0 +1,15 @@
+# Rancher Backup
+
+This chart enables ability to capture backups of the Rancher application and restore from these backups. This chart can be used to migrate Rancher from one Kubernetes cluster to a different Kubernetes cluster.
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/backups/v2.5/).
+
+This chart installs the following components:
+
+- [backup-restore-operator](https://github.com/rancher/backup-restore-operator)
+  - The operator handles backing up all Kubernetes resources and CRDs that Rancher creates and manages from the local cluster. It gathers these resources by querying the Kubernetes API server, packages all the resources to create a tarball file and saves it in the configured backup storage location.
+  - The operator can be configured to store backups in S3-compatible object stores such as AWS S3 and MinIO, and in persistent volumes. During deployment, you can create a default storage location, but there is always the option to override the default storage location with each backup, but will be limited to using an S3-compatible object store.
+  - It preserves the ownerReferences on all resources, hence maintaining dependencies between objects.
+  - This operator provides encryption support, to encrypt user specified resources before saving them in the backup file. It uses the same encryption configuration that is used to enable [Kubernetes Encryption at Rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/).
+- Backup - A backup is a CRD (`Backup`) that defines when to take backups, where to store the backup and what encryption to use (optional). Backups can be taken ad hoc or scheduled to be taken in intervals.
+- Restore - A restore is a CRD (`Restore`) that defines which backup to use to restore the Rancher application to.
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/aks.yaml b/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/aks.yaml
new file mode 100644
index 000000000..de8ec1b8a
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/aks.yaml
@@ -0,0 +1,25 @@
+- apiVersion: "apiextensions.k8s.io/v1beta1"
+  kindsRegexp: "."
+  resourceNameRegexp: "aks.cattle.io$"
+- apiVersion: "aks.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "apps/v1"
+  kindsRegexp: "^deployments$"
+  namespaces:
+    - "cattle-system"
+  resourceNames:
+    - "aks-config-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterroles$"
+  resourceNames:
+    - "aks-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterrolebindings$"
+  resourceNames:
+    - "aks-operator"
+- apiVersion: "v1"
+  kindsRegexp: "^serviceaccounts$"
+  namespaces:
+    - "cattle-system"
+  resourceNames:
+  - "aks-operator"
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/eks.yaml b/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/eks.yaml
new file mode 100644
index 000000000..59f47ce47
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/eks.yaml
@@ -0,0 +1,17 @@
+- apiVersion: "eks.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "apps/v1"
+  kindsRegexp: "^deployments$"
+  resourceNames:
+    - "eks-config-operator"
+- apiVersion: "apiextensions.k8s.io/v1beta1"
+  kindsRegexp: "."
+  resourceNameRegexp: "eks.cattle.io$"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterroles$"
+  resourceNames:
+    - "eks-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterrolebindings$"
+  resourceNames:
+    - "eks-operator"
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/fleet.yaml b/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/fleet.yaml
new file mode 100644
index 000000000..68b0dfadb
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/fleet.yaml
@@ -0,0 +1,49 @@
+- apiVersion: "v1"
+  kindsRegexp: "^namespaces$"
+  resourceNameRegexp: "^fleet-|^cluster-fleet-"
+- apiVersion: "v1"
+  kindsRegexp: "^secrets$"
+  namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
+  labelSelectors:
+    matchExpressions:
+      - key: "owner"
+        operator: "NotIn"
+        values: ["helm"]
+      - key: "fleet.cattle.io/managed"
+        operator: "In"
+        values: ["true"]
+- apiVersion: "v1"
+  kindsRegexp: "^serviceaccounts$"
+  namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
+- apiVersion: "v1"
+  kindsRegexp: "^configmaps$"
+  namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^roles$|^rolebindings$"
+  namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterrolebindings$"
+  resourceNameRegexp: "^fleet-|^gitjob-"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterroles$"
+  resourceNameRegexp: "^fleet-"
+  resourceNames:
+    - "gitjob"
+- apiVersion: "apiextensions.k8s.io/v1beta1"
+  kindsRegexp: "."
+  resourceNameRegexp: "fleet.cattle.io$|gitjob.cattle.io$"
+- apiVersion: "fleet.cattle.io/v1alpha1"
+  kindsRegexp: "."
+- apiVersion: "gitjob.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "apps/v1"
+  kindsRegexp: "^deployments$"
+  namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
+  resourceNameRegexp: "^fleet-"
+  resourceNames:
+    - "gitjob"
+- apiVersion: "apps/v1"
+  kindsRegexp: "^services$"
+  namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
+  resourceNames:
+    - "gitjob"
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/gke.yaml b/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/gke.yaml
new file mode 100644
index 000000000..a77019235
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/gke.yaml
@@ -0,0 +1,17 @@
+- apiVersion: "apiextensions.k8s.io/v1beta1"
+  kindsRegexp: "."
+  resourceNameRegexp: "gke.cattle.io$"
+- apiVersion: "gke.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "apps/v1"
+  kindsRegexp: "^deployments$"
+  resourceNames:
+    - "gke-config-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterroles$"
+  resourceNames:
+    - "gke-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterrolebindings$"
+  resourceNames:
+    - "gke-operator"
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/provisioningv2.yaml b/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/provisioningv2.yaml
new file mode 100644
index 000000000..a881eb381
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/provisioningv2.yaml
@@ -0,0 +1,18 @@
+- apiVersion: "apiextensions.k8s.io/v1"
+  kindsRegexp: "."
+  resourceNameRegexp: "provisioning.cattle.io$|rke-machine-config.cattle.io$|rke-machine.cattle.io$|rke.cattle.io$|cluster.x-k8s.io$"
+- apiVersion: "provisioning.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "rke-machine-config.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "rke-machine.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "rke.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "cluster.x-k8s.io/v1alpha4"
+  kindsRegexp: "."
+- apiVersion: "v1"
+  kindsRegexp: "^secrets$"
+  resourceNameRegexp: "machine-plan$|rke-state$|machine-state$|machine-driver-secret$|machine-provision$"
+  namespaces:
+  - "fleet-default"
\ No newline at end of file
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/rancher-operator.yaml b/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/rancher-operator.yaml
new file mode 100644
index 000000000..3518fb5b7
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/rancher-operator.yaml
@@ -0,0 +1,27 @@
+- apiVersion: "rancher.cattle.io/v1"
+  kindsRegexp: "."
+- apiVersion: "apps/v1"
+  kindsRegexp: "^deployments$"
+  resourceNames:
+    - "rancher-operator"
+  namespaces:
+    - "rancher-operator-system"
+- apiVersion: "v1"
+  kindsRegexp: "^serviceaccounts$"
+  namespaces:
+    - "rancher-operator-system"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterrolebindings$"
+  resourceNames:
+    - "rancher-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterroles$"
+  resourceNames:
+    - "rancher-operator"
+- apiVersion: "apiextensions.k8s.io/v1beta1"
+  kindsRegexp: "."
+  resourceNameRegexp: "rancher.cattle.io$"
+- apiVersion: "v1"
+  kindsRegexp: "^namespaces$"
+  resourceNames:
+    - "rancher-operator-system"
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/rancher.yaml b/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/rancher.yaml
new file mode 100644
index 000000000..521ff8473
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/files/default-resourceset-contents/rancher.yaml
@@ -0,0 +1,49 @@
+- apiVersion: "v1"
+  kindsRegexp: "^namespaces$"
+  resourceNameRegexp: "^cattle-|^p-|^c-|^user-|^u-"
+  resourceNames:
+    - "local"
+- apiVersion: "v1"
+  kindsRegexp: "^secrets$"
+  namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-"
+  labelSelectors:
+    matchExpressions:
+      - key: "owner"
+        operator: "NotIn"
+        values: ["helm"]
+- apiVersion: "v1"
+  kindsRegexp: "^serviceaccounts$"
+  namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-"
+- apiVersion: "v1"
+  kindsRegexp: "^configmaps$"
+  namespaces:
+    - "cattle-system"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^roles$|^rolebindings$"
+  namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterrolebindings$"
+  resourceNameRegexp: "^cattle-|^clusterrolebinding-|^globaladmin-user-|^grb-u-|^crb-"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+  kindsRegexp: "^clusterroles$"
+  resourceNameRegexp: "^cattle-|^p-|^c-|^local-|^user-|^u-|^project-|^create-ns$"
+- apiVersion: "apiextensions.k8s.io/v1beta1"
+  kindsRegexp: "."
+  resourceNameRegexp: "management.cattle.io$|project.cattle.io$|catalog.cattle.io$|resources.cattle.io$"
+- apiVersion: "management.cattle.io/v3"
+  kindsRegexp: "."
+  excludeKinds:
+    - "tokens"
+- apiVersion: "management.cattle.io/v3"
+  kindsRegexp: "^tokens$"
+  labelSelectors:
+    matchExpressions:
+      - key: "authn.management.cattle.io/kind"
+        operator: "NotIn"
+        values: [ "provisioning" ]
+- apiVersion: "project.cattle.io/v3"
+  kindsRegexp: "."
+- apiVersion: "catalog.cattle.io/v1"
+  kindsRegexp: "^clusterrepos$"
+- apiVersion: "resources.cattle.io/v1"
+  kindsRegexp: "^ResourceSet$"
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/templates/_helpers.tpl b/charts/rancher-backup/rancher-backup/2.0.1/templates/_helpers.tpl
new file mode 100644
index 000000000..0f2218ab5
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/templates/_helpers.tpl
@@ -0,0 +1,83 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes, 
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+beta.kubernetes.io/os: linux
+{{- else -}}
+kubernetes.io/os: linux
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "backupRestore.fullname" -}}
+{{- .Chart.Name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "backupRestore.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "backupRestore.labels" -}}
+helm.sh/chart: {{ include "backupRestore.chart" . }}
+{{ include "backupRestore.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "backupRestore.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "backupRestore.fullname" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+resources.cattle.io/operator: backup-restore
+{{- end }}
+
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "backupRestore.serviceAccountName" -}}
+{{ include "backupRestore.fullname" . }}
+{{- end }}
+
+
+{{- define "backupRestore.s3SecretName" -}}
+{{- printf "%s-%s" .Chart.Name "s3" | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create PVC name using release and revision number.
+*/}}
+{{- define "backupRestore.pvcName" -}}
+{{- printf "%s-%d" .Release.Name .Release.Revision }}
+{{- end }}
+
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/templates/clusterrolebinding.yaml b/charts/rancher-backup/rancher-backup/2.0.1/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..cf4abf670
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/templates/clusterrolebinding.yaml
@@ -0,0 +1,14 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "backupRestore.fullname" . }}
+  labels:
+    {{- include "backupRestore.labels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "backupRestore.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/templates/deployment.yaml b/charts/rancher-backup/rancher-backup/2.0.1/templates/deployment.yaml
new file mode 100644
index 000000000..a9127f6ec
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/templates/deployment.yaml
@@ -0,0 +1,62 @@
+{{- if and .Values.s3.enabled .Values.persistence.enabled }}
+{{- fail "\n\nCannot configure both s3 and PV for storing backups" }}
+{{- end }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "backupRestore.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "backupRestore.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "backupRestore.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "backupRestore.selectorLabels" . | nindent 8 }}
+      annotations:
+        checksum/s3: {{ include (print $.Template.BasePath "/s3-secret.yaml") . | sha256sum }}
+        checksum/pvc: {{ include (print $.Template.BasePath "/pvc.yaml") . | sha256sum }}
+    spec:
+      serviceAccountName: {{ include "backupRestore.serviceAccountName" . }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName }}
+      {{- end }}
+      containers:
+      - name: {{ .Chart.Name }}
+        image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+        imagePullPolicy: Always
+        env:
+        - name: CHART_NAMESPACE
+          value: {{ .Release.Namespace }}
+          {{- if .Values.s3.enabled }}
+        - name: DEFAULT_S3_BACKUP_STORAGE_LOCATION
+          value: {{ include "backupRestore.s3SecretName" . }}
+          {{- end }}
+          {{- if .Values.persistence.enabled }}
+        - name: DEFAULT_PERSISTENCE_ENABLED
+          value: "persistence-enabled"
+        volumeMounts:
+        - mountPath: "/var/lib/backups"
+          name: pv-storage
+      volumes:
+        - name: pv-storage
+          persistentVolumeClaim:
+            claimName: {{ include "backupRestore.pvcName" . }}
+          {{- end }} 
+      nodeSelector:
+        kubernetes.io/os: linux
+      {{- with .Values.nodeSelector }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      tolerations:
+      {{- include "linux-node-tolerations" . | nindent 8}}
+      {{- with .Values.tolerations }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/templates/hardened.yaml b/charts/rancher-backup/rancher-backup/2.0.1/templates/hardened.yaml
new file mode 100644
index 000000000..97fca2be0
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/templates/hardened.yaml
@@ -0,0 +1,114 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "backupRestore.fullname" . }}-patch-sa
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "backupRestore.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  backoffLimit: 1
+  template:
+    spec:
+      serviceAccountName: {{ include "backupRestore.fullname" . }}-patch-sa
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+      restartPolicy: Never
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+      containers:
+        - name: {{ include "backupRestore.fullname" . }}-patch-sa
+          image: {{ include "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}
+          imagePullPolicy: IfNotPresent
+          command: ["kubectl", "-n", {{ .Release.Namespace | quote }}, "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "backupRestore.fullname" . }}-patch-sa
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "backupRestore.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "backupRestore.fullname" . }}-patch-sa
+  labels: {{ include "backupRestore.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+rules:
+  - apiGroups: [""]
+    resources: ["serviceaccounts"]
+    verbs: ["get", "patch"]
+  - apiGroups: ["policy"]
+    resources: ["podsecuritypolicies"]
+    verbs:     ["use"]
+    resourceNames:
+      - {{ include "backupRestore.fullname" . }}-patch-sa
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "backupRestore.fullname" . }}-patch-sa
+  labels: {{ include "backupRestore.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "backupRestore.fullname" . }}-patch-sa
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "backupRestore.fullname" . }}-patch-sa
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ include "backupRestore.fullname" . }}-patch-sa
+  labels: {{ include "backupRestore.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  privileged: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  volumes:
+    - 'secret'
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "backupRestore.fullname" . }}-default-allow-all
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector: {}
+  egress:
+    - {}
+  policyTypes:
+    - Ingress
+    - Egress
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/templates/psp.yaml b/charts/rancher-backup/rancher-backup/2.0.1/templates/psp.yaml
new file mode 100644
index 000000000..a756eef2d
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/templates/psp.yaml
@@ -0,0 +1,29 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ include "backupRestore.fullname" . }}-psp
+  labels: {{ include "backupRestore.labels" . | nindent 4 }}
+spec:
+  privileged: false
+  allowPrivilegeEscalation: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  volumes:
+    - 'persistentVolumeClaim'
+    - 'secret'
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/templates/pvc.yaml b/charts/rancher-backup/rancher-backup/2.0.1/templates/pvc.yaml
new file mode 100644
index 000000000..ff57e4dab
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/templates/pvc.yaml
@@ -0,0 +1,27 @@
+{{- if and .Values.persistence.enabled -}}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "backupRestore.pvcName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "backupRestore.labels" . | nindent 4 }}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+     {{- with .Values.persistence }}
+    requests:
+      storage: {{ .size | quote }}
+{{- if .storageClass }}
+{{- if (eq "-" .storageClass) }}
+  storageClassName: ""
+{{- else }}
+  storageClassName: {{ .storageClass | quote }}
+{{- end }}
+{{- end }}
+{{- if .volumeName }}
+  volumeName: {{ .volumeName | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/templates/rancher-resourceset.yaml b/charts/rancher-backup/rancher-backup/2.0.1/templates/rancher-resourceset.yaml
new file mode 100644
index 000000000..05add8824
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/templates/rancher-resourceset.yaml
@@ -0,0 +1,13 @@
+apiVersion: resources.cattle.io/v1
+kind: ResourceSet
+metadata:
+  name: rancher-resource-set
+controllerReferences:
+  - apiVersion: "apps/v1"
+    resource: "deployments"
+    name: "rancher"
+    namespace: "cattle-system"
+resourceSelectors:
+{{- range $path, $_ := .Files.Glob "files/default-resourceset-contents/*.yaml" -}}
+  {{- $.Files.Get $path | nindent 2 -}}
+{{- end -}}
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/templates/s3-secret.yaml b/charts/rancher-backup/rancher-backup/2.0.1/templates/s3-secret.yaml
new file mode 100644
index 000000000..726509730
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/templates/s3-secret.yaml
@@ -0,0 +1,31 @@
+{{- if .Values.s3.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "backupRestore.s3SecretName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "backupRestore.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  {{- with .Values.s3 }}
+  {{- if .credentialSecretName }}
+  credentialSecretName: {{ .credentialSecretName }} 
+  credentialSecretNamespace: {{ required "When providing a Secret containing S3 credentials, a valid .Values.credentialSecretNamespace must be provided" .credentialSecretNamespace }}
+  {{- end }}
+  {{- if .region }}
+  region: {{ .region | quote }}
+  {{- end }}
+  bucketName: {{ required "A valid .Values.bucketName is required for configuring S3 compatible storage as the default backup storage location" .bucketName | quote }}
+  {{- if .folder }}
+  folder: {{ .folder | quote }}
+  {{- end }}
+  endpoint: {{ required "A valid .Values.endpoint is required for configuring S3 compatible storage as the default backup storage location" .endpoint | quote }}
+  {{- if .endpointCA }} 
+  endpointCA: {{ .endpointCA }} 
+  {{- end }}
+  {{- if .insecureTLSSkipVerify }}
+  insecureTLSSkipVerify: {{ .insecureTLSSkipVerify | quote }}
+  {{- end }}
+  {{- end }}
+{{ end }}
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/templates/serviceaccount.yaml b/charts/rancher-backup/rancher-backup/2.0.1/templates/serviceaccount.yaml
new file mode 100644
index 000000000..754e1fe89
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/templates/serviceaccount.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "backupRestore.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+     {{- include "backupRestore.labels" . | nindent 4 }}
+{{- if .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml .Values.serviceAccount.annotations | nindent 4 }}
+{{- end }}
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/templates/validate-install-crd.yaml b/charts/rancher-backup/rancher-backup/2.0.1/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..f63fd2e2e
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/templates/validate-install-crd.yaml
@@ -0,0 +1,16 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "resources.cattle.io/v1/Backup" false -}}
+# {{- set $found "resources.cattle.io/v1/ResourceSet" false -}}
+# {{- set $found "resources.cattle.io/v1/Restore" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-backup/rancher-backup/2.0.1/values.yaml b/charts/rancher-backup/rancher-backup/2.0.1/values.yaml
new file mode 100644
index 000000000..0a188f579
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.1/values.yaml
@@ -0,0 +1,57 @@
+image:
+  repository: rancher/backup-restore-operator
+  tag: v2.0.1
+
+## Default s3 bucket for storing all backup files created by the backup-restore-operator
+s3:
+  enabled: false
+  ## credentialSecretName if set, should be the name of the Secret containing AWS credentials.
+  ## To use IAM Role, don't set this field
+  credentialSecretName: ""
+  credentialSecretNamespace: ""
+  region: ""
+  bucketName: ""
+  folder: ""
+  endpoint: ""
+  endpointCA: ""
+  insecureTLSSkipVerify: false
+
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+## If persistence is enabled, operator will create a PVC with mountPath /var/lib/backups
+persistence: 
+  enabled: false
+
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack). 
+  ## Refer https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1
+  ##
+  storageClass: "-"
+
+  ## If you want to disable dynamic provisioning by setting storageClass to "-" above, 
+  ## and want to target a particular PV, provide name of the target volume 
+  volumeName: ""
+
+  ## Only certain StorageClasses allow resizing PVs; Refer https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/
+  size: 2Gi
+
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+serviceAccount:
+  annotations: {}
+
+priorityClassName: ""
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/Chart.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/Chart.yaml
new file mode 100644
index 000000000..7ea72327e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-cis-benchmark.
+name: rancher-cis-benchmark-crd
+type: application
+version: 2.0.1
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/README.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/README.md
new file mode 100644
index 000000000..f6d9ef621
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/README.md
@@ -0,0 +1,2 @@
+# rancher-cis-benchmark-crd
+A Rancher chart that installs the CRDs used by rancher-cis-benchmark.
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/templates/clusterscan.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/templates/clusterscan.yaml
new file mode 100644
index 000000000..3cbb0ffcd
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/templates/clusterscan.yaml
@@ -0,0 +1,148 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscans.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScan
+    plural: clusterscans
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .status.lastRunScanProfileName
+      name: ClusterScanProfile
+      type: string
+    - jsonPath: .status.summary.total
+      name: Total
+      type: string
+    - jsonPath: .status.summary.pass
+      name: Pass
+      type: string
+    - jsonPath: .status.summary.fail
+      name: Fail
+      type: string
+    - jsonPath: .status.summary.skip
+      name: Skip
+      type: string
+    - jsonPath: .status.summary.warn
+      name: Warn
+      type: string
+    - jsonPath: .status.summary.notApplicable
+      name: Not Applicable
+      type: string
+    - jsonPath: .status.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.scheduledScanConfig.cronSchedule
+      name: CronSchedule
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              scanProfileName:
+                nullable: true
+                type: string
+              scheduledScanConfig:
+                nullable: true
+                properties:
+                  cronSchedule:
+                    nullable: true
+                    type: string
+                  retentionCount:
+                    type: integer
+                  scanAlertRule:
+                    nullable: true
+                    properties:
+                      alertOnComplete:
+                        type: boolean
+                      alertOnFailure:
+                        type: boolean
+                    type: object
+                type: object
+              scoreWarning:
+                enum:
+                - pass
+                - fail
+                nullable: true
+                type: string
+            type: object
+          status:
+            properties:
+              NextScanAt:
+                nullable: true
+                type: string
+              ScanAlertingRuleName:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              display:
+                nullable: true
+                properties:
+                  error:
+                    type: boolean
+                  message:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                  transitioning:
+                    type: boolean
+                type: object
+              lastRunScanProfileName:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              observedGeneration:
+                type: integer
+              summary:
+                nullable: true
+                properties:
+                  fail:
+                    type: integer
+                  notApplicable:
+                    type: integer
+                  pass:
+                    type: integer
+                  skip:
+                    type: integer
+                  total:
+                    type: integer
+                  warn:
+                    type: integer
+                type: object
+            type: object
+        type: object
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/templates/clusterscanbenchmark.yaml
new file mode 100644
index 000000000..fd291f8c3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/templates/clusterscanbenchmark.yaml
@@ -0,0 +1,54 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanbenchmarks.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanBenchmark
+    plural: clusterscanbenchmarks
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.clusterProvider
+      name: ClusterProvider
+      type: string
+    - jsonPath: .spec.minKubernetesVersion
+      name: MinKubernetesVersion
+      type: string
+    - jsonPath: .spec.maxKubernetesVersion
+      name: MaxKubernetesVersion
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapName
+      name: customBenchmarkConfigMapName
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapNamespace
+      name: customBenchmarkConfigMapNamespace
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              clusterProvider:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapName:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapNamespace:
+                nullable: true
+                type: string
+              maxKubernetesVersion:
+                nullable: true
+                type: string
+              minKubernetesVersion:
+                nullable: true
+                type: string
+            type: object
+        type: object
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/templates/clusterscanprofile.yaml
new file mode 100644
index 000000000..1e75501b7
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/templates/clusterscanprofile.yaml
@@ -0,0 +1,36 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanprofiles.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanProfile
+    plural: clusterscanprofiles
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              skipTests:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+            type: object
+        type: object
+    additionalPrinterColumns:
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/templates/clusterscanreport.yaml
new file mode 100644
index 000000000..6e8c0b7de
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.1/templates/clusterscanreport.yaml
@@ -0,0 +1,39 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanreports.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanReport
+    plural: clusterscanreports
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              reportJSON:
+                nullable: true
+                type: string
+            type: object
+        type: object
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/Chart.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/Chart.yaml
new file mode 100644
index 000000000..9f58b3b07
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/Chart.yaml
@@ -0,0 +1,20 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: CIS Benchmark
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+  catalog.cattle.io/rancher-version: '>= 2.6.0-0'
+  catalog.cattle.io/release-name: rancher-cis-benchmark
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/ui-component: rancher-cis-benchmark
+apiVersion: v1
+appVersion: v1.0.6
+description: The cis-operator enables running CIS benchmark security scans on a kubernetes
+  cluster
+icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+keywords:
+- security
+name: rancher-cis-benchmark
+version: 2.0.1
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/README.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/README.md
new file mode 100644
index 000000000..50beab58b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/README.md
@@ -0,0 +1,9 @@
+# Rancher CIS Benchmark Chart
+
+The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded.
+
+# Installation
+
+```
+helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system
+```
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/app-readme.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/app-readme.md
new file mode 100644
index 000000000..5e495d605
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/app-readme.md
@@ -0,0 +1,15 @@
+# Rancher CIS Benchmarks
+
+This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/).
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/).
+
+This chart installs the following components:
+
+- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded.
+- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed.
+- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans.
+- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources.
+- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish.
+    - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts.
+    - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart.
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/_helpers.tpl b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/_helpers.tpl
new file mode 100644
index 000000000..67f4ce116
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/_helpers.tpl
@@ -0,0 +1,23 @@
+{{/* Ensure namespace is set the same everywhere */}}
+{{- define "cis.namespace" -}}
+  {{- .Release.Namespace | default "cis-operator-system" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux_node_tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/alertingrule.yaml
new file mode 100644
index 000000000..1787c88a0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/alertingrule.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.alerts.enabled -}}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: rancher-cis-pod-monitor
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  podMetricsEndpoints:
+  - port: cismetrics
+{{- end }}
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-cis-1.5.yaml
new file mode 100644
index 000000000..39e8b834a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-cis-1.5.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.5
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-cis-1.6.yaml
new file mode 100644
index 000000000..93ba064f4
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-cis-1.6.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.6
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-eks-1.0.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-eks-1.0.yaml
new file mode 100644
index 000000000..bd2e32cd3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-eks-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: eks-1.0
+spec:
+  clusterProvider: eks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-gke-1.0.yaml
new file mode 100644
index 000000000..72122e8c5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-gke-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: gke-1.0
+spec:
+  clusterProvider: gke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-k3s-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..3ca9b6009
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-k3s-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-k3s-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..6d4253c6e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-k3s-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..b5627f966
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke-cis-1.5-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..95f80c0f0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke-cis-1.5-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..d75de8154
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..52428f4a7
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke2-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..3d83e9bd8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke2-cis-1.5-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke2-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..f66aa8f6e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke2-cis-1.5-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke2-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..3593bf371
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke2-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke2-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..522f846ae
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/benchmark-rke2-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/cis-roles.yaml
new file mode 100644
index 000000000..23c93dc65
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/cis-roles.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-admin
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-view
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs: ["get", "watch", "list"]
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/configmap.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/configmap.yaml
new file mode 100644
index 000000000..6cbc23db4
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/configmap.yaml
@@ -0,0 +1,17 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: default-clusterscanprofiles
+  namespace: {{ template "cis.namespace" . }}
+data:
+  # Default ClusterScanProfiles per cluster provider type
+  rke: |-
+    <1.16.0: rke-profile-permissive-1.5
+    >=1.16.0: rke-profile-permissive-1.6
+  rke2: |-
+    <1.20.5: rke2-cis-1.5-profile-permissive
+    >=1.20.5: rke2-cis-1.6-profile-permissive
+  eks: "eks-profile"
+  gke: "gke-profile"
+  k3s: "k3s-cis-1.6-profile-permissive"
+  default: "cis-1.6-profile"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/deployment.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/deployment.yaml
new file mode 100644
index 000000000..0d3c75e39
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/deployment.yaml
@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cis-operator
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    cis.cattle.io/operator: cis-operator
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  template:
+    metadata:
+      labels:
+        cis.cattle.io/operator: cis-operator
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      containers:
+      - name: cis-operator
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}'
+        imagePullPolicy: Always
+        ports:
+        - name: cismetrics
+          containerPort: {{ .Values.alerts.metricsPort }}
+        env:
+        - name: SECURITY_SCAN_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}
+        - name: SECURITY_SCAN_IMAGE_TAG
+          value: {{ .Values.image.securityScan.tag }}
+        - name: SONOBUOY_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}
+        - name: SONOBUOY_IMAGE_TAG
+          value: {{ .Values.image.sonobuoy.tag }}
+        - name: CIS_ALERTS_METRICS_PORT
+          value: '{{ .Values.alerts.metricsPort }}'
+        - name: CIS_ALERTS_SEVERITY
+          value: {{ .Values.alerts.severity }}
+        - name: CIS_ALERTS_ENABLED
+          value: {{ .Values.alerts.enabled | default "false" | quote }}
+        - name: CLUSTER_NAME
+          value: {{ .Values.global.cattle.clusterName }}
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+      nodeSelector:
+        kubernetes.io/os: linux
+      {{- with .Values.nodeSelector }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      tolerations:
+      {{- include "linux_node_tolerations" . | nindent 8}}
+      {{- with .Values.tolerations }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/network_policy_allow_all.yaml
new file mode 100644
index 000000000..6ed5d645e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/patch_default_serviceaccount.yaml
new file mode 100644
index 000000000..1efa3ed1c
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      restartPolicy: Never
+      containers:
+      - name: sa
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", {{ template "cis.namespace" . }}]
+  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/rbac.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/rbac.yaml
new file mode 100644
index 000000000..4ff88ea5f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/rbac.yaml
@@ -0,0 +1,43 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cis-operator-role
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cis-operator-installer
+subjects:
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-cis-1.5.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-cis-1.5.yml
new file mode 100644
index 000000000..d69ae9dd5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-cis-1.5.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.5-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.5
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-cis-1.6.yaml
new file mode 100644
index 000000000..8a8d8bf88
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-cis-1.6.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.6-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.6
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-k3s-cis-1.6-hardened.yml
new file mode 100644
index 000000000..095e977ab
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-k3s-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-k3s-cis-1.6-permissive.yml
new file mode 100644
index 000000000..3b22a80c8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-k3s-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke-1.5-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke-1.5-hardened.yml
new file mode 100644
index 000000000..4eabe158a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke-1.5-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.5
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.5-hardened
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke-1.5-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke-1.5-permissive.yml
new file mode 100644
index 000000000..1f78751d1
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke-1.5-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.5
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke-1.6-hardened.yaml
new file mode 100644
index 000000000..d38febd80
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke-1.6-permissive.yaml
new file mode 100644
index 000000000..d31b5b0d2
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke2-cis-1.5-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke2-cis-1.5-hardened.yml
new file mode 100644
index 000000000..83eb3131e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke2-cis-1.5-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.5-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.5-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke2-cis-1.5-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke2-cis-1.5-permissive.yml
new file mode 100644
index 000000000..40dc44bdf
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke2-cis-1.5-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.5-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke2-cis-1.6-hardened.yml
new file mode 100644
index 000000000..c7ac7f949
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke2-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke2-cis-1.6-permissive.yml
new file mode 100644
index 000000000..96ca1345a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofile-rke2-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofileeks.yml
new file mode 100644
index 000000000..49c7e0246
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofileeks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: eks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: eks-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofilegke.yml
new file mode 100644
index 000000000..2ddd0686f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/scanprofilegke.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: gke-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: gke-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/serviceaccount.yaml
new file mode 100644
index 000000000..ec48ec622
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/serviceaccount.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  name: cis-operator-serviceaccount
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-serviceaccount
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..562295791
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/templates/validate-install-crd.yaml
@@ -0,0 +1,17 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/values.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/values.yaml
new file mode 100644
index 000000000..fd659eeee
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.1/values.yaml
@@ -0,0 +1,45 @@
+# Default values for rancher-cis-benchmark.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  cisoperator:
+    repository: rancher/cis-operator
+    tag: v1.0.6
+  securityScan:
+    repository: rancher/security-scan
+    tag: v0.2.4
+  sonobuoy:
+    repository: rancher/mirrored-sonobuoy-sonobuoy
+    tag: v0.53.2
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    clusterName: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+
+alerts:
+  enabled: false
+  severity: warning
+  metricsPort: 8080
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/Chart.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/Chart.yaml
new file mode 100644
index 000000000..a5b8e0be6
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-gatekeeper-system
+  catalog.cattle.io/release-name: rancher-gatekeeper-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-gatekeeper.
+name: rancher-gatekeeper-crd
+type: application
+version: 100.0.1+up3.6.0
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/README.md b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/README.md
new file mode 100644
index 000000000..26079c833
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/README.md
@@ -0,0 +1,2 @@
+# rancher-gatekeeper-crd
+A Rancher chart that installs the CRDs used by rancher-gatekeeper.
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/assign-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/assign-customresourcedefinition.yaml
new file mode 100644
index 000000000..66bae643d
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/assign-customresourcedefinition.yaml
@@ -0,0 +1,209 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.5.0
+  labels:
+    gatekeeper.sh/system: "yes"
+  name: assign.mutations.gatekeeper.sh
+spec:
+  group: mutations.gatekeeper.sh
+  names:
+    kind: Assign
+    listKind: AssignList
+    plural: assign
+    singular: assign
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Assign is the Schema for the assign API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: AssignSpec defines the desired state of Assign.
+            properties:
+              applyTo:
+                description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "make" to regenerate code after modifying this file'
+                items:
+                  description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.
+                  properties:
+                    groups:
+                      items:
+                        type: string
+                      type: array
+                    kinds:
+                      items:
+                        type: string
+                      type: array
+                    versions:
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+              location:
+                type: string
+              match:
+                description: Match selects objects to apply mutations to.
+                properties:
+                  excludedNamespaces:
+                    items:
+                      type: string
+                    type: array
+                  kinds:
+                    items:
+                      description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
+                      properties:
+                        apiGroups:
+                          description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
+                          items:
+                            type: string
+                          type: array
+                        kinds:
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  labelSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  namespaceSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  namespaces:
+                    items:
+                      type: string
+                    type: array
+                  scope:
+                    description: ResourceScope is an enum defining the different scopes available to a custom resource
+                    type: string
+                type: object
+              parameters:
+                properties:
+                  assign:
+                    description: Assign.value holds the value to be assigned
+                    type: object
+                    x-kubernetes-preserve-unknown-fields: true
+                  assignIf:
+                    description: once https://github.com/kubernetes-sigs/controller-tools/pull/528 is merged, we can use an actual object
+                    type: object
+                  pathTests:
+                    items:
+                      description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist    - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate."
+                      properties:
+                        condition:
+                          description: Condition describes whether the path either MustExist or MustNotExist in the original object
+                          enum:
+                          - MustExist
+                          - MustNotExist
+                          type: string
+                        subPath:
+                          type: string
+                      type: object
+                    type: array
+                type: object
+            type: object
+          status:
+            description: AssignStatus defines the observed state of Assign.
+            properties:
+              byPod:
+                items:
+                  description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
+                  properties:
+                    enforced:
+                      type: boolean
+                    errors:
+                      items:
+                        description: MutatorError represents a single error caught while adding a mutator to a system.
+                        properties:
+                          message:
+                            type: string
+                        required:
+                        - message
+                        type: object
+                      type: array
+                    id:
+                      type: string
+                    mutatorUID:
+                      description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
+                      type: string
+                    observedGeneration:
+                      format: int64
+                      type: integer
+                    operations:
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/assignmetadata-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/assignmetadata-customresourcedefinition.yaml
new file mode 100644
index 000000000..43f960d6e
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/assignmetadata-customresourcedefinition.yaml
@@ -0,0 +1,174 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.5.0
+  labels:
+    gatekeeper.sh/system: "yes"
+  name: assignmetadata.mutations.gatekeeper.sh
+spec:
+  group: mutations.gatekeeper.sh
+  names:
+    kind: AssignMetadata
+    listKind: AssignMetadataList
+    plural: assignmetadata
+    singular: assignmetadata
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: AssignMetadata is the Schema for the assignmetadata API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: AssignMetadataSpec defines the desired state of AssignMetadata.
+            properties:
+              location:
+                type: string
+              match:
+                description: Match selects objects to apply mutations to.
+                properties:
+                  excludedNamespaces:
+                    items:
+                      type: string
+                    type: array
+                  kinds:
+                    items:
+                      description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
+                      properties:
+                        apiGroups:
+                          description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
+                          items:
+                            type: string
+                          type: array
+                        kinds:
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  labelSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  namespaceSelector:
+                    description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  namespaces:
+                    items:
+                      type: string
+                    type: array
+                  scope:
+                    description: ResourceScope is an enum defining the different scopes available to a custom resource
+                    type: string
+                type: object
+              parameters:
+                properties:
+                  assign:
+                    description: Assign.value holds the value to be assigned
+                    type: object
+                    x-kubernetes-preserve-unknown-fields: true
+                type: object
+            type: object
+          status:
+            description: AssignMetadataStatus defines the observed state of AssignMetadata.
+            properties:
+              byPod:
+                description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file'
+                items:
+                  description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
+                  properties:
+                    enforced:
+                      type: boolean
+                    errors:
+                      items:
+                        description: MutatorError represents a single error caught while adding a mutator to a system.
+                        properties:
+                          message:
+                            type: string
+                        required:
+                        - message
+                        type: object
+                      type: array
+                    id:
+                      type: string
+                    mutatorUID:
+                      description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
+                      type: string
+                    observedGeneration:
+                      format: int64
+                      type: integer
+                    operations:
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/config-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/config-customresourcedefinition.yaml
new file mode 100644
index 000000000..66b0092bf
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/config-customresourcedefinition.yaml
@@ -0,0 +1,105 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.5.0
+  labels:
+    gatekeeper.sh/system: "yes"
+  name: configs.config.gatekeeper.sh
+spec:
+  group: config.gatekeeper.sh
+  names:
+    kind: Config
+    listKind: ConfigList
+    plural: configs
+    singular: config
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Config is the Schema for the configs API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ConfigSpec defines the desired state of Config.
+            properties:
+              match:
+                description: Configuration for namespace exclusion
+                items:
+                  properties:
+                    excludedNamespaces:
+                      items:
+                        description: 'A string that supports globbing at its end.  Ex: "kube-*" will match "kube-system" or "kube-public".  The asterisk is required for wildcard matching.'
+                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\*|-\*)?$
+                        type: string
+                      type: array
+                    processes:
+                      items:
+                        type: string
+                      type: array
+                  type: object
+                type: array
+              readiness:
+                description: Configuration for readiness tracker
+                properties:
+                  statsEnabled:
+                    type: boolean
+                type: object
+              sync:
+                description: Configuration for syncing k8s objects
+                properties:
+                  syncOnly:
+                    description: If non-empty, only entries on this list will be replicated into OPA
+                    items:
+                      properties:
+                        group:
+                          type: string
+                        kind:
+                          type: string
+                        version:
+                          type: string
+                      type: object
+                    type: array
+                type: object
+              validation:
+                description: Configuration for validation
+                properties:
+                  traces:
+                    description: List of requests to trace. Both "user" and "kinds" must be specified
+                    items:
+                      properties:
+                        dump:
+                          description: Also dump the state of OPA with the trace. Set to `All` to dump everything.
+                          type: string
+                        kind:
+                          description: Only trace requests of the following GroupVersionKind
+                          properties:
+                            group:
+                              type: string
+                            kind:
+                              type: string
+                            version:
+                              type: string
+                          type: object
+                        user:
+                          description: Only trace requests from the specified user
+                          type: string
+                      type: object
+                    type: array
+                type: object
+            type: object
+          status:
+            description: ConfigStatus defines the observed state of Config.
+            type: object
+        type: object
+    served: true
+    storage: true
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/constraintpodstatus-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/constraintpodstatus-customresourcedefinition.yaml
new file mode 100644
index 000000000..d255b8104
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/constraintpodstatus-customresourcedefinition.yaml
@@ -0,0 +1,67 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.5.0
+  labels:
+    gatekeeper.sh/system: "yes"
+  name: constraintpodstatuses.status.gatekeeper.sh
+spec:
+  group: status.gatekeeper.sh
+  names:
+    kind: ConstraintPodStatus
+    listKind: ConstraintPodStatusList
+    plural: constraintpodstatuses
+    singular: constraintpodstatus
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: ConstraintPodStatus is the Schema for the constraintpodstatuses API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          status:
+            description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus.
+            properties:
+              constraintUID:
+                description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch
+                type: string
+              enforced:
+                type: boolean
+              errors:
+                items:
+                  description: Error represents a single error caught while adding a constraint to OPA.
+                  properties:
+                    code:
+                      type: string
+                    location:
+                      type: string
+                    message:
+                      type: string
+                  required:
+                  - code
+                  - message
+                  type: object
+                type: array
+              id:
+                type: string
+              observedGeneration:
+                format: int64
+                type: integer
+              operations:
+                items:
+                  type: string
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/constrainttemplate-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/constrainttemplate-customresourcedefinition.yaml
new file mode 100644
index 000000000..5226ba381
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/constrainttemplate-customresourcedefinition.yaml
@@ -0,0 +1,297 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.5.0
+  labels:
+    gatekeeper.sh/system: "yes"
+  name: constrainttemplates.templates.gatekeeper.sh
+spec:
+  group: templates.gatekeeper.sh
+  names:
+    kind: ConstraintTemplate
+    listKind: ConstraintTemplateList
+    plural: constrainttemplates
+    singular: constrainttemplate
+  preserveUnknownFields: false
+  scope: Cluster
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: ConstraintTemplate is the Schema for the constrainttemplates API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate
+            properties:
+              crd:
+                properties:
+                  spec:
+                    properties:
+                      names:
+                        properties:
+                          kind:
+                            type: string
+                          shortNames:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      validation:
+                        properties:
+                          legacySchema:
+                            default: false
+                            type: boolean
+                          openAPIV3Schema:
+                            type: object
+                            x-kubernetes-preserve-unknown-fields: true
+                        type: object
+                    type: object
+                type: object
+              targets:
+                items:
+                  properties:
+                    libs:
+                      items:
+                        type: string
+                      type: array
+                    rego:
+                      type: string
+                    target:
+                      type: string
+                  type: object
+                type: array
+            type: object
+          status:
+            description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate
+            properties:
+              byPod:
+                items:
+                  description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller
+                  properties:
+                    errors:
+                      items:
+                        description: CreateCRDError represents a single error caught during parsing, compiling, etc.
+                        properties:
+                          code:
+                            type: string
+                          location:
+                            type: string
+                          message:
+                            type: string
+                        required:
+                        - code
+                        - message
+                        type: object
+                      type: array
+                    id:
+                      description: a unique identifier for the pod that wrote the status
+                      type: string
+                    observedGeneration:
+                      format: int64
+                      type: integer
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+                type: array
+              created:
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ConstraintTemplate is the Schema for the constrainttemplates API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate
+            properties:
+              crd:
+                properties:
+                  spec:
+                    properties:
+                      names:
+                        properties:
+                          kind:
+                            type: string
+                          shortNames:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      validation:
+                        properties:
+                          legacySchema:
+                            default: true
+                            type: boolean
+                          openAPIV3Schema:
+                            type: object
+                            x-kubernetes-preserve-unknown-fields: true
+                        type: object
+                    type: object
+                type: object
+              targets:
+                items:
+                  properties:
+                    libs:
+                      items:
+                        type: string
+                      type: array
+                    rego:
+                      type: string
+                    target:
+                      type: string
+                  type: object
+                type: array
+            type: object
+          status:
+            description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate
+            properties:
+              byPod:
+                items:
+                  description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller
+                  properties:
+                    errors:
+                      items:
+                        description: CreateCRDError represents a single error caught during parsing, compiling, etc.
+                        properties:
+                          code:
+                            type: string
+                          location:
+                            type: string
+                          message:
+                            type: string
+                        required:
+                        - code
+                        - message
+                        type: object
+                      type: array
+                    id:
+                      description: a unique identifier for the pod that wrote the status
+                      type: string
+                    observedGeneration:
+                      format: int64
+                      type: integer
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+                type: array
+              created:
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: ConstraintTemplate is the Schema for the constrainttemplates API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate
+            properties:
+              crd:
+                properties:
+                  spec:
+                    properties:
+                      names:
+                        properties:
+                          kind:
+                            type: string
+                          shortNames:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      validation:
+                        properties:
+                          legacySchema:
+                            default: true
+                            type: boolean
+                          openAPIV3Schema:
+                            type: object
+                            x-kubernetes-preserve-unknown-fields: true
+                        type: object
+                    type: object
+                type: object
+              targets:
+                items:
+                  properties:
+                    libs:
+                      items:
+                        type: string
+                      type: array
+                    rego:
+                      type: string
+                    target:
+                      type: string
+                  type: object
+                type: array
+            type: object
+          status:
+            description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate
+            properties:
+              byPod:
+                items:
+                  description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller
+                  properties:
+                    errors:
+                      items:
+                        description: CreateCRDError represents a single error caught during parsing, compiling, etc.
+                        properties:
+                          code:
+                            type: string
+                          location:
+                            type: string
+                          message:
+                            type: string
+                        required:
+                        - code
+                        - message
+                        type: object
+                      type: array
+                    id:
+                      description: a unique identifier for the pod that wrote the status
+                      type: string
+                    observedGeneration:
+                      format: int64
+                      type: integer
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+                type: array
+              created:
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml
new file mode 100644
index 000000000..a5f3ede73
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml
@@ -0,0 +1,66 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.5.0
+  labels:
+    gatekeeper.sh/system: "yes"
+  name: constrainttemplatepodstatuses.status.gatekeeper.sh
+spec:
+  group: status.gatekeeper.sh
+  names:
+    kind: ConstraintTemplatePodStatus
+    listKind: ConstraintTemplatePodStatusList
+    plural: constrainttemplatepodstatuses
+    singular: constrainttemplatepodstatus
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          status:
+            description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus.
+            properties:
+              errors:
+                items:
+                  description: CreateCRDError represents a single error caught during parsing, compiling, etc.
+                  properties:
+                    code:
+                      type: string
+                    location:
+                      type: string
+                    message:
+                      type: string
+                  required:
+                  - code
+                  - message
+                  type: object
+                type: array
+              id:
+                description: 'Important: Run "make" to regenerate code after modifying this file'
+                type: string
+              observedGeneration:
+                format: int64
+                type: integer
+              operations:
+                items:
+                  type: string
+                type: array
+              templateUID:
+                description: UID is a type that holds unique ID values, including UUIDs.  Because we don't ONLY use UUIDs, this is an alias to string.  Being a type captures intent and helps make sure that UIDs and names do not get conflated.
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml
new file mode 100644
index 000000000..ea647580d
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml
@@ -0,0 +1,62 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.5.0
+  labels:
+    gatekeeper.sh/system: "yes"
+  name: mutatorpodstatuses.status.gatekeeper.sh
+spec:
+  group: status.gatekeeper.sh
+  names:
+    kind: MutatorPodStatus
+    listKind: MutatorPodStatusList
+    plural: mutatorpodstatuses
+    singular: mutatorpodstatus
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: MutatorPodStatus is the Schema for the mutationpodstatuses API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          status:
+            description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus.
+            properties:
+              enforced:
+                type: boolean
+              errors:
+                items:
+                  description: MutatorError represents a single error caught while adding a mutator to a system.
+                  properties:
+                    message:
+                      type: string
+                  required:
+                  - message
+                  type: object
+                type: array
+              id:
+                type: string
+              mutatorUID:
+                description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
+                type: string
+              observedGeneration:
+                format: int64
+                type: integer
+              operations:
+                items:
+                  type: string
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/_helpers.tpl b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/_helpers.tpl
new file mode 100644
index 000000000..39b26c195
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/_helpers.tpl
@@ -0,0 +1,7 @@
+# Rancher
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/jobs.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/jobs.yaml
new file mode 100644
index 000000000..709005fd9
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/jobs.yaml
@@ -0,0 +1,92 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ .Chart.Name }}-create
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade, post-rollback
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  template:
+    metadata:
+      name: {{ .Chart.Name }}-create
+      labels:
+        app: {{ .Chart.Name }}
+    spec:
+      serviceAccountName: {{ .Chart.Name }}-manager
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+      containers:
+        - name: create-crds
+          image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+          imagePullPolicy: IfNotPresent
+          command:
+          - /bin/kubectl
+          - apply
+          - -f
+          - /etc/config/crd-manifest.yaml
+          volumeMounts:
+            - name: crd-manifest
+              readOnly: true
+              mountPath: /etc/config
+      restartPolicy: OnFailure
+      volumes:
+      - name: crd-manifest
+        configMap:
+          name: {{ .Chart.Name }}-manifest
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ .Chart.Name }}-delete
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  template:
+    metadata:
+      name: {{ .Chart.Name }}-delete
+      labels:
+        app: {{ .Chart.Name }}
+    spec:
+      serviceAccountName: {{ .Chart.Name }}-manager
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+      initContainers:
+        - name: remove-finalizers
+          image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+          imagePullPolicy: IfNotPresent
+          command:
+          - /bin/kubectl
+          - apply
+          - -f
+          - /etc/config/crd-manifest.yaml
+          volumeMounts:
+            - name: crd-manifest
+              readOnly: true
+              mountPath: /etc/config
+      containers:
+        - name: delete-crds
+          image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+          imagePullPolicy: IfNotPresent
+          command:
+          - /bin/kubectl
+          - delete
+          - -f
+          - /etc/config/crd-manifest.yaml
+          volumeMounts:
+            - name: crd-manifest
+              readOnly: true
+              mountPath: /etc/config
+      restartPolicy: OnFailure
+      volumes:
+      - name: crd-manifest
+        configMap:
+          name: {{ .Chart.Name }}-manifest
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/manifest.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/manifest.yaml
new file mode 100644
index 000000000..31016b6ef
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/manifest.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Chart.Name }}-manifest
+  namespace: {{ .Release.Namespace }}
+data:
+  crd-manifest.yaml: |
+    {{- $currentScope := . -}}
+    {{- $crds := (.Files.Glob  "crd-manifest/**.yaml") -}}
+    {{- range $path, $_ :=  $crds -}}
+    {{- with $currentScope -}}
+    {{ .Files.Get $path | nindent 4 }}
+    ---
+    {{- end -}}{{- end -}}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/rbac.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/rbac.yaml
new file mode 100644
index 000000000..bdda1ddad
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/templates/rbac.yaml
@@ -0,0 +1,72 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Chart.Name }}-manager
+  labels:
+    app: {{ .Chart.Name }}-manager
+rules:
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs: ['create', 'get', 'patch', 'delete']
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+  - {{ .Chart.Name }}-manager
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Chart.Name }}-manager
+  labels:
+    app: {{ .Chart.Name }}-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Chart.Name }}-manager
+subjects:
+- kind: ServiceAccount
+  name: {{ .Chart.Name }}-manager
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}-manager
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}-manager
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ .Chart.Name }}-manager
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Chart.Name }}-manager
+spec:
+  privileged: false
+  allowPrivilegeEscalation: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  volumes:
+    - 'configMap'
+    - 'secret'
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/values.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/values.yaml
new file mode 100644
index 000000000..657ccacf8
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.1+up3.6.0/values.yaml
@@ -0,0 +1,11 @@
+# Default values for rancher-gatekeeper-crd.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+image:
+  repository: rancher/kubectl
+  tag: v1.20.2
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/.helmignore b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/.helmignore
new file mode 100644
index 000000000..f0c131944
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/CHANGELOG.md b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/CHANGELOG.md
new file mode 100644
index 000000000..c68d23c24
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/CHANGELOG.md
@@ -0,0 +1,15 @@
+# Changelog
+All notable changes from the upstream OPA Gatekeeper chart will be added to this file
+
+## [Package Version 00] - 2020-09-10
+### Added
+- Enabled the CRD chart generator in `package.yaml`
+
+### Modified
+- Updated namespace to `cattle-gatekeeper-system`
+- Updated for Helm 3 compatibility
+    - Moved crds to `crds` directory
+    - Removed `crd-install` hooks and templates from crds
+
+### Removed
+- Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/Chart.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/Chart.yaml
new file mode 100644
index 000000000..05618cf15
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/Chart.yaml
@@ -0,0 +1,23 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: OPA Gatekeeper
+  catalog.cattle.io/namespace: cattle-gatekeeper-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1
+  catalog.cattle.io/release-name: rancher-gatekeeper
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/ui-component: gatekeeper
+apiVersion: v2
+appVersion: v3.6.0
+description: Modifies Open Policy Agent's upstream gatekeeper chart that provides
+  policy-based control for cloud native environments
+home: https://github.com/open-policy-agent/gatekeeper
+icon: https://charts.rancher.io/assets/logos/gatekeeper.svg
+keywords:
+- open policy agent
+- security
+name: rancher-gatekeeper
+sources:
+- https://github.com/open-policy-agent/gatekeeper.git
+version: 100.0.1+up3.6.0
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/README.md b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/README.md
new file mode 100644
index 000000000..136852d09
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/README.md
@@ -0,0 +1,121 @@
+# Gatekeeper Helm Chart
+
+## Get Repo Info
+
+```console
+helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
+helm repo update
+```
+
+_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
+
+## Install Chart
+
+```console
+# Helm install with gatekeeper-system namespace already created
+$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper
+
+# Helm install and create namespace
+$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper --create-namespace
+
+```
+
+_See [parameters](#parameters) below._
+
+_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
+
+## Upgrade Chart
+
+**Upgrading from < v3.4.0**
+Chart 3.4.0 deprecates support for Helm 2 and also removes the creation of the `gatekeeper-system` Namespace from within the chart. This follows Helm 3 Best Practices.
+
+Option 1:
+A simple way to upgrade is to uninstall first and re-install with 3.4.0 or greater.
+
+```console
+$ helm uninstall gatekeeper
+$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper --create-namespace
+
+```
+
+Option 2:
+Run the `helm_migrate.sh` script before installing the 3.4.0 or greater chart. This will remove the Helm secret for the original release, while keeping all of the resources. It then updates the annotations of the resources so that the new chart can import and manage them.
+
+```console
+$ helm_migrate.sh
+$ helm install -n gatekeeper-system gatekeeper gatekeeper/gatekeeper
+```
+
+**Upgrading from >= v3.4.0**
+```console
+$ helm upgrade -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper
+```
+
+_See [helm 2 to 3](https://helm.sh/docs/topics/v2_v3_migration/) for Helm 2 migration documentation._
+
+
+## Exempting Namespace
+
+The Helm chart automatically sets the Gatekeeper flag `--exempt-namespace={{ .Release.Namespace }}` in order to exempt the namespace where the chart is installed, and adds the `admission.gatekeeper.sh/ignore` label to the namespace during a post-install hook.
+
+_See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/website/docs/exempt-namespaces) for more information._
+
+## Parameters
+
+| Parameter                                    | Description                                                                            | Default                                                                   |
+| :------------------------------------------- | :------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ |
+| postInstall.labelNamespace.enabled           | Add labels to the namespace during post install hooks                                  | `true`                                                                    |
+| postInstall.labelNamespace.image.repository  | Image with kubectl to label the namespace                                              | `line/kubectl-kustomize`                                                  |
+| postInstall.labelNamespace.image.tag         | Image tag                                                                              | `1.20.4-4.0.5`                                                            |
+| postInstall.labelNamespace.image.pullPolicy  | Image pullPolicy                                                                       | `IfNotPresent`                                                            |
+| postInstall.labelNamespace.image.pullSecrets | Image pullSecrets                                                                      | `[]`                                                                      |
+| auditInterval                                | The frequency with which audit is run                                                  | `300`                                                                     |
+| constraintViolationsLimit                    | The maximum # of audit violations reported on a constraint                             | `20`                                                                      |
+| auditFromCache                               | Take the roster of resources to audit from the OPA cache                               | `false`                                                                   |
+| auditChunkSize                               | Chunk size for listing cluster resources for audit (alpha feature)                     | `0`                                                                       |
+| auditMatchKindOnly                           | Only check resources of the kinds specified in all constraints defined in the cluster. | `false`                                                                   |
+| disableValidatingWebhook                     | Disable the validating webhook                                                         | `false`                                                                   |
+| validatingWebhookTimeoutSeconds              | The timeout for the validating webhook in seconds                                      | `3`                                                                       |
+| validatingWebhookFailurePolicy               | The failurePolicy for the validating webhook                                           | `Ignore`                                                                  |
+| validatingWebhookCheckIgnoreFailurePolicy    | The failurePolicy for the check-ignore-label validating webhook                        | `Fail`                                                                    |
+| enableDeleteOperations                       | Enable validating webhook for delete operations                                        | `false`                                                                   |
+| experimentalEnableMutation                   | Enable mutation  (alpha feature)                                                       | `false`                                                                   |
+| emitAdmissionEvents                          | Emit K8s events in gatekeeper namespace for admission violations (alpha feature)       | `false`                                                                   |
+| emitAuditEvents                              | Emit K8s events in gatekeeper namespace for audit violations (alpha feature)           | `false`                                                                   |
+| logDenies                                    | Log detailed info on each deny                                                         | `false`                                                                   |
+| logLevel                                     | Minimum log level                                                                      | `INFO`                                                                    |
+| image.pullPolicy                             | The image pull policy                                                                  | `IfNotPresent`                                                            |
+| image.repository                             | Image repository                                                                       | `openpolicyagent/gatekeeper`                                              |
+| image.release                                | The image release tag to use                                                           | Current release version: `v3.6.0`                                  |
+| image.pullSecrets                            | Specify an array of imagePullSecrets                                                   | `[]`                                                                      |
+| resources                                    | The resource request/limits for the container image                                    | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi                            |
+| nodeSelector                                 | The node selector to use for pod scheduling                                            | `kubernetes.io/os: linux`                                                 |
+| affinity                                     | The node affinity to use for pod scheduling                                            | `{}`                                                                      |
+| tolerations                                  | The tolerations to use for pod scheduling                                              | `[]`                                                                      |
+| controllerManager.healthPort                 | Health port for controller manager                                                     | `9090`                                                                    |
+| controllerManager.port                       | Webhook-server port for controller manager                                             | `8443`                                                                    |
+| controllerManager.metricsPort                | Metrics port for controller manager                                                    | `8888`                                                                    |
+| controllerManager.priorityClassName          | Priority class name for controller manager                                             | `system-cluster-critical`                                                 |
+| controllerManager.exemptNamespaces           | The namespaces to exempt                                                               | `[]`                                                                      |
+| controllerManager.hostNetwork                | Enables controllerManager to be deployed on hostNetwork                                | `false`                                                                   |
+| audit.priorityClassName                      | Priority class name for audit controller                                               | `system-cluster-critical`                                                 |
+| audit.hostNetwork                            | Enables audit to be deployed on hostNetwork                                            | `false`                                                                   |
+| audit.healthPort                             | Health port for audit                                                                  | `9090`                                                                    |
+| audit.metricsPort                            | Metrics port for audit                                                                 | `8888`                                                                    |
+| replicas                                     | The number of Gatekeeper replicas to deploy for the webhook                            | `3`                                                                       |
+| podAnnotations                               | The annotations to add to the Gatekeeper pods                                          | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` |
+| podLabels                                    | The labels to add to the Gatekeeper pods                                               | `{}`                                                                      |
+| podCountLimit                                | The maximum number of Gatekeeper pods to run                                           | `100`                                                                     |
+| secretAnnotations                            | The annotations to add to the Gatekeeper secrets                                       | `{}`                                                                      |
+| pdb.controllerManager.minAvailable           | The number of controller manager pods that must still be available after an eviction   | `1`                                                                       |
+| service.type                                 | Service type                                                                           | `ClusterIP`                                                               |
+| service.loadBalancerIP                       | The IP address of LoadBalancer service                                                 | ``                                                                        |
+
+## Contributing Changes
+
+This Helm chart is autogenerated from the Gatekeeper static manifest. The
+generator code lives under `cmd/build/helmify`. To make modifications to this
+template, please edit `kustomization.yaml`, `kustomize-for-helm.yaml` and
+`replacements.go` under that directory and then run `make manifests`. Your
+changes will show up in the `manifest_staging` directory and will be promoted
+to the root `charts` directory the next time a Gatekeeper release is cut.
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/app-readme.md b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/app-readme.md
new file mode 100644
index 000000000..d44cf7b2b
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/app-readme.md
@@ -0,0 +1,14 @@
+# Rancher OPA Gatekeeper
+
+This chart is based off of the upstream [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper/tree/master/charts/gatekeeper) chart.
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/opa-gatekeper/).
+
+The chart installs the following components:
+
+- OPA Gatekeeper Controller-Manager - OPA Gatekeeper is a policy engine for providing policy based governance for Kubernetes clusters. The controller installs as a [validating admission controller webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook) on the cluster and intercepts all admission requests that create, update or delete a resource in the cluster.
+- [Audit](https://github.com/open-policy-agent/gatekeeper#audit) - A periodic audit of the cluster resources against the enforced policies. Any existing resource that violates a policy will be recorded as violations.
+- [Constraint Template](https://github.com/open-policy-agent/gatekeeper#constraint-templates) - A template is a CRD (`ConstraintTemplate`) that defines the schema and Rego logic of a policy to be applied to the cluster by Gatekeeper's admission controller webhook. This chart installs a few default `ConstraintTemplate` custom resources.
+- [Constraint](https://github.com/open-policy-agent/gatekeeper#constraints) - A constraint is a custom resource that defines the scope of resources which a specific constraint template should apply to. The complete policy is defined by a combination of `ConstraintTemplates` (i.e. what the policy is) and `Constraints` (i.e. what resource to apply the policy to).
+
+For more information on how to configure the Helm chart, refer to the Helm README.
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/_helpers.tpl b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/_helpers.tpl
new file mode 100644
index 000000000..2d2402686
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/_helpers.tpl
@@ -0,0 +1,49 @@
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "gatekeeper.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "gatekeeper.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "gatekeeper.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Adds additional pod labels to the common ones
+*/}}
+{{- define "gatekeeper.podLabels" -}}
+{{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+{{- end }}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/allowedrepos.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/allowedrepos.yaml
new file mode 100644
index 000000000..9abb84ecb
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/allowedrepos.yaml
@@ -0,0 +1,35 @@
+apiVersion: templates.gatekeeper.sh/v1beta1
+kind: ConstraintTemplate
+metadata:
+  name: k8sallowedrepos
+spec:
+  crd:
+    spec:
+      names:
+        kind: K8sAllowedRepos
+      validation:
+        # Schema for the `parameters` field
+        openAPIV3Schema:
+          properties:
+            repos:
+              type: array
+              items:
+                type: string
+  targets:
+    - target: admission.k8s.gatekeeper.sh
+      rego: |
+        package k8sallowedrepos
+
+        violation[{"msg": msg}] {
+          container := input.review.object.spec.containers[_]
+          satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)]
+          not any(satisfied)
+          msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos])
+        }
+
+        violation[{"msg": msg}] {
+          container := input.review.object.spec.initContainers[_]
+          satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)]
+          not any(satisfied)
+          msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos])
+        }
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-admin-podsecuritypolicy.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-admin-podsecuritypolicy.yaml
new file mode 100644
index 000000000..78f36ecfb
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-admin-podsecuritypolicy.yaml
@@ -0,0 +1,35 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-admin
+spec:
+  allowPrivilegeEscalation: false
+  fsGroup:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  requiredDropCapabilities:
+  - ALL
+  runAsUser:
+    rule: MustRunAsNonRoot
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  volumes:
+  - configMap
+  - projected
+  - secret
+  - downwardAPI
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-admin-serviceaccount.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-admin-serviceaccount.yaml
new file mode 100644
index 000000000..4b68998cb
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-admin-serviceaccount.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-admin
+  namespace: '{{ .Release.Namespace }}'
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-audit-deployment.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-audit-deployment.yaml
new file mode 100644
index 000000000..d3ec08d6f
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-audit-deployment.yaml
@@ -0,0 +1,108 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    control-plane: audit-controller
+    gatekeeper.sh/operation: audit
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-audit
+  namespace: '{{ .Release.Namespace }}'
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: '{{ template "gatekeeper.name" . }}'
+      chart: '{{ template "gatekeeper.name" . }}'
+      control-plane: audit-controller
+      gatekeeper.sh/operation: audit
+      gatekeeper.sh/system: "yes"
+      heritage: '{{ .Release.Service }}'
+      release: '{{ .Release.Name }}'
+  template:
+    metadata:
+      annotations:
+        {{- toYaml .Values.podAnnotations | trim | nindent 8 }}
+      labels:
+{{- include "gatekeeper.podLabels" . }}
+        app: '{{ template "gatekeeper.name" . }}'
+        chart: '{{ template "gatekeeper.name" . }}'
+        control-plane: audit-controller
+        gatekeeper.sh/operation: audit
+        gatekeeper.sh/system: "yes"
+        heritage: '{{ .Release.Service }}'
+        release: '{{ .Release.Name }}'
+    spec:
+      affinity:
+        {{- toYaml .Values.audit.affinity | nindent 8 }}
+      automountServiceAccountToken: true
+      containers:
+      - args:
+        - --audit-interval={{ .Values.auditInterval }}
+        - --log-level={{ .Values.logLevel }}
+        - --constraint-violations-limit={{ .Values.constraintViolationsLimit }}
+        - --audit-from-cache={{ .Values.auditFromCache }}
+        - --audit-chunk-size={{ .Values.auditChunkSize }}
+        - --audit-match-kind-only={{ .Values.auditMatchKindOnly }}
+        - --emit-audit-events={{ .Values.emitAuditEvents }}
+        - --operation=audit
+        - --operation=status
+        - --logtostderr
+        - --health-addr=:{{ .Values.audit.healthPort }}
+        - --prometheus-port={{ .Values.audit.metricsPort }}
+        command:
+        - /manager
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        image: '{{ template "system_default_registry" . }}{{ .Values.images.gatekeeper.repository }}:{{ .Values.images.gatekeeper.tag }}'
+        imagePullPolicy: '{{ .Values.images.pullPolicy }}'
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: {{ .Values.audit.healthPort }}
+        name: manager
+        ports:
+        - containerPort: {{ .Values.audit.metricsPort }}
+          name: metrics
+          protocol: TCP
+        - containerPort: {{ .Values.audit.healthPort }}
+          name: healthz
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: {{ .Values.audit.healthPort }}
+        resources:
+          {{- toYaml .Values.audit.resources | nindent 10 }}
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - all
+          readOnlyRootFilesystem: true
+          runAsGroup: 999
+          runAsNonRoot: true
+          runAsUser: 1000
+      hostNetwork: {{ .Values.audit.hostNetwork }}
+      imagePullSecrets:
+        {{- toYaml .Values.images.pullSecrets | nindent 8 }}
+      nodeSelector:
+        {{- toYaml .Values.audit.nodeSelector | nindent 8 }}
+      {{- if .Values.audit.priorityClassName }} 
+      priorityClassName:  {{ .Values.audit.priorityClassName }}
+      {{- end }}
+      serviceAccountName: gatekeeper-admin
+      terminationGracePeriodSeconds: 60
+      tolerations:
+        {{- toYaml .Values.audit.tolerations | nindent 8 }}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-controller-manager-deployment.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-controller-manager-deployment.yaml
new file mode 100644
index 000000000..4ee3cc82b
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-controller-manager-deployment.yaml
@@ -0,0 +1,126 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    control-plane: controller-manager
+    gatekeeper.sh/operation: webhook
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-controller-manager
+  namespace: '{{ .Release.Namespace }}'
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: '{{ template "gatekeeper.name" . }}'
+      chart: '{{ template "gatekeeper.name" . }}'
+      control-plane: controller-manager
+      gatekeeper.sh/operation: webhook
+      gatekeeper.sh/system: "yes"
+      heritage: '{{ .Release.Service }}'
+      release: '{{ .Release.Name }}'
+  template:
+    metadata:
+      annotations:
+        {{- toYaml .Values.podAnnotations | trim | nindent 8 }}
+      labels:
+{{- include "gatekeeper.podLabels" . }}
+        app: '{{ template "gatekeeper.name" . }}'
+        chart: '{{ template "gatekeeper.name" . }}'
+        control-plane: controller-manager
+        gatekeeper.sh/operation: webhook
+        gatekeeper.sh/system: "yes"
+        heritage: '{{ .Release.Service }}'
+        release: '{{ .Release.Name }}'
+    spec:
+      affinity:
+        {{- toYaml .Values.controllerManager.affinity | nindent 8 }}
+      automountServiceAccountToken: true
+      containers:
+      - args:
+        - --port={{ .Values.controllerManager.port }}
+        - --health-addr=:{{ .Values.controllerManager.healthPort }}
+        - --prometheus-port={{ .Values.controllerManager.metricsPort }}
+        - --logtostderr
+        - --log-denies={{ .Values.logDenies }}
+        - --emit-admission-events={{ .Values.emitAdmissionEvents }}
+        - --log-level={{ .Values.logLevel }}
+        - --exempt-namespace={{ .Release.Namespace }}
+        - --operation=webhook
+        - --enable-mutation={{ .Values.experimentalEnableMutation}}
+        
+        {{- range .Values.disabledBuiltins}}
+        - --disable-opa-builtin={{ . }}
+        {{- end }}
+        
+        {{- range .Values.controllerManager.exemptNamespaces}}
+        - --exempt-namespace={{ . }}
+        {{- end }}
+        command:
+        - /manager
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        image: '{{ template "system_default_registry" . }}{{ .Values.images.gatekeeper.repository }}:{{ .Values.images.gatekeeper.tag }}'
+        imagePullPolicy: '{{ .Values.images.pullPolicy }}'
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: {{ .Values.controllerManager.healthPort }}
+        name: manager
+        ports:
+        - containerPort: {{ .Values.controllerManager.port }}
+          name: webhook-server
+          protocol: TCP
+        - containerPort: {{ .Values.controllerManager.metricsPort }}
+          name: metrics
+          protocol: TCP
+        - containerPort: {{ .Values.controllerManager.healthPort }}
+          name: healthz
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: {{ .Values.controllerManager.healthPort }}
+        resources:
+          {{- toYaml .Values.controllerManager.resources | nindent 10 }}
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - all
+          readOnlyRootFilesystem: true
+          runAsGroup: 999
+          runAsNonRoot: true
+          runAsUser: 1000
+        volumeMounts:
+        - mountPath: /certs
+          name: cert
+          readOnly: true
+      hostNetwork: {{ .Values.controllerManager.hostNetwork }}
+      imagePullSecrets:
+        {{- toYaml .Values.images.pullSecrets | nindent 8 }}
+      nodeSelector:
+        {{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }}
+      {{- if .Values.controllerManager.priorityClassName }} 
+      priorityClassName:  {{ .Values.controllerManager.priorityClassName }}
+      {{- end }}
+      serviceAccountName: gatekeeper-admin
+      terminationGracePeriodSeconds: 60
+      tolerations:
+        {{- toYaml .Values.controllerManager.tolerations | nindent 8 }}
+      volumes:
+      - name: cert
+        secret:
+          defaultMode: 420
+          secretName: gatekeeper-webhook-server-cert
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml
new file mode 100644
index 000000000..4bece56bf
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{- if .Capabilities.APIVersions.Has "policy/v1" }}
+apiVersion: policy/v1
+{{ else }}
+apiVersion: policy/v1beta1
+{{ end -}}
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-controller-manager
+  namespace: '{{ .Release.Namespace }}'
+spec:
+  minAvailable: {{ .Values.pdb.controllerManager.minAvailable }}
+  selector:
+    matchLabels:
+      app: '{{ template "gatekeeper.name" . }}'
+      chart: '{{ template "gatekeeper.name" . }}'
+      control-plane: controller-manager
+      gatekeeper.sh/operation: webhook
+      gatekeeper.sh/system: "yes"
+      heritage: '{{ .Release.Service }}'
+      release: '{{ .Release.Name }}'
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-critical-pods-resourcequota.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-critical-pods-resourcequota.yaml
new file mode 100644
index 000000000..154646366
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-critical-pods-resourcequota.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.resourceQuota }}
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-critical-pods
+  namespace: '{{ .Release.Namespace }}'
+spec:
+  hard:
+    pods: {{ .Values.podCountLimit }}
+  scopeSelector:
+    matchExpressions:
+    - operator: In
+      scopeName: PriorityClass
+      values:
+      - {{ .Values.controllerManager.priorityClassName }}
+      - {{ .Values.audit.priorityClassName }}
+{{- end }}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-manager-role-clusterrole.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-manager-role-clusterrole.yaml
new file mode 100644
index 000000000..027f134ed
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-manager-role-clusterrole.yaml
@@ -0,0 +1,153 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-manager-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - config.gatekeeper.sh
+  resources:
+  - configs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - config.gatekeeper.sh
+  resources:
+  - configs/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - constraints.gatekeeper.sh
+  resources:
+  - '*'
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - mutations.gatekeeper.sh
+  resources:
+  - '*'
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - policy
+  resourceNames:
+  - gatekeeper-admin
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+- apiGroups:
+  - status.gatekeeper.sh
+  resources:
+  - '*'
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - templates.gatekeeper.sh
+  resources:
+  - constrainttemplates
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - templates.gatekeeper.sh
+  resources:
+  - constrainttemplates/finalizers
+  verbs:
+  - delete
+  - get
+  - patch
+  - update
+- apiGroups:
+  - templates.gatekeeper.sh
+  resources:
+  - constrainttemplates/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - admissionregistration.k8s.io
+  resourceNames:
+  - gatekeeper-validating-webhook-configuration
+  resources:
+  - validatingwebhookconfigurations
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - admissionregistration.k8s.io
+  resourceNames:
+  - gatekeeper-mutating-webhook-configuration
+  resources:
+  - mutatingwebhookconfigurations
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-manager-role-role.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-manager-role-role.yaml
new file mode 100644
index 000000000..73e2c5cf7
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-manager-role-role.yaml
@@ -0,0 +1,32 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: null
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-manager-role
+  namespace: '{{ .Release.Namespace }}'
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml
new file mode 100644
index 000000000..22194d2ad
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml
@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: gatekeeper-manager-role
+subjects:
+- kind: ServiceAccount
+  name: gatekeeper-admin
+  namespace: '{{ .Release.Namespace }}'
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-manager-rolebinding-rolebinding.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-manager-rolebinding-rolebinding.yaml
new file mode 100644
index 000000000..4bf6087dc
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-manager-rolebinding-rolebinding.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-manager-rolebinding
+  namespace: '{{ .Release.Namespace }}'
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: gatekeeper-manager-role
+subjects:
+- kind: ServiceAccount
+  name: gatekeeper-admin
+  namespace: '{{ .Release.Namespace }}'
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml
new file mode 100644
index 000000000..8a860a488
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml
@@ -0,0 +1,40 @@
+{{- if .Values.experimentalEnableMutation }}
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  creationTimestamp: null
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: gatekeeper-webhook-service
+      namespace: '{{ .Release.Namespace }}'
+      path: /v1/mutate
+  failurePolicy: Ignore
+  matchPolicy: Exact
+  name: mutation.gatekeeper.sh
+  namespaceSelector:
+    matchExpressions:
+    - key: admission.gatekeeper.sh/ignore
+      operator: DoesNotExist
+  rules:
+  - apiGroups:
+    - '*'
+    apiVersions:
+    - '*'
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - '*'
+  sideEffects: None
+  timeoutSeconds: 3
+{{- end }}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
new file mode 100644
index 000000000..4ab0e97d6
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
@@ -0,0 +1,66 @@
+{{- if not .Values.disableValidatingWebhook }}
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: gatekeeper-webhook-service
+      namespace: '{{ .Release.Namespace }}'
+      path: /v1/admit
+  failurePolicy: {{ .Values.validatingWebhookFailurePolicy }}
+  matchPolicy: Exact
+  name: validation.gatekeeper.sh
+  namespaceSelector:
+    matchExpressions:
+    - key: admission.gatekeeper.sh/ignore
+      operator: DoesNotExist
+  rules:
+  - apiGroups:
+    - '*'
+    apiVersions:
+    - '*'
+    operations: 
+    - CREATE
+    - UPDATE
+    {{- if .Values.enableDeleteOperations }}
+    - DELETE
+    {{- end}}
+    resources:
+    - '*'
+  sideEffects: None
+  timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }}
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: gatekeeper-webhook-service
+      namespace: '{{ .Release.Namespace }}'
+      path: /v1/admitlabel
+  failurePolicy: {{ .Values.validatingWebhookCheckIgnoreFailurePolicy }}
+  matchPolicy: Exact
+  name: check-ignore-label.gatekeeper.sh
+  rules:
+  - apiGroups:
+    - ""
+    apiVersions:
+    - '*'
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - namespaces
+  sideEffects: None
+  timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }}
+{{- end }}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-webhook-server-cert-secret.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-webhook-server-cert-secret.yaml
new file mode 100644
index 000000000..d6e906a99
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-webhook-server-cert-secret.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations: {{- toYaml .Values.secretAnnotations | trim | nindent 4 }}
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-webhook-server-cert
+  namespace: '{{ .Release.Namespace }}'
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-webhook-service-service.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-webhook-service-service.yaml
new file mode 100644
index 000000000..c49790b20
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/gatekeeper-webhook-service-service.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  name: gatekeeper-webhook-service
+  namespace: '{{ .Release.Namespace }}'
+spec:
+  {{- if .Values.service }}
+  type: {{  .Values.service.type | default "ClusterIP" }}
+    {{- if .Values.service.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+    {{- end }}
+  {{- end }}
+  ports:
+  - port: 443
+    targetPort: webhook-server
+  selector:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    control-plane: controller-manager
+    gatekeeper.sh/operation: webhook
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/namespace-post-install.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/namespace-post-install.yaml
new file mode 100644
index 000000000..ca54d15a7
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/namespace-post-install.yaml
@@ -0,0 +1,98 @@
+{{- if .Values.postInstall.labelNamespace.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: gatekeeper-update-namespace-label
+  labels:
+    app: '{{ template "gatekeeper.name" . }}'
+    chart: '{{ template "gatekeeper.name" . }}'
+    gatekeeper.sh/system: "yes"
+    heritage: '{{ .Release.Service }}'
+    release: '{{ .Release.Name }}'
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+spec:
+  template:
+    metadata:
+      labels:
+        app: '{{ template "gatekeeper.name" . }}'
+        release: '{{ .Release.Name }}'
+    spec:
+      restartPolicy: OnFailure
+      {{- if .Values.postInstall.labelNamespace.image.pullSecrets }}
+      imagePullSecrets:
+      {{- .Values.postInstall.labelNamespace.image.pullSecrets | toYaml | nindent 12 }}
+      {{- end }}
+      serviceAccount: gatekeeper-update-namespace-label
+      nodeSelector:
+        kubernetes.io/os: linux
+      containers:
+        - name: kubectl-label
+          image: '{{ template "system_default_registry" . }}{{ .Values.postInstall.labelNamespace.image.repository }}:{{ .Values.postInstall.labelNamespace.image.tag }}'
+          imagePullPolicy: {{ .Values.postInstall.labelNamespace.image.pullPolicy }}
+          command:
+            - kubectl
+            - label
+            - ns
+            - {{ .Release.Namespace }}
+            - admission.gatekeeper.sh/ignore=no-self-managing
+            - --overwrite
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gatekeeper-update-namespace-label
+  labels:
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: gatekeeper-update-namespace-label
+  labels:
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+      - update
+      - patch
+    resourceNames:
+      - {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: gatekeeper-update-namespace-label
+  labels:
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: gatekeeper-update-namespace-label
+subjects:
+  - kind: ServiceAccount
+    name: gatekeeper-update-namespace-label
+    namespace: {{ .Release.Namespace | quote }}
+
+{{- end }}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/requiredlabels.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/requiredlabels.yaml
new file mode 100644
index 000000000..e93e6a0a7
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/requiredlabels.yaml
@@ -0,0 +1,57 @@
+apiVersion: templates.gatekeeper.sh/v1beta1
+kind: ConstraintTemplate
+metadata:
+  name: k8srequiredlabels
+spec:
+  crd:
+    spec:
+      names:
+        kind: K8sRequiredLabels
+      validation:
+        # Schema for the `parameters` field
+        openAPIV3Schema:
+          properties:
+            message:
+              type: string
+            labels:
+              type: array
+              items:
+                type: object
+                properties:
+                  key:
+                    type: string
+                  allowedRegex:
+                    type: string
+  targets:
+    - target: admission.k8s.gatekeeper.sh
+      rego: |
+        package k8srequiredlabels
+
+        get_message(parameters, _default) = msg {
+          not parameters.message
+          msg := _default
+        }
+
+        get_message(parameters, _default) = msg {
+          msg := parameters.message
+        }
+
+        violation[{"msg": msg, "details": {"missing_labels": missing}}] {
+          provided := {label | input.review.object.metadata.labels[label]}
+          required := {label | label := input.parameters.labels[_].key}
+          missing := required - provided
+          count(missing) > 0
+          def_msg := sprintf("you must provide labels: %v", [missing])
+          msg := get_message(input.parameters, def_msg)
+        }
+
+        violation[{"msg": msg}] {
+          value := input.review.object.metadata.labels[key]
+          expected := input.parameters.labels[_]
+          expected.key == key
+          # do not match if allowedRegex is not defined, or is an empty string
+          expected.allowedRegex != ""
+          not re_match(expected.allowedRegex, value)
+          def_msg := sprintf("Label <%v: %v> does not satisfy allowed regex: %v", [key, value, expected.allowedRegex])
+          msg := get_message(input.parameters, def_msg)
+        }
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/upgrade-crds-hook.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/upgrade-crds-hook.yaml
new file mode 100644
index 000000000..4331785fb
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/upgrade-crds-hook.yaml
@@ -0,0 +1,82 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gatekeeper-admin-upgrade-crds
+  labels:
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
+    helm.sh/hook-weight: "1"
+rules:
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    verbs: ["get", "create", "update", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: gatekeeper-admin-upgrade-crds
+  labels:
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
+    helm.sh/hook-weight: "1"
+subjects:
+  - kind: ServiceAccount
+    name: gatekeeper-admin-upgrade-crds
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: gatekeeper-admin-upgrade-crds
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  name: gatekeeper-admin-upgrade-crds
+  namespace: '{{ .Release.Namespace }}'
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
+    helm.sh/hook-weight: "1"
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: gatekeeper-update-crds-hook
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "gatekeeper.name" . }}
+    chart: {{ template "gatekeeper.name" . }}
+    gatekeeper.sh/system: "yes"
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-weight: "1"
+    helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
+spec:
+  backoffLimit: 0
+  template:
+    metadata:
+      name: gatekeeper-update-crds-hook
+    spec:
+      serviceAccountName: gatekeeper-admin-upgrade-crds
+      restartPolicy: Never
+      containers:
+      - name: crds-upgrade
+        image: '{{ template "system_default_registry" . }}{{ .Values.images.gatekeepercrd.repository }}:{{ .Values.images.gatekeepercrd.tag }}'
+        imagePullPolicy: '{{ .Values.images.pullPolicy }}'
+        args:
+        - apply
+        - -f
+        - crds/
+      nodeSelector:
+        kubernetes.io/os: linux
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/validate-install-crd.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..d10bde124
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/templates/validate-install-crd.yaml
@@ -0,0 +1,20 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "mutations.gatekeeper.sh/v1alpha1/Assign" false -}}
+# {{- set $found "mutations.gatekeeper.sh/v1alpha1/AssignMetadata" false -}}
+# {{- set $found "config.gatekeeper.sh/v1alpha1/Config" false -}}
+# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintPodStatus" false -}}
+# {{- set $found "templates.gatekeeper.sh/v1/ConstraintTemplate" false -}}
+# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintTemplatePodStatus" false -}}
+# {{- set $found "status.gatekeeper.sh/v1beta1/MutatorPodStatus" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/values.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/values.yaml
new file mode 100644
index 000000000..7f7597847
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.1+up3.6.0/values.yaml
@@ -0,0 +1,93 @@
+replicas: 3
+auditInterval: 300
+auditMatchKindOnly: false
+constraintViolationsLimit: 20
+auditFromCache: false
+disableValidatingWebhook: false
+validatingWebhookTimeoutSeconds: 3
+validatingWebhookFailurePolicy: Ignore
+validatingWebhookCheckIgnoreFailurePolicy: Fail
+enableDeleteOperations: false
+experimentalEnableMutation: false
+auditChunkSize: 0
+logLevel: INFO
+logDenies: false
+emitAdmissionEvents: false
+emitAuditEvents: false
+resourceQuota: true
+postInstall:
+  labelNamespace:
+    enabled: true
+    image:
+      repository: rancher/kubectl
+      tag: v1.20.2
+      pullPolicy: IfNotPresent
+      pullSecrets: []
+images:
+  gatekeeper:
+    repository: rancher/mirrored-openpolicyagent-gatekeeper
+    tag: v3.6.0
+  gatekeepercrd:
+    repository: rancher/mirrored-openpolicyagent-gatekeeper-crds
+    tag: v3.6.0
+  pullPolicy: IfNotPresent
+  pullSecrets: []
+podAnnotations:
+  { container.seccomp.security.alpha.kubernetes.io/manager: runtime/default }
+podLabels: {}
+podCountLimit: 100
+secretAnnotations: {}
+controllerManager:
+  exemptNamespaces: []
+  hostNetwork: false
+  port: 8443
+  metricsPort: 8888
+  healthPort: 9090
+  priorityClassName: system-cluster-critical
+  affinity:
+    podAntiAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+        - podAffinityTerm:
+            labelSelector:
+              matchExpressions:
+                - key: gatekeeper.sh/operation
+                  operator: In
+                  values:
+                    - webhook
+            topologyKey: kubernetes.io/hostname
+          weight: 100
+  tolerations: []
+  nodeSelector: { kubernetes.io/os: linux }
+  resources:
+    limits:
+      cpu: 1000m
+      memory: 512Mi
+    requests:
+      cpu: 100m
+      memory: 256Mi
+audit:
+  hostNetwork: false
+  metricsPort: 8888
+  healthPort: 9090
+  priorityClassName: system-cluster-critical
+  affinity: {}
+  tolerations: []
+  nodeSelector: { kubernetes.io/os: linux }
+  resources:
+    limits:
+      cpu: 1000m
+      memory: 512Mi
+    requests:
+      cpu: 100m
+      memory: 256Mi
+pdb:
+  controllerManager:
+    minAvailable: 1
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+service: {}
+disabledBuiltins:
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/Chart.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/Chart.yaml
new file mode 100644
index 000000000..eba7a8430
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/Chart.yaml
@@ -0,0 +1,23 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-kiali-server-crd=100.0.0+up1.35.0
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Istio
+  catalog.cattle.io/namespace: istio-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1
+  catalog.cattle.io/rancher-version: '>= 2.6.0-0'
+  catalog.cattle.io/release-name: rancher-istio
+  catalog.cattle.io/requests-cpu: 710m
+  catalog.cattle.io/requests-memory: 2314Mi
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/ui-component: istio
+apiVersion: v1
+appVersion: 1.10.4
+description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/
+  for details.
+icon: https://charts.rancher.io/assets/logos/istio.svg
+keywords:
+- networking
+- infrastructure
+name: rancher-istio
+version: 100.0.1+up1.10.4
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/README.md b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/README.md
new file mode 100644
index 000000000..c93a4a7c8
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/README.md
@@ -0,0 +1,80 @@
+# Rancher-Istio Chart
+
+Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization.
+
+See the app-readme for known issues and deprecations.
+
+## Installation Requirements
+
+#### Chart Dependencies
+- rancher-kiali-server-crd chart
+- rancher-monitoring chart or other Prometheus installation
+
+#### Install
+To install the rancher-istio chart with helm, use the following command:
+```
+helm install rancher-istio <location/of/the/rancher-istio/chart> --create-namespace -n istio-system
+```
+
+#### Uninstall
+To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see chart dependencies for list of dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal.
+
+**If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:**
+`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind   "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"`
+
+## Addons
+The addons that are included with rancher-istio are:
+
+- Kiali
+- Jaeger
+
+Each addon has additional customization and dependencies required for them to work as expected. Use the values.yaml to customize or to enable/disable each addon.
+### Kiali Addon
+
+Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard.
+
+####  Kiali Dependencies
+##### rancher-monitoring chart or other Prometheus installation
+
+This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation.
+
+####  Prometheus Configuration for Kiali
+> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding.
+
+The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces.
+
+To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. 
+
+1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape.
+1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces.
+
+####  Kiali External Services
+
+The external services that can be configured in Kiali are: Prometheus, Grafana and Tracing.
+
+##### Prometheus
+The `kiali.external_services.prometheus` url is set in the values.yaml:
+```
+http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }}
+```
+The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance.
+
+##### Grafana
+The `kiali.external_services.grafana` url is set in the values.yaml:
+```
+http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }}
+```
+The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance.
+
+##### Tracing
+The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml:
+```
+http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }}
+```
+The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance.
+
+## Jaeger Addon
+
+Jaeger allows you to trace and monitor distributed microservices.
+
+> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs.
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/app-readme.md b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/app-readme.md
new file mode 100644
index 000000000..49b823253
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/app-readme.md
@@ -0,0 +1,35 @@
+# Rancher Istio
+
+Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes:
+* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh
+* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed system. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead.
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/).
+## Known Issues
+
+#### Airgapped Environments
+If you are using this chart in an airgapped environment, you will not be able to upgrade. This is because the `istioctl` upgrade command reaches out to an external repo and it is not configurable. We are tracking the fix for this issue [here](https://github.com/rancher/rancher/issues/33402)
+
+## Deprecations
+
+#### v1alpha1 security policies
+As of 1.6, Istio removed support for `v1alpha1` security policies resource and replaced the API with `v1beta1` authorization policies. https://istio.io/latest/docs/reference/config/security/authorization-policy/
+
+If you are currently running rancher-istio <= 1.7.x, you need to migrate any existing `v1alpha1` security policies to `v1beta1` authorization policies prior to upgrading to the next minor version.
+
+> **Note:** If you attempt to upgrade prior to migrating your policy resources, you might see errors similar to:
+```
+Error: found 6 CRD of unsupported v1alpha1 security policy
+```
+```
+ Error: found 1 unsupported v1alpha1 security policy
+ ```
+ ```
+ Control Plane - policy pod - istio-policy - version: x.x.x does not match the target version x.x.x
+ ```
+ Continue with the migration steps below before retrying the upgrade process.
+
+##### Migrating Resources:
+Migration steps can be found in this [istio blog post](https://istio.io/latest/blog/2021/migrate-alpha-policy/ "istio blog post").
+
+You can also use these [quick steps](https://github.com/rancher/rancher/issues/34699#issuecomment-921995917 "quick steps") to determine if you need to follow the more extensive migration steps.
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/Chart.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/Chart.yaml
new file mode 100644
index 000000000..2393605a8
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/Chart.yaml
@@ -0,0 +1,31 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-kiali-server-crd=match
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1
+  catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1
+  catalog.rancher.io/namespace: cattle-istio-system
+  catalog.rancher.io/release-name: rancher-kiali-server
+apiVersion: v2
+appVersion: v1.35.0
+description: Kiali is an open source project for service mesh observability, refer
+  to https://www.kiali.io for details. This is installed as sub-chart with customized
+  values in Rancher's Istio.
+home: https://github.com/kiali/kiali
+icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png
+keywords:
+- istio
+- kiali
+- networking
+- infrastructure
+maintainers:
+- email: kiali-users@googlegroups.com
+  name: Kiali
+  url: https://kiali.io
+name: kiali
+sources:
+- https://github.com/kiali/kiali
+- https://github.com/kiali/kiali-ui
+- https://github.com/kiali/kiali-operator
+- https://github.com/kiali/helm-charts
+version: 1.35.0
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/NOTES.txt b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/NOTES.txt
new file mode 100644
index 000000000..751019401
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/NOTES.txt
@@ -0,0 +1,5 @@
+Welcome to Kiali! For more details on Kiali, see: https://kiali.io
+
+The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon.
+
+(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}])
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/_helpers.tpl
new file mode 100644
index 000000000..5480bdbb8
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/_helpers.tpl
@@ -0,0 +1,193 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Create a default fully qualified instance name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+To simulate the way the operator works, use deployment.instance_name rather than the old fullnameOverride.
+For backwards compatibility, if fullnameOverride is not kiali but deployment.instance_name is kiali,
+use fullnameOverride, otherwise use deployment.instance_name.
+*/}}
+{{- define "kiali-server.fullname" -}}
+{{- if (and (eq .Values.deployment.instance_name "kiali") (ne .Values.fullnameOverride "kiali")) }}
+  {{- .Values.fullnameOverride | trunc 63 }}
+{{- else }}
+  {{- .Values.deployment.instance_name | trunc 63 }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kiali-server.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Identifies the log_level with the old verbose_mode and the new log_level considered.
+*/}}
+{{- define "kiali-server.logLevel" -}}
+{{- if .Values.deployment.verbose_mode -}}
+{{- .Values.deployment.verbose_mode -}}
+{{- else -}}
+{{- .Values.deployment.logger.log_level -}}
+{{- end -}}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kiali-server.labels" -}}
+helm.sh/chart: {{ include "kiali-server.chart" . }}
+app: kiali
+{{ include "kiali-server.selectorLabels" . }}
+version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }}
+app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/part-of: "kiali"
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kiali-server.selectorLabels" -}}
+{{- $releaseName := .Release.Name -}}
+{{- $fullName := include "kiali-server.fullname" . -}}
+{{- $deployment := (lookup "apps/v1" "Deployment" .Release.Namespace $fullName) -}}
+app.kubernetes.io/name: kiali
+{{- if (and .Release.IsUpgrade $deployment)}}
+app.kubernetes.io/instance: {{ (get (($deployment).metadata.labels) "app.kubernetes.io/instance") | default $fullName }}
+{{- else }}
+app.kubernetes.io/instance: {{ $fullName }}
+{{- end }}
+{{- end }}
+
+{{/*
+Used to determine if a custom dashboard (defined in .Template.Name) should be deployed.
+*/}}
+{{- define "kiali-server.isDashboardEnabled" -}}
+{{- if .Values.external_services.custom_dashboards.enabled }}
+  {{- $includere := "" }}
+  {{- range $_, $s := .Values.deployment.custom_dashboards.includes }}
+    {{- if $s }}
+      {{- if $includere }}
+        {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }}
+      {{- else }}
+        {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  {{- $excludere := "" }}
+  {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }}
+    {{- if $s }}
+      {{- if $excludere }}
+        {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }}
+      {{- else }}
+        {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }}
+    {{- print "enabled" }}
+  {{- else }}
+    {{- print "" }}
+  {{- end }}
+{{- else }}
+  {{- print "" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the default login token signing key.
+*/}}
+{{- define "kiali-server.login_token.signing_key" -}}
+{{- if .Values.login_token.signing_key }}
+  {{- .Values.login_token.signing_key }}
+{{- else }}
+  {{- randAlphaNum 16 }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the default web root.
+*/}}
+{{- define "kiali-server.server.web_root" -}}
+{{- if .Values.server.web_root  }}
+  {{- .Values.server.web_root | trimSuffix "/" }}
+{{- else }}
+  {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+    {{- "/" }}
+  {{- else }}
+    {{- "/kiali" }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the default identity cert file. There is no default if on k8s; only on OpenShift.
+*/}}
+{{- define "kiali-server.identity.cert_file" -}}
+{{- if hasKey .Values.identity "cert_file" }}
+  {{- .Values.identity.cert_file }}
+{{- else }}
+  {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+    {{- "/kiali-cert/tls.crt" }}
+  {{- else }}
+    {{- "" }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the default identity private key file. There is no default if on k8s; only on OpenShift.
+*/}}
+{{- define "kiali-server.identity.private_key_file" -}}
+{{- if hasKey .Values.identity "private_key_file" }}
+  {{- .Values.identity.private_key_file }}
+{{- else }}
+  {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+    {{- "/kiali-cert/tls.key" }}
+  {{- else }}
+    {{- "" }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the istio namespace - default is where Kiali is installed.
+*/}}
+{{- define "kiali-server.istio_namespace" -}}
+{{- if .Values.istio_namespace }}
+  {{- .Values.istio_namespace }}
+{{- else }}
+  {{- .Release.Namespace }}
+{{- end }}
+{{- end }}
+
+{{/*
+Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift.
+*/}}
+{{- define "kiali-server.auth.strategy" -}}
+{{- if .Values.auth.strategy }}
+  {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }}
+    {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }}
+  {{- end }}
+  {{- .Values.auth.strategy }}
+{{- else }}
+  {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+    {{- if not .Values.kiali_route_url }}
+      {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }}
+    {{- end }}
+    {{- "openshift" }}
+  {{- else }}
+    {{- "token" }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/cabundle.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/cabundle.yaml
new file mode 100644
index 000000000..7462b95a7
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/cabundle.yaml
@@ -0,0 +1,13 @@
+{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "kiali-server.fullname" . }}-cabundle
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+  annotations:
+    service.beta.openshift.io/inject-cabundle: "true"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/configmap.yaml
new file mode 100644
index 000000000..f4bfa09a1
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/configmap.yaml
@@ -0,0 +1,25 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+data:
+  config.yaml: |
+    {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}}
+    {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }}
+    {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}}
+    {{- $_ := set $cm.deployment "namespace" .Release.Namespace }}
+    {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}}
+    {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }}
+    {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }}
+    {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }}
+    {{- $_ := set $cm.deployment "instance_name" (include "kiali-server.fullname" .) }}
+    {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }}
+    {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }}
+    {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }}
+    {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }}
+    {{- toYaml $cm | nindent 4 }}
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/envoy.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/envoy.yaml
new file mode 100644
index 000000000..e642a3385
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/envoy.yaml
@@ -0,0 +1,56 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: envoy
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  title: Envoy Metrics
+  discoverOn: "envoy_server_uptime"
+  items:
+  - chart:
+      name: "Pods uptime"
+      spans: 4
+      metricName: "envoy_server_uptime"
+      dataType: "raw"
+  - chart:
+      name: "Allocated memory"
+      unit: "bytes"
+      spans: 4
+      metricName: "envoy_server_memory_allocated"
+      dataType: "raw"
+      min: 0
+  - chart:
+      name: "Heap size"
+      unit: "bytes"
+      spans: 4
+      metricName: "envoy_server_memory_heap_size"
+      dataType: "raw"
+      min: 0
+  - chart:
+      name: "Upstream active connections"
+      spans: 6
+      metricName: "envoy_cluster_upstream_cx_active"
+      dataType: "raw"
+  - chart:
+      name: "Upstream total requests"
+      spans: 6
+      metricName: "envoy_cluster_upstream_rq_total"
+      unit: "rps"
+      dataType: "rate"
+  - chart:
+      name: "Downstream active connections"
+      spans: 6
+      metricName: "envoy_listener_downstream_cx_active"
+      dataType: "raw"
+  - chart:
+      name: "Downstream HTTP requests"
+      spans: 6
+      metricName: "envoy_listener_http_downstream_rq"
+      unit: "rps"
+      dataType: "rate"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/go.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/go.yaml
new file mode 100644
index 000000000..fdead4c60
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/go.yaml
@@ -0,0 +1,67 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: go
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  title: Go Metrics
+  runtime: Go
+  discoverOn: "go_info"
+  items:
+  - chart:
+      name: "CPU ratio"
+      spans: 6
+      metricName: "process_cpu_seconds_total"
+      dataType: "rate"
+      aggregations:
+      - label: "pod_name"
+        displayName: "Pod"
+  - chart:
+      name: "RSS Memory"
+      unit: "bytes"
+      spans: 6
+      metricName: "process_resident_memory_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "pod_name"
+        displayName: "Pod"
+  - chart:
+      name: "Goroutines"
+      spans: 6
+      metricName: "go_goroutines"
+      dataType: "raw"
+      aggregations:
+      - label: "pod_name"
+        displayName: "Pod"
+  - chart:
+      name: "Heap allocation rate"
+      unit: "bytes/s"
+      spans: 6
+      metricName: "go_memstats_alloc_bytes_total"
+      dataType: "rate"
+      aggregations:
+      - label: "pod_name"
+        displayName: "Pod"
+  - chart:
+      name: "GC rate"
+      spans: 6
+      metricName: "go_gc_duration_seconds_count"
+      dataType: "rate"
+      aggregations:
+      - label: "pod_name"
+        displayName: "Pod"
+  - chart:
+      name: "Next GC"
+      unit: "bytes"
+      spans: 6
+      metricName: "go_memstats_next_gc_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "pod_name"
+        displayName: "Pod"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/kiali.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/kiali.yaml
new file mode 100644
index 000000000..5ecac7ff8
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/kiali.yaml
@@ -0,0 +1,44 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: kiali
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  title: Kiali Internal Metrics
+  items:
+  - chart:
+      name: "API processing duration"
+      unit: "seconds"
+      spans: 6
+      metricName: "kiali_api_processing_duration_seconds"
+      dataType: "histogram"
+      aggregations:
+      - label: "route"
+        displayName: "Route"
+  - chart:
+      name: "Functions processing duration"
+      unit: "seconds"
+      spans: 6
+      metricName: "kiali_go_function_processing_duration_seconds"
+      dataType: "histogram"
+      aggregations:
+      - label: "function"
+        displayName: "Function"
+      - label: "package"
+        displayName: "Package"
+  - chart:
+      name: "Failures"
+      spans: 12
+      metricName: "kiali_go_function_failures_total"
+      dataType: "raw"
+      aggregations:
+      - label: "function"
+        displayName: "Function"
+      - label: "package"
+        displayName: "Package"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml
new file mode 100644
index 000000000..50fce7056
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml
@@ -0,0 +1,43 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: micrometer-1.0.6-jvm-pool
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: JVM
+  title: JVM Pool Metrics
+  discoverOn: "jvm_buffer_total_capacity_bytes"
+  items:
+  - chart:
+      name: "Pool buffer memory used"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_buffer_memory_used_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "id"
+        displayName: "Pool"
+  - chart:
+      name: "Pool buffer capacity"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_buffer_total_capacity_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "id"
+        displayName: "Pool"
+  - chart:
+      name: "Pool buffer count"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_buffer_count"
+      dataType: "raw"
+      aggregations:
+      - label: "id"
+        displayName: "Pool"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml
new file mode 100644
index 000000000..84810095c
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml
@@ -0,0 +1,65 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: micrometer-1.0.6-jvm
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: JVM
+  title: JVM Metrics
+  discoverOn: "jvm_threads_live"
+  items:
+  - chart:
+      name: "Total live threads"
+      spans: 4
+      metricName: "jvm_threads_live"
+      dataType: "raw"
+  - chart:
+      name: "Daemon threads"
+      spans: 4
+      metricName: "jvm_threads_daemon"
+      dataType: "raw"
+  - chart:
+      name: "Loaded classes"
+      spans: 4
+      metricName: "jvm_classes_loaded"
+      dataType: "raw"
+
+  - chart:
+      name: "Memory used"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_memory_used_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "area"
+        displayName: "Area"
+      - label: "id"
+        displayName: "Space"
+  - chart:
+      name: "Memory commited"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_memory_committed_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "area"
+        displayName: "Area"
+      - label: "id"
+        displayName: "Space"
+  - chart:
+      name: "Memory max"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_memory_max_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "area"
+        displayName: "Area"
+      - label: "id"
+        displayName: "Space"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml
new file mode 100644
index 000000000..a28c4026c
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml
@@ -0,0 +1,68 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: micrometer-1.1-jvm
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: JVM
+  title: JVM Metrics
+  discoverOn: "jvm_threads_live_threads"
+  items:
+  - chart:
+      name: "Memory used"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_memory_used_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "area"
+        displayName: "Area"
+      - label: "id"
+        displayName: "Space"
+  - chart:
+      name: "Memory commited"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_memory_committed_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "area"
+        displayName: "Area"
+      - label: "id"
+        displayName: "Space"
+  - chart:
+      name: "Memory max"
+      unit: "bytes"
+      spans: 4
+      metricName: "jvm_memory_max_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "area"
+        displayName: "Area"
+      - label: "id"
+        displayName: "Space"
+
+  - chart:
+      name: "Total live threads"
+      spans: 4
+      metricName: "jvm_threads_live_threads"
+      dataType: "raw"
+  - chart:
+      name: "Daemon threads"
+      spans: 4
+      metricName: "jvm_threads_daemon_threads"
+      dataType: "raw"
+  - chart:
+      name: "Threads states"
+      spans: 4
+      metricName: "jvm_threads_states_threads"
+      dataType: "raw"
+      aggregations:
+      - label: "state"
+        displayName: "State"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/microprofile-1.1.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/microprofile-1.1.yaml
new file mode 100644
index 000000000..00e2415da
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/microprofile-1.1.yaml
@@ -0,0 +1,59 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: microprofile-1.1
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  title: MicroProfile Metrics
+  runtime: MicroProfile
+  discoverOn: "base:thread_count"
+  items:
+  - chart:
+      name: "Current loaded classes"
+      spans: 6
+      metricName: "base:classloader_current_loaded_class_count"
+      dataType: "raw"
+  - chart:
+      name: "Unloaded classes"
+      spans: 6
+      metricName: "base:classloader_total_unloaded_class_count"
+      dataType: "raw"
+  - chart:
+      name: "Thread count"
+      spans: 4
+      metricName: "base:thread_count"
+      dataType: "raw"
+  - chart:
+      name: "Thread max count"
+      spans: 4
+      metricName: "base:thread_max_count"
+      dataType: "raw"
+  - chart:
+      name: "Thread daemon count"
+      spans: 4
+      metricName: "base:thread_daemon_count"
+      dataType: "raw"
+  - chart:
+      name: "Committed heap"
+      unit: "bytes"
+      spans: 4
+      metricName: "base:memory_committed_heap_bytes"
+      dataType: "raw"
+  - chart:
+      name: "Max heap"
+      unit: "bytes"
+      spans: 4
+      metricName: "base:memory_max_heap_bytes"
+      dataType: "raw"
+  - chart:
+      name: "Used heap"
+      unit: "bytes"
+      spans: 4
+      metricName: "base:memory_used_heap_bytes"
+      dataType: "raw"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/microprofile-x.y.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/microprofile-x.y.yaml
new file mode 100644
index 000000000..585175330
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/microprofile-x.y.yaml
@@ -0,0 +1,38 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: microprofile-x.y
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  title: MicroProfile Metrics
+  runtime: MicroProfile
+  discoverOn: "base:gc_complete_scavenger_count"
+  items:
+  - chart:
+      name: "Young GC time"
+      unit: "seconds"
+      spans: 3
+      metricName: "base:gc_young_generation_scavenger_time_seconds"
+      dataType: "raw"
+  - chart:
+      name: "Young GC count"
+      spans: 3
+      metricName: "base:gc_young_generation_scavenger_count"
+      dataType: "raw"
+  - chart:
+      name: "Total GC time"
+      unit: "seconds"
+      spans: 3
+      metricName: "base:gc_complete_scavenger_time_seconds"
+      dataType: "raw"
+  - chart:
+      name: "Total GC count"
+      spans: 3
+      metricName: "base:gc_complete_scavenger_count"
+      dataType: "raw"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/nodejs.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/nodejs.yaml
new file mode 100644
index 000000000..7676a7c3c
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/nodejs.yaml
@@ -0,0 +1,59 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: nodejs
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Node.js
+  title: Node.js Metrics
+  discoverOn: "nodejs_active_handles_total"
+  items:
+  - chart:
+      name: "Active handles"
+      spans: 4
+      metricName: "nodejs_active_handles_total"
+      dataType: "raw"
+  - chart:
+      name: "Active requests"
+      spans: 4
+      metricName: "nodejs_active_requests_total"
+      dataType: "raw"
+  - chart:
+      name: "Event loop lag"
+      unit: "seconds"
+      spans: 4
+      metricName: "nodejs_eventloop_lag_seconds"
+      dataType: "raw"
+  - chart:
+      name: "Total heap size"
+      unit: "bytes"
+      spans: 12
+      metricName: "nodejs_heap_space_size_total_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "space"
+        displayName: "Space"
+  - chart:
+      name: "Used heap size"
+      unit: "bytes"
+      spans: 6
+      metricName: "nodejs_heap_space_size_used_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "space"
+        displayName: "Space"
+  - chart:
+      name: "Available heap size"
+      unit: "bytes"
+      spans: 6
+      metricName: "nodejs_heap_space_size_available_bytes"
+      dataType: "raw"
+      aggregations:
+      - label: "space"
+        displayName: "Space"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/quarkus.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/quarkus.yaml
new file mode 100644
index 000000000..a4f303751
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/quarkus.yaml
@@ -0,0 +1,33 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: quarkus
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  title: Quarkus Metrics
+  runtime: Quarkus
+  items:
+  - chart:
+      name: "Thread count"
+      spans: 4
+      metricName: "vendor:thread_count"
+      dataType: "raw"
+  - chart:
+      name: "Used heap"
+      unit: "bytes"
+      spans: 4
+      metricName: "vendor:memory_heap_usage_bytes"
+      dataType: "raw"
+  - chart:
+      name: "Used non-heap"
+      unit: "bytes"
+      spans: 4
+      metricName: "vendor:memory_non_heap_usage_bytes"
+      dataType: "raw"
+  - include: "microprofile-x.y"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml
new file mode 100644
index 000000000..3aa7d66e3
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: springboot-jvm-pool
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Spring Boot
+  title: JVM Pool Metrics
+  items:
+  - include: "micrometer-1.0.6-jvm-pool"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm.yaml
new file mode 100644
index 000000000..22ea15533
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: springboot-jvm
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Spring Boot
+  title: JVM Metrics
+  items:
+  - include: "micrometer-1.0.6-jvm"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/springboot-tomcat.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/springboot-tomcat.yaml
new file mode 100644
index 000000000..7020ddccb
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/springboot-tomcat.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: springboot-tomcat
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Spring Boot
+  title: Tomcat Metrics
+  items:
+  - include: "tomcat"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/thorntail.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/thorntail.yaml
new file mode 100644
index 000000000..0e94c50ef
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/thorntail.yaml
@@ -0,0 +1,22 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: thorntail
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Thorntail
+  title: Thorntail Metrics
+  discoverOn: "vendor:loaded_modules"
+  items:
+  - include: "microprofile-1.1"
+  - chart:
+      name: "Loaded modules"
+      spans: 6
+      metricName: "vendor:loaded_modules"
+      dataType: "raw"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/tomcat.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/tomcat.yaml
new file mode 100644
index 000000000..29467e9f6
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/tomcat.yaml
@@ -0,0 +1,67 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: tomcat
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Tomcat
+  title: Tomcat Metrics
+  discoverOn: "tomcat_sessions_created_total"
+  items:
+  - chart:
+      name: "Sessions created"
+      spans: 4
+      metricName: "tomcat_sessions_created_total"
+      dataType: "raw"
+  - chart:
+      name: "Active sessions"
+      spans: 4
+      metricName: "tomcat_sessions_active_current"
+      dataType: "raw"
+  - chart:
+      name: "Sessions rejected"
+      spans: 4
+      metricName: "tomcat_sessions_rejected_total"
+      dataType: "raw"
+
+  - chart:
+      name: "Bytes sent"
+      unit: "bitrate"
+      spans: 6
+      metricName: "tomcat_global_sent_bytes_total"
+      dataType: "rate"
+      aggregations:
+      - label: "name"
+        displayName: "Name"
+  - chart:
+      name: "Bytes received"
+      unit: "bitrate"
+      spans: 6
+      metricName: "tomcat_global_received_bytes_total"
+      dataType: "rate"
+      aggregations:
+      - label: "name"
+        displayName: "Name"
+
+  - chart:
+      name: "Global errors"
+      spans: 6
+      metricName: "tomcat_global_error_total"
+      dataType: "raw"
+      aggregations:
+      - label: "name"
+        displayName: "Name"
+  - chart:
+      name: "Servlet errors"
+      spans: 6
+      metricName: "tomcat_servlet_error_total"
+      dataType: "raw"
+      aggregations:
+      - label: "name"
+        displayName: "Name"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-client.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-client.yaml
new file mode 100644
index 000000000..9409adf63
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-client.yaml
@@ -0,0 +1,60 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: vertx-client
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Vert.x
+  title: Vert.x Client Metrics
+  discoverOn: "vertx_http_client_connections"
+  items:
+  - chart:
+      name: "Client response time"
+      unit: "seconds"
+      spans: 6
+      metricName: "vertx_http_client_responseTime_seconds"
+      dataType: "histogram"
+      aggregations:
+      - label: "path"
+        displayName: "Path"
+      - label: "method"
+        displayName: "Method"
+  - chart:
+      name: "Client request count rate"
+      unit: "ops"
+      spans: 6
+      metricName: "vertx_http_client_requestCount_total"
+      dataType: "rate"
+      aggregations:
+      - label: "path"
+        displayName: "Path"
+      - label: "method"
+        displayName: "Method"
+  - chart:
+      name: "Client active connections"
+      spans: 6
+      metricName: "vertx_http_client_connections"
+      dataType: "raw"
+  - chart:
+      name: "Client active websockets"
+      spans: 6
+      metricName: "vertx_http_client_wsConnections"
+      dataType: "raw"
+  - chart:
+      name: "Client bytes sent"
+      unit: "bytes"
+      spans: 6
+      metricName: "vertx_http_client_bytesSent"
+      dataType: "histogram"
+  - chart:
+      name: "Client bytes received"
+      unit: "bytes"
+      spans: 6
+      metricName: "vertx_http_client_bytesReceived"
+      dataType: "histogram"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-eventbus.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-eventbus.yaml
new file mode 100644
index 000000000..384e7b107
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-eventbus.yaml
@@ -0,0 +1,59 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: vertx-eventbus
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Vert.x
+  title: Vert.x Eventbus Metrics
+  discoverOn: "vertx_eventbus_handlers"
+  items:
+  - chart:
+      name: "Event bus handlers"
+      spans: 6
+      metricName: "vertx_eventbus_handlers"
+      dataType: "raw"
+      aggregations:
+      - label: "address"
+        displayName: "Eventbus address"
+  - chart:
+      name: "Event bus pending messages"
+      spans: 6
+      metricName: "vertx_eventbus_pending"
+      dataType: "raw"
+      aggregations:
+      - label: "address"
+        displayName: "Eventbus address"
+  - chart:
+      name: "Event bus processing time"
+      unit: "seconds"
+      spans: 6
+      metricName: "vertx_eventbus_processingTime_seconds"
+      dataType: "histogram"
+      aggregations:
+      - label: "address"
+        displayName: "Eventbus address"
+  - chart:
+      name: "Event bus bytes read"
+      unit: "bytes"
+      spans: 6
+      metricName: "vertx_eventbus_bytesRead"
+      dataType: "histogram"
+      aggregations:
+      - label: "address"
+        displayName: "Eventbus address"
+  - chart:
+      name: "Event bus bytes written"
+      unit: "bytes"
+      spans: 6
+      metricName: "vertx_eventbus_bytesWritten"
+      dataType: "histogram"
+      aggregations:
+      - label: "address"
+        displayName: "Eventbus address"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-jvm.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-jvm.yaml
new file mode 100644
index 000000000..8439ce6e4
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-jvm.yaml
@@ -0,0 +1,16 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: vertx-jvm
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Vert.x
+  title: JVM Metrics
+  items:
+  - include: "micrometer-1.1-jvm"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-pool.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-pool.yaml
new file mode 100644
index 000000000..8334d47a8
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-pool.yaml
@@ -0,0 +1,68 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: vertx-pool
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Vert.x
+  title: Vert.x Pools Metrics
+  discoverOn: "vertx_pool_ratio"
+  items:
+  - chart:
+      name: "Usage duration"
+      unit: "seconds"
+      spans: 6
+      metricName: "vertx_pool_usage_seconds"
+      dataType: "histogram"
+      aggregations:
+      - label: "pool_name"
+        displayName: "Name"
+      - label: "pool_type"
+        displayName: "Type"
+  - chart:
+      name: "Usage ratio"
+      spans: 6
+      metricName: "vertx_pool_ratio"
+      dataType: "raw"
+      aggregations:
+      - label: "pool_name"
+        displayName: "Name"
+      - label: "pool_type"
+        displayName: "Type"
+  - chart:
+      name: "Queue size"
+      spans: 6
+      metricName: "vertx_pool_queue_size"
+      dataType: "raw"
+      aggregations:
+      - label: "pool_name"
+        displayName: "Name"
+      - label: "pool_type"
+        displayName: "Type"
+  - chart:
+      name: "Time in queue"
+      unit: "seconds"
+      spans: 6
+      metricName: "vertx_pool_queue_delay_seconds"
+      dataType: "histogram"
+      aggregations:
+      - label: "pool_name"
+        displayName: "Name"
+      - label: "pool_type"
+        displayName: "Type"
+  - chart:
+      name: "Resources used"
+      spans: 6
+      metricName: "vertx_pool_inUse"
+      dataType: "raw"
+      aggregations:
+      - label: "pool_name"
+        displayName: "Name"
+      - label: "pool_type"
+        displayName: "Type"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-server.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-server.yaml
new file mode 100644
index 000000000..b88b270a8
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/dashboards/vertx-server.yaml
@@ -0,0 +1,62 @@
+{{- if (include "kiali-server.isDashboardEnabled" .) }}
+---
+apiVersion: monitoring.kiali.io/v1alpha1
+kind: MonitoringDashboard
+metadata:
+  name: vertx-server
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  runtime: Vert.x
+  title: Vert.x Server Metrics
+  discoverOn: "vertx_http_server_connections"
+  items:
+  - chart:
+      name: "Server response time"
+      unit: "seconds"
+      spans: 6
+      metricName: "vertx_http_server_responseTime_seconds"
+      dataType: "histogram"
+      aggregations:
+      - label: "path"
+        displayName: "Path"
+      - label: "method"
+        displayName: "Method"
+  - chart:
+      name: "Server request count rate"
+      unit: "ops"
+      spans: 6
+      metricName: "vertx_http_server_requestCount_total"
+      dataType: "rate"
+      aggregations:
+      - label: "code"
+        displayName: "Error code"
+      - label: "path"
+        displayName: "Path"
+      - label: "method"
+        displayName: "Method"
+  - chart:
+      name: "Server active connections"
+      spans: 6
+      metricName: "vertx_http_server_connections"
+      dataType: "raw"
+  - chart:
+      name: "Server active websockets"
+      spans: 6
+      metricName: "vertx_http_server_wsConnections"
+      dataType: "raw"
+  - chart:
+      name: "Server bytes sent"
+      unit: "bytes"
+      spans: 6
+      metricName: "vertx_http_server_bytesSent"
+      dataType: "histogram"
+  - chart:
+      name: "Server bytes received"
+      unit: "bytes"
+      spans: 6
+      metricName: "vertx_http_server_bytesReceived"
+      dataType: "histogram"
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/deployment.yaml
new file mode 100644
index 000000000..b5737ccc6
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/deployment.yaml
@@ -0,0 +1,179 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.deployment.replicas }}
+  selector:
+    matchLabels:
+      {{- include "kiali-server.selectorLabels" . | nindent 6 }}
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      name: {{ include "kiali-server.fullname" . }}
+      labels:
+        {{- include "kiali-server.labels" . | nindent 8 }}
+        {{- if .Values.deployment.pod_labels }}
+        {{- toYaml .Values.deployment.pod_labels | nindent 8 }}
+        {{- end }}
+      annotations:
+        {{- if .Values.server.metrics_enabled }}
+        prometheus.io/scrape: "true"
+        prometheus.io/port: {{ .Values.server.metrics_port | quote }}
+        {{- else }}
+        prometheus.io/scrape: "false"
+        prometheus.io/port: ""
+        {{- end }}
+        kiali.io/runtimes: go,kiali
+        {{- if .Values.deployment.pod_annotations }}
+        {{- toYaml .Values.deployment.pod_annotations | nindent 8 }}
+        {{- end }}
+    spec:
+      serviceAccountName: {{ include "kiali-server.fullname" . }}
+      {{- if .Values.deployment.priority_class_name }}
+      priorityClassName: {{ .Values.deployment.priority_class_name | quote }}
+      {{- end }}
+      {{- if .Values.deployment.image_pull_secrets }}
+      imagePullSecrets:
+      {{- range .Values.deployment.image_pull_secrets }}
+      - name: {{ . }}
+      {{- end }}
+      {{- end }}
+      containers:
+      - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}"
+        imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }}
+        name: {{ include "kiali-server.fullname" . }}
+        command:
+        - "/opt/kiali/kiali"
+        - "-config"
+        - "/kiali-configuration/config.yaml"
+        securityContext:
+          allowPrivilegeEscalation: false
+          privileged: false
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+        ports:
+        - name: api-port
+          containerPort: {{ .Values.server.port | default 20001 }}
+        {{- if .Values.server.metrics_enabled }}
+        - name: http-metrics
+          containerPort: {{ .Values.server.metrics_port | default 9090 }}
+        {{- end }}
+        readinessProbe:
+          httpGet:
+            path: {{ include "kiali-server.server.web_root" . | trimSuffix "/"  }}/healthz
+            port: api-port
+            {{- if (include "kiali-server.identity.cert_file" .) }}
+            scheme: HTTPS
+            {{- else }}
+            scheme: HTTP
+            {{- end }}
+          initialDelaySeconds: 5
+          periodSeconds: 30
+        livenessProbe:
+          httpGet:
+            path: {{ include "kiali-server.server.web_root" . | trimSuffix "/"  }}/healthz
+            port: api-port
+            {{- if (include "kiali-server.identity.cert_file" .) }}
+            scheme: HTTPS
+            {{- else }}
+            scheme: HTTP
+            {{- end }}
+          initialDelaySeconds: 5
+          periodSeconds: 30
+        env:
+        - name: ACTIVE_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: LOG_LEVEL
+          value: "{{ include "kiali-server.logLevel" . }}"
+        - name: LOG_FORMAT
+          value: "{{ .Values.deployment.logger.log_format }}"
+        - name: LOG_TIME_FIELD_FORMAT
+          value: "{{ .Values.deployment.logger.time_field_format }}" 
+        - name: LOG_SAMPLER_RATE
+          value: "{{ .Values.deployment.logger.sampler_rate }}"
+        volumeMounts:
+        {{- if .Values.web_root_override }}
+        - name: kiali-console
+          subPath: env.js
+          mountPath: /opt/kiali/console/env.js
+        {{- end }}
+        - name: {{ include "kiali-server.fullname" . }}-configuration
+          mountPath: "/kiali-configuration"
+        - name: {{ include "kiali-server.fullname" . }}-cert
+          mountPath: "/kiali-cert"
+        - name: {{ include "kiali-server.fullname" . }}-secret
+          mountPath: "/kiali-secret"
+        {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+        - name: {{ include "kiali-server.fullname" . }}-cabundle
+          mountPath: "/kiali-cabundle"
+        {{- end }}
+        {{- if .Values.deployment.resources }}
+        resources:
+        {{- toYaml .Values.deployment.resources | nindent 10 }}
+        {{- end }}
+      volumes:
+      {{- if .Values.web_root_override }}
+      - name: kiali-console
+        configMap:
+          name: kiali-console
+          items:
+          - key: env.js
+            path: env.js
+      {{- end }}
+      - name: {{ include "kiali-server.fullname" . }}-configuration
+        configMap:
+          name: {{ include "kiali-server.fullname" . }}
+      - name: {{ include "kiali-server.fullname" . }}-cert
+        secret:
+          {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+          secretName: {{ include "kiali-server.fullname" . }}-cert-secret
+          {{- else }}
+          secretName: istio.{{ include "kiali-server.fullname" . }}-service-account
+          {{- end }}
+          {{- if not (include "kiali-server.identity.cert_file" .) }}
+          optional: true
+          {{- end }}
+      - name: {{ include "kiali-server.fullname" . }}-secret
+        secret:
+          secretName: {{ .Values.deployment.secret_name }}
+          optional: true
+      {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+      - name: {{ include "kiali-server.fullname" . }}-cabundle
+        configMap:
+          name: {{ include "kiali-server.fullname" . }}-cabundle
+      {{- end }}
+      {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.affinity.pod) (.Values.deployment.affinity.pod_anti)) }}
+      affinity:
+        {{- if .Values.deployment.affinity.node }}
+        nodeAffinity:
+        {{- toYaml .Values.deployment.affinity.node | nindent 10 }}
+        {{- end }}
+        {{- if .Values.deployment.affinity.pod }}
+        podAffinity:
+        {{- toYaml .Values.deployment.affinity.pod | nindent 10 }}
+        {{- end }}
+        {{- if .Values.deployment.affinity.pod_anti }}
+        podAntiAffinity:
+        {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }}
+        {{- end }}
+      {{- end }}
+      {{- if .Values.deployment.tolerations }}
+      tolerations:
+      {{- toYaml .Values.deployment.tolerations | nindent 8 }}
+      {{- end }}
+      {{- if .Values.deployment.node_selector }}
+      nodeSelector:
+      {{- toYaml .Values.deployment.node_selector | nindent 8 }}
+      {{- end }}
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/hpa.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/hpa.yaml
new file mode 100644
index 000000000..934c4c1e9
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/hpa.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.deployment.hpa.spec }}
+---
+apiVersion: {{ .Values.deployment.hpa.api_version }}
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "kiali-server.fullname" . }}
+  {{- toYaml .Values.deployment.hpa.spec | nindent 2 }}
+...
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/ingress.yaml
new file mode 100644
index 000000000..1268101d6
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/ingress.yaml
@@ -0,0 +1,43 @@
+{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }}
+{{- if .Values.deployment.ingress_enabled }}
+---
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+  annotations:
+    {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}
+    {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }}
+    {{- else }}
+    # For ingress-nginx versions older than 0.20.0 use secure-backends.
+    # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948)
+    # For ingress-nginx versions 0.20.0 and later use backend-protocol.
+    {{- if (include "kiali-server.identity.cert_file" .) }}
+    nginx.ingress.kubernetes.io/secure-backends: "true"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    {{- else }}
+    nginx.ingress.kubernetes.io/secure-backends: "false"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+    {{- end }}
+    {{- end }}
+spec:
+  {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }}
+  {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }}
+  {{- else }}
+  rules:
+  - http:
+      paths:
+      - path: {{ include "kiali-server.server.web_root" . }}
+        backend:
+          serviceName: {{ include "kiali-server.fullname" . }}
+          servicePort: {{ .Values.server.port }}
+    {{- if not (empty .Values.server.web_fqdn) }}
+    host: {{ .Values.server.web_fqdn }}
+    {{- end }}
+  {{- end }}
+...
+{{- end }}
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/oauth.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/oauth.yaml
new file mode 100644
index 000000000..a178bb85e
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/oauth.yaml
@@ -0,0 +1,17 @@
+{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+{{- if .Values.kiali_route_url }}
+---
+apiVersion: oauth.openshift.io/v1
+kind: OAuthClient
+metadata:
+  name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+redirectURIs:
+- {{ .Values.kiali_route_url }}
+grantMethod: auto
+allowAnyScope: true
+...
+{{- end }}
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/psp.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/psp.yaml
new file mode 100644
index 000000000..f891892cc
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/psp.yaml
@@ -0,0 +1,67 @@
+{{- if .Values.global.rbac.pspEnabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "kiali-server.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "kiali-server.fullname" . }}-psp
+subjects:
+  - kind: ServiceAccount
+    name: kiali
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "kiali-server.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups:
+  - policy
+  resourceNames:
+  - {{ include "kiali-server.fullname" . }}-psp
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ include "kiali-server.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+spec:
+  allowPrivilegeEscalation: false
+  forbiddenSysctls:
+  - '*'
+  fsGroup:
+      ranges:
+        - max: 65535
+          min: 1
+      rule: MustRunAs
+  requiredDropCapabilities:
+  - ALL
+  runAsUser:
+      rule: MustRunAsNonRoot
+  runAsGroup:
+      rule: MustRunAs
+      ranges:
+      - min: 1
+        max: 65535
+  seLinux:
+      rule: RunAsAny
+  supplementalGroups:
+      ranges:
+        - max: 65535
+          min: 1
+      rule: MustRunAs
+  volumes:
+  - configMap
+  - emptyDir
+  - projected
+  - secret
+  - downwardAPI
+  - persistentVolumeClaim
+{{- end }}
\ No newline at end of file
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/role-controlplane.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/role-controlplane.yaml
new file mode 100644
index 000000000..a22c76756
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/role-controlplane.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "kiali-server.fullname" . }}-controlplane
+  namespace: {{ include "kiali-server.istio_namespace" . }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+rules:
+- apiGroups: [""]
+  resources:
+  - secrets
+  verbs:
+  - list
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/role-viewer.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/role-viewer.yaml
new file mode 100644
index 000000000..c1a766750
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/role-viewer.yaml
@@ -0,0 +1,96 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "kiali-server.fullname" . }}-viewer
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+rules:
+- apiGroups: [""]
+  resources:
+  - configmaps
+  - endpoints
+  - pods/log
+  - pods/proxy
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: [""]
+  resources:
+  - namespaces
+  - pods
+  - replicationcontrollers
+  - services
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: [""]
+  resources:
+  - pods/portforward
+  verbs:
+  - create
+  - post
+- apiGroups: ["extensions", "apps"]
+  resources:
+  - daemonsets
+  - deployments
+  - replicasets
+  - statefulsets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: ["batch"]
+  resources:
+  - cronjobs
+  - jobs
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - networking.istio.io
+  - security.istio.io
+  resources: ["*"]
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: ["apps.openshift.io"]
+  resources:
+  - deploymentconfigs
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: ["project.openshift.io"]
+  resources:
+  - projects
+  verbs:
+  - get
+- apiGroups: ["route.openshift.io"]
+  resources:
+  - routes
+  verbs:
+  - get
+- apiGroups: ["monitoring.kiali.io"]
+  resources:
+  - monitoringdashboards
+  verbs:
+  - get
+  - list
+- apiGroups: ["iter8.tools"]
+  resources:
+  - experiments
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: ["authentication.k8s.io"]
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/role.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/role.yaml
new file mode 100644
index 000000000..b764570c8
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/role.yaml
@@ -0,0 +1,106 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+rules:
+- apiGroups: [""]
+  resources:
+  - configmaps
+  - endpoints
+  - pods/log
+  - pods/proxy
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups: [""]
+  resources:
+  - namespaces
+  - pods
+  - replicationcontrollers
+  - services
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups: [""]
+  resources:
+  - pods/portforward
+  verbs:
+  - create
+  - post
+- apiGroups: ["extensions", "apps"]
+  resources:
+  - daemonsets
+  - deployments
+  - replicasets
+  - statefulsets
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups: ["batch"]
+  resources:
+  - cronjobs
+  - jobs
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups:
+  - networking.istio.io
+  - security.istio.io
+  resources: ["*"]
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - patch
+- apiGroups: ["apps.openshift.io"]
+  resources:
+  - deploymentconfigs
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups: ["project.openshift.io"]
+  resources:
+  - projects
+  verbs:
+  - get
+- apiGroups: ["route.openshift.io"]
+  resources:
+  - routes
+  verbs:
+  - get
+- apiGroups: ["monitoring.kiali.io"]
+  resources:
+  - monitoringdashboards
+  verbs:
+  - get
+  - list
+- apiGroups: ["iter8.tools"]
+  resources:
+  - experiments
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - patch
+- apiGroups: ["authentication.k8s.io"]
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/rolebinding-controlplane.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/rolebinding-controlplane.yaml
new file mode 100644
index 000000000..5a0015836
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/rolebinding-controlplane.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "kiali-server.fullname" . }}-controlplane
+  namespace: {{ include "kiali-server.istio_namespace" . }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "kiali-server.fullname" . }}-controlplane
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/rolebinding.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/rolebinding.yaml
new file mode 100644
index 000000000..1eaabd65f
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/rolebinding.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  {{- if .Values.deployment.view_only_mode }}
+  name: {{ include "kiali-server.fullname" . }}-viewer
+  {{- else }}
+  name: {{ include "kiali-server.fullname" . }}
+  {{- end }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/route.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/route.yaml
new file mode 100644
index 000000000..27940dc96
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/route.yaml
@@ -0,0 +1,30 @@
+{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+{{- if .Values.deployment.ingress_enabled }}
+# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm
+---
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+    {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}}
+    annotations:
+    {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }}
+    {{- end }}
+spec:
+  {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }}
+  {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }}
+  {{- else }}
+  tls:
+    termination: reencrypt
+    insecureEdgeTerminationPolicy: Redirect
+  to:
+    kind: Service
+    targetPort: {{ .Values.server.port }}
+    name: {{ include "kiali-server.fullname" . }}
+  {{- end }}
+...
+{{- end }}
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/service.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/service.yaml
new file mode 100644
index 000000000..e7618d68f
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/service.yaml
@@ -0,0 +1,45 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+  annotations:
+    {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }}
+    service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret
+    {{- end }}
+    {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }}
+    {{- if empty .Values.server.web_port }}
+    kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ default "" .Values.server.web_root }}
+    {{- else }}
+    kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{(default "" .Values.server.web_root) }}
+    {{- end }}
+    {{- end }}
+    {{- if .Values.deployment.service_annotations }}
+    {{- toYaml .Values.deployment.service_annotations | nindent 4  }}
+    {{- end }}
+spec:
+  {{- if .Values.deployment.service_type }}
+  type: {{ .Values.deployment.service_type }}
+  {{- end }}
+  ports:
+  {{- if (include "kiali-server.identity.cert_file" .) }}
+  - name: tcp
+  {{- else }}
+  - name: http
+  {{- end }}
+    protocol: TCP
+    port: {{ .Values.server.port }}
+  {{- if .Values.server.metrics_enabled }}
+  - name: http-metrics
+    protocol: TCP
+    port: {{ .Values.server.metrics_port }}
+  {{- end }}
+  selector:
+    {{- include "kiali-server.selectorLabels" . | nindent 4 }}
+  {{- if .Values.deployment.additional_service_yaml }}
+  {{- toYaml .Values.deployment.additional_service_yaml | nindent 2  }}
+  {{- end }}
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/serviceaccount.yaml
new file mode 100644
index 000000000..9151b6f6a
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/serviceaccount.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "kiali-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+...
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/validate-install-crd.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..b42eeb266
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/validate-install-crd.yaml
@@ -0,0 +1,14 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/web-root-configmap.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/web-root-configmap.yaml
new file mode 100644
index 000000000..970d4e4f5
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/templates/web-root-configmap.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.web_root_override }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kiali-console
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kiali-server.labels" . | nindent 4 }}
+data:
+  env.js: |
+    window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali';
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/values.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/values.yaml
new file mode 100644
index 000000000..8db88b0d9
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/kiali/values.yaml
@@ -0,0 +1,98 @@
+# 'fullnameOverride' is deprecated. Use 'deployment.instance_name' instead.
+# This is only supported for backward compatibility and will be removed in a future version.
+# If 'fullnameOverride' is not "kiali" and 'deployment.instance_name' is "kiali",
+# then 'deployment.instance_name' will take the value of 'fullnameOverride' value.
+# Otherwise, 'fullnameOverride' is ignored and 'deployment.instance_name' is used.
+fullnameOverride: "kiali"
+
+# This is required for "openshift" auth strategy.
+# You have to know ahead of time what your Route URL will be because
+# right now the helm chart can't figure this out at runtime (it would
+# need to wait for the Kiali Route to be deployed and for OpenShift
+# to start it up). If someone knows how to update this helm chart to
+# do this, a PR would be welcome.
+kiali_route_url: ""
+
+# rancher specific override that allows proxy access to kiali url
+web_root_override: true
+
+#
+# Settings that mimic the Kiali CR which are placed in the ConfigMap.
+# Note that only those values used by the Helm Chart will be here.
+#
+
+istio_namespace: "" # default is where Kiali is installed
+
+auth:
+  openid: {}
+  openshift: {}
+  strategy: ""
+
+deployment:
+  # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything.
+  # For more control over what the Kial Service Account can see, use the Kiali Operator
+  accessible_namespaces:
+  - "**"
+  additional_service_yaml: {}
+  affinity:
+    node: {}
+    pod: {}
+    pod_anti: {}
+  custom_dashboards:
+    excludes: ['']
+    includes: ['*']
+  hpa:
+    api_version: "autoscaling/v2beta2"
+    spec: {}
+  repository: rancher/mirrored-kiali-kiali
+  image_pull_policy: "Always"
+  image_pull_secrets: []
+  tag: v1.35.0
+  ingress_enabled: true
+  instance_name: "kiali"
+  logger:
+    log_format: "text"
+    log_level: "info"
+    time_field_format: "2006-01-02T15:04:05Z07:00"
+    sampler_rate: "1"
+  node_selector: {}
+  override_ingress_yaml:
+    metadata: {}
+  pod_annotations: {}
+  pod_labels: {}
+  priority_class_name: ""
+  replicas: 1
+  resources: {}
+  secret_name: "kiali"
+  service_annotations: {}
+  service_type: ""
+  tolerations: []
+  version_label: v1.35.0
+  view_only_mode: false
+
+external_services:
+  custom_dashboards:
+    enabled: true
+
+identity: {}
+  #cert_file:
+  #private_key_file:
+
+login_token:
+  signing_key: ""
+
+server:
+  port: 20001
+  metrics_enabled: true
+  metrics_port: 9090
+  web_root: ""
+
+# Common settings used among istio subcharts.
+global:
+  # Specify rancher clusterId of external tracing config
+  # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032
+  cattle:
+    systemDefaultRegistry: ""
+    clusterId:
+  rbac:
+    pspEnabled: false
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/.helmignore b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/.helmignore
new file mode 100644
index 000000000..0e8a0eb36
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/Chart.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/Chart.yaml
new file mode 100644
index 000000000..6e368616d
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/Chart.yaml
@@ -0,0 +1,12 @@
+annotations:
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/os: linux
+  catalog.rancher.io/certified: rancher
+  catalog.rancher.io/namespace: istio-system
+  catalog.rancher.io/release-name: rancher-tracing
+apiVersion: v1
+appVersion: 1.20.0
+description: A quick start Jaeger Tracing installation using the all-in-one demo.
+  This is not production qualified. Refer to https://www.jaegertracing.io/ for details.
+name: tracing
+version: 1.20.1
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/README.md b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/README.md
new file mode 100644
index 000000000..25534c628
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/README.md
@@ -0,0 +1,5 @@
+# Jaeger
+
+A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices.
+
+> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs.
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/_affinity.tpl b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/_affinity.tpl
new file mode 100644
index 000000000..bf6a9aee5
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/_affinity.tpl
@@ -0,0 +1,92 @@
+{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}}
+{{- define "nodeAffinity" }}
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+    {{- include "nodeAffinityRequiredDuringScheduling" . }}
+    preferredDuringSchedulingIgnoredDuringExecution:
+    {{- include "nodeAffinityPreferredDuringScheduling" . }}
+{{- end }}
+
+{{- define "nodeAffinityRequiredDuringScheduling" }}
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: beta.kubernetes.io/arch
+          operator: In
+          values:
+        {{- range $key, $val := .Values.global.arch }}
+          {{- if gt ($val | int) 0 }}
+          - {{ $key | quote }}
+          {{- end }}
+        {{- end }}
+        {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}}
+        {{- range $key, $val := $nodeSelector }}
+        - key: {{ $key }}
+          operator: In
+          values:
+          - {{ $val | quote }}
+        {{- end }}
+{{- end }}
+
+{{- define "nodeAffinityPreferredDuringScheduling" }}
+  {{- range $key, $val := .Values.global.arch }}
+    {{- if gt ($val | int) 0 }}
+    - weight: {{ $val | int }}
+      preference:
+        matchExpressions:
+        - key: beta.kubernetes.io/arch
+          operator: In
+          values:
+          - {{ $key | quote }}
+    {{- end }}
+  {{- end }}
+{{- end }}
+
+{{- define "podAntiAffinity" }}
+{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}}
+  podAntiAffinity:
+    {{- if .Values.podAntiAffinityLabelSelector }}
+    requiredDuringSchedulingIgnoredDuringExecution:
+    {{- include "podAntiAffinityRequiredDuringScheduling" . }}
+    {{- end }}
+    {{- if or .Values.podAntiAffinityTermLabelSelector}}
+    preferredDuringSchedulingIgnoredDuringExecution:
+    {{- include "podAntiAffinityPreferredDuringScheduling" . }}
+    {{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "podAntiAffinityRequiredDuringScheduling" }}
+    {{- range $index, $item := .Values.podAntiAffinityLabelSelector }}
+    - labelSelector:
+        matchExpressions:
+        - key: {{ $item.key }}
+          operator: {{ $item.operator }}
+          {{- if $item.values }}
+          values:
+          {{- $vals := split "," $item.values }}
+          {{- range $i, $v := $vals }}
+          - {{ $v | quote }}
+          {{- end }}
+          {{- end }}
+      topologyKey: {{ $item.topologyKey }}
+    {{- end }}
+{{- end }}
+
+{{- define "podAntiAffinityPreferredDuringScheduling" }}
+    {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }}
+    - podAffinityTerm:
+        labelSelector:
+          matchExpressions:
+          - key: {{ $item.key }}
+            operator: {{ $item.operator }}
+            {{- if $item.values }}
+            values:
+            {{- $vals := split "," $item.values }}
+            {{- range $i, $v := $vals }}
+            - {{ $v | quote }}
+            {{- end }}
+            {{- end }}
+        topologyKey: {{ $item.topologyKey }}
+      weight: 100
+    {{- end }}
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/_helpers.tpl
new file mode 100644
index 000000000..56cfa7335
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "tracing.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "tracing.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/deployment.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/deployment.yaml
new file mode 100644
index 000000000..25bb67fd3
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/deployment.yaml
@@ -0,0 +1,86 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "tracing.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.provider }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Values.provider }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.provider }}
+        heritage: {{ .Release.Service }}
+        release: {{ .Release.Name }}
+      annotations:
+        sidecar.istio.io/inject: "false"
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "14269"
+{{- if .Values.jaeger.podAnnotations }}
+{{ toYaml .Values.jaeger.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+      containers:
+        - name: jaeger
+          image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}"
+          imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+          env:
+          {{- if eq .Values.jaeger.spanStorageType "badger" }}
+          - name: BADGER_EPHEMERAL
+            value: "false"
+          - name: SPAN_STORAGE_TYPE
+            value: "badger"
+          - name: BADGER_DIRECTORY_VALUE
+            value: "/badger/data"
+          - name: BADGER_DIRECTORY_KEY
+            value: "/badger/key"
+          {{- end }}
+          - name: COLLECTOR_ZIPKIN_HTTP_PORT
+            value: "9411"
+          - name: MEMORY_MAX_TRACES
+            value: "{{ .Values.jaeger.memory.max_traces }}"
+          - name: QUERY_BASE_PATH
+            value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }}
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 14269
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 14269
+{{- if eq .Values.jaeger.spanStorageType "badger" }}
+          volumeMounts:
+            - name: data
+              mountPath: /badger
+{{- end }}
+          resources:
+{{- if .Values.jaeger.resources }}
+{{ toYaml .Values.jaeger.resources | indent 12 }}
+{{- else }}
+{{ toYaml .Values.global.defaultResources | indent 12 }}
+{{- end }}
+      affinity:
+      {{- include "nodeAffinity" . | indent 6 }}
+      {{- include "podAntiAffinity" . | indent 6 }}
+     {{- if .Values.global.rbac.pspEnabled }}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+      serviceAccountName: {{ include "tracing.fullname" . }}
+      {{- end }}
+{{- if eq .Values.jaeger.spanStorageType "badger" }}
+      volumes:
+      - name: data
+{{- if .Values.jaeger.persistentVolumeClaim.enabled }}
+        persistentVolumeClaim:
+          claimName: istio-jaeger-pvc
+{{- else }}
+        emptyDir: {}
+{{- end }}
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/psp.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/psp.yaml
new file mode 100644
index 000000000..44b230492
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/psp.yaml
@@ -0,0 +1,86 @@
+{{- if .Values.global.rbac.pspEnabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "tracing.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.provider }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "tracing.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.provider }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "tracing.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "tracing.fullname" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "tracing.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.provider }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - policy
+  resourceNames:
+  - {{ include "tracing.fullname" . }}
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ include "tracing.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.provider }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  allowPrivilegeEscalation: false
+  forbiddenSysctls:
+  - '*'
+  fsGroup:
+      ranges:
+        - max: 65535
+          min: 1
+      rule: MustRunAs
+  requiredDropCapabilities:
+  - ALL
+  runAsUser:
+      rule: MustRunAsNonRoot
+  runAsGroup:
+      rule: MustRunAs
+      ranges:
+      - min: 1
+        max: 65535
+  seLinux:
+      rule: RunAsAny
+  supplementalGroups:
+      ranges:
+        - max: 65535
+          min: 1
+      rule: MustRunAs
+  volumes:
+  - emptyDir
+  - secret
+  - persistentVolumeClaim
+{{- end }}
\ No newline at end of file
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/pvc.yaml
new file mode 100644
index 000000000..9b4c55e4f
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/pvc.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.jaeger.persistentVolumeClaim.enabled }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: istio-jaeger-pvc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.provider }}
+spec:
+  storageClassName: {{ .Values.jaeger.storageClassName }}
+  accessModes:
+    - {{ .Values.jaeger.accessMode }}
+  resources:
+    requests:
+      storage: {{.Values.jaeger.persistentVolumeClaim.storage }}
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/service.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/service.yaml
new file mode 100644
index 000000000..4210a9b5f
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/templates/service.yaml
@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: tracing
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    {{- range $key, $val := .Values.service.annotations }}
+    {{ $key }}: {{ $val | quote }}
+    {{- end }}
+  labels:
+    app: {{ .Values.provider }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - name: {{ .Values.service.name }}
+      port: {{ .Values.service.externalPort }}
+      protocol: TCP
+      targetPort: 16686
+  selector:
+    app: {{ .Values.provider }}
+---
+# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin.
+apiVersion: v1
+kind: Service
+metadata:
+  name: zipkin
+  namespace: {{ .Release.Namespace }}
+  labels:
+    name: zipkin
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  ports:
+    - name: {{ .Values.service.name }}
+      port: {{ .Values.zipkin.queryPort }}
+      targetPort: {{ .Values.zipkin.queryPort }}
+  selector:
+    app: {{ .Values.provider }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: jaeger-collector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.provider }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  type: ClusterIP
+  ports:
+  - name: jaeger-collector-http
+    port: 14268
+    targetPort: 14268
+    protocol: TCP
+  - name: jaeger-collector-grpc
+    port: 14250
+    targetPort: 14250
+    protocol: TCP
+  selector:
+    app: {{ .Values.provider }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/values.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/values.yaml
new file mode 100644
index 000000000..18ff81c3c
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/charts/tracing/values.yaml
@@ -0,0 +1,44 @@
+provider: jaeger
+contextPath: ""
+nodeSelector: {}
+podAntiAffinityLabelSelector: []
+podAntiAffinityTermLabelSelector: []
+nameOverride: ""
+fullnameOverride: ""
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  defaultResources: {}
+  imagePullPolicy: IfNotPresent
+  imagePullSecrets: []
+  arch:
+    amd64: 2
+    s390x: 2
+    ppc64le: 2
+  defaultNodeSelector: {}
+  rbac:
+    pspEnabled: false
+
+jaeger:
+  repository: rancher/mirrored-jaegertracing-all-in-one
+  tag: 1.20.0
+  # spanStorageType value can be "memory" and "badger" for all-in-one image
+  spanStorageType: badger
+  resources:
+    requests:
+      cpu: 10m
+  persistentVolumeClaim: 
+    enabled: false
+    storage: 5Gi
+  storageClassName: ""
+  accessMode: ReadWriteMany
+  memory:
+    max_traces: 50000
+zipkin:
+  queryPort: 9411
+service:
+  annotations: {}
+  name: http-query
+  type: ClusterIP
+  externalPort: 16686
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/configs/istio-base.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/configs/istio-base.yaml
new file mode 100644
index 000000000..c5fa6f5f0
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/configs/istio-base.yaml
@@ -0,0 +1,82 @@
+apiVersion: install.istio.io/v1alpha1
+kind: IstioOperator
+spec:
+  components:
+    base:
+      enabled: {{ .Values.base.enabled }}
+    cni:
+      enabled: {{ .Values.cni.enabled }}
+    egressGateways:
+    - enabled: {{ .Values.egressGateways.enabled }}
+      name: istio-egressgateway
+    ingressGateways:
+    - enabled: {{ .Values.ingressGateways.enabled }}
+      name: istio-ingressgateway
+      k8s:
+        service:
+          ports:
+          - name: status-port
+            port: 15021
+            targetPort: 15021
+          - name: http2
+            port: 80
+            targetPort: 8080
+            nodePort: 31380
+          - name: https
+            port: 443
+            targetPort: 8443
+            nodePort: 31390
+          - name: tcp
+            port: 31400
+            targetPort: 31400
+            nodePort: 31400
+          - name: tls
+            port: 15443
+            targetPort: 15443
+    istiodRemote:
+      enabled: {{ .Values.istiodRemote.enabled }}
+    pilot:
+      enabled: {{ .Values.pilot.enabled }}
+  hub: {{ .Values.systemDefaultRegistry | default "docker.io" }}
+  profile: default
+  tag: {{ .Values.tag }}
+  revision: {{ .Values.revision }}
+  meshConfig:
+    defaultConfig:
+      proxyMetadata:
+      {{- if .Values.dns.enabled }}
+        ISTIO_META_DNS_CAPTURE: "true"
+      {{- end }}
+  values:
+    gateways:
+      istio-egressgateway:
+        name: istio-egressgateway
+        type: {{ .Values.egressGateways.type }}
+      istio-ingressgateway:
+        name: istio-ingressgateway
+        type: {{ .Values.ingressGateways.type }}
+    global:
+      istioNamespace: {{ template "istio.namespace" . }}
+      proxy:
+        image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }}
+      proxy_init:
+        image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }}
+      {{- if .Values.global.defaultPodDisruptionBudget.enabled }}
+      defaultPodDisruptionBudget:
+        enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }}
+      {{- end }}
+    {{- if .Values.pilot.enabled }}
+    pilot:
+      image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }}
+    {{- end }}
+    telemetry:
+      enabled: {{ .Values.telemetry.enabled }}
+      v2:
+        enabled: {{ .Values.telemetry.v2.enabled }}
+    {{- if .Values.cni.enabled }}
+    cni:
+      image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }}
+      excludeNamespaces:
+      {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }}
+      logLevel: {{ .Values.cni.logLevel }}
+    {{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/requirements.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/requirements.yaml
new file mode 100644
index 000000000..943a08326
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/requirements.yaml
@@ -0,0 +1,7 @@
+dependencies:
+- condition: kiali.enabled
+  name: kiali
+  repository: file://./charts/kiali
+- condition: tracing.enabled
+  name: tracing
+  repository: file://./charts/tracing
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/samples/overlay-example.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/samples/overlay-example.yaml
new file mode 100644
index 000000000..5cf3cf3b0
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/samples/overlay-example.yaml
@@ -0,0 +1,37 @@
+apiVersion: install.istio.io/v1alpha1
+kind: IstioOperator
+spec:
+  components:
+    ingressGateways:
+    - enabled: true
+      name: ilb-gateway
+      namespace: user-ingressgateway-ns
+      k8s:
+        resources:
+          requests:
+            cpu: 200m
+        service:
+          ports:
+          - name: tcp-citadel-grpc-tls
+            port: 8060
+            targetPort: 8060
+          - name: tcp-dns
+            port: 5353
+        serviceAnnotations:
+          cloud.google.com/load-balancer-type: internal
+    - enabled: true
+      name: other-gateway
+      namespace: cattle-istio-system
+      k8s:
+        resources:
+          requests:
+            cpu: 200m
+        service:
+          ports:
+          - name: tcp-citadel-grpc-tls
+            port: 8060
+            targetPort: 8060
+          - name: tcp-dns
+            port: 5353
+        serviceAnnotations:
+          cloud.google.com/load-balancer-type: internal
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/_helpers.tpl b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/_helpers.tpl
new file mode 100644
index 000000000..3f7af953a
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/_helpers.tpl
@@ -0,0 +1,12 @@
+{{/* Ensure namespace is set the same everywhere */}}
+{{- define "istio.namespace" -}}
+  {{- .Release.Namespace | default "istio-system" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/admin-role.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/admin-role.yaml
new file mode 100644
index 000000000..ad1313c4f
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/admin-role.yaml
@@ -0,0 +1,43 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+  name: istio-admin
+  namespace: {{ template "istio.namespace" . }}
+rules:
+  - apiGroups:
+      - config.istio.io
+    resources:
+      - adapters
+      - attributemanifests
+      - handlers
+      - httpapispecbindings
+      - httpapispecs
+      - instances
+      - quotaspecbindings
+      - quotaspecs
+      - rules
+      - templates
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - networking.istio.io
+    resources:
+      - destinationrules
+      - envoyfilters
+      - gateways
+      - serviceentries
+      - sidecars
+      - virtualservices
+      - workloadentries
+    verbs:
+      - '*'
+  - apiGroups:
+      - security.istio.io
+    resources:
+      - authorizationpolicies
+      - peerauthentications
+      - requestauthentications
+    verbs:
+      - '*'
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/base-config-map.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/base-config-map.yaml
new file mode 100644
index 000000000..5323917bc
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/base-config-map.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: istio-installer-base
+  namespace: {{ template "istio.namespace" . }}
+data:
+{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/clusterrole.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/clusterrole.yaml
new file mode 100644
index 000000000..8eeb78758
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/clusterrole.yaml
@@ -0,0 +1,126 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: istio-installer
+rules:
+# istio groups
+- apiGroups:
+  - authentication.istio.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - config.istio.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - install.istio.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - networking.istio.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - rbac.istio.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - security.istio.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - telemetry.istio.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+# k8s groups
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - mutatingwebhookconfigurations
+  - validatingwebhookconfigurations
+  verbs:
+  - '*'
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions.apiextensions.k8s.io
+  - customresourcedefinitions
+  verbs:
+  - '*'
+- apiGroups:
+  - apps
+  - extensions
+  resources:
+  - daemonsets
+  - deployments
+  - deployments/finalizers
+  - ingresses
+  - replicasets
+  - statefulsets
+  verbs:
+  - '*'
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - '*'
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs:
+  - get
+  - create
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - '*'
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterrolebindings
+  - clusterroles
+  - roles
+  - rolebindings
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - endpoints
+  - events
+  - namespaces
+  - pods
+  - pods/exec
+  - persistentvolumeclaims
+  - secrets
+  - services
+  - serviceaccounts
+  verbs:
+  - '*'
+- apiGroups:
+  - policy
+  resourceNames:
+  - istio-installer
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/clusterrolebinding.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..9d74a0434
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: istio-installer
+subjects:
+- kind: ServiceAccount
+  name: istio-installer
+  namespace: {{ template "istio.namespace" . }}
+roleRef:
+  kind: ClusterRole
+  name: istio-installer
+  apiGroup: rbac.authorization.k8s.io
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/edit-role.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/edit-role.yaml
new file mode 100644
index 000000000..d1059d58d
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/edit-role.yaml
@@ -0,0 +1,43 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+  namespace: {{ template "istio.namespace" . }}
+  name: istio-edit
+rules:
+  - apiGroups:
+      - config.istio.io
+    resources:
+      - adapters
+      - attributemanifests
+      - handlers
+      - httpapispecbindings
+      - httpapispecs
+      - instances
+      - quotaspecbindings
+      - quotaspecs
+      - rules
+      - templates
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - networking.istio.io
+    resources:
+      - destinationrules
+      - envoyfilters
+      - gateways
+      - serviceentries
+      - sidecars
+      - virtualservices
+      - workloadentries
+    verbs:
+      - '*'
+  - apiGroups:
+      - security.istio.io
+    resources:
+      - authorizationpolicies
+      - peerauthentications
+      - requestauthentications
+    verbs:
+      - '*'
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-cni-psp.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-cni-psp.yaml
new file mode 100644
index 000000000..5b94c8503
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-cni-psp.yaml
@@ -0,0 +1,51 @@
+{{- if .Values.global.rbac.pspEnabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: psp-istio-cni
+  namespace: {{ template "istio.namespace" . }}
+spec:
+  allowPrivilegeEscalation: true
+  fsGroup:
+      rule: RunAsAny
+  hostNetwork: true
+  runAsUser:
+      rule: RunAsAny
+  seLinux:
+      rule: RunAsAny
+  supplementalGroups:
+      rule: RunAsAny
+  volumes:
+  - secret
+  - configMap
+  - emptyDir
+  - hostPath
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: psp-istio-cni
+  namespace: {{ template "istio.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: psp-istio-cni
+subjects:
+  - kind: ServiceAccount
+    name: istio-cni
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: psp-istio-cni
+  namespace: {{ template "istio.namespace" . }}
+rules:
+- apiGroups:
+  - policy
+  resourceNames:
+  - psp-istio-cni
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+{{- end }}
\ No newline at end of file
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-install-job.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-install-job.yaml
new file mode 100644
index 000000000..625da0832
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-install-job.yaml
@@ -0,0 +1,58 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: istioctl-installer
+  namespace: {{ template "istio.namespace" . }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  backoffLimit: 1
+  template:
+    spec:
+      {{- if .Values.installer.releaseMirror.enabled }}
+      hostAliases:
+      - ip: "127.0.0.1"
+        hostnames:
+        - "github.com"
+      {{- end }}
+      containers:
+        - name: istioctl-installer
+          image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }}
+          env:
+          - name: RELEASE_NAME
+            value: {{ .Release.Name }}
+          - name: ISTIO_NAMESPACE
+            value: {{ template "istio.namespace" . }}
+          - name: FORCE_INSTALL
+            value: {{ .Values.forceInstall | default "false" | quote }}
+          - name: RELEASE_MIRROR_ENABLED
+            value: {{ .Values.installer.releaseMirror.enabled | quote }}
+          - name: SECONDS_SLEEP
+            value: {{ .Values.installer.debug.secondsSleep | quote}}
+          command: ["/bin/sh","-c"]
+          args: ["/usr/local/app/scripts/run.sh"]
+          volumeMounts:
+          - name: config-volume
+            mountPath: /app/istio-base.yaml
+            subPath: istio-base.yaml
+          {{- if .Values.overlayFile }}
+          - name: overlay-volume
+            mountPath: /app/overlay-config.yaml
+            subPath: overlay-config.yaml
+          {{- end }}
+      volumes:
+        - name: config-volume
+          configMap:
+            name: istio-installer-base
+        {{- if .Values.overlayFile }}
+        - name: overlay-volume
+          configMap:
+            name: istio-installer-overlay
+        {{- end }}
+      serviceAccountName: istio-installer
+      securityContext:
+        runAsUser: 101
+        runAsGroup: 101
+      restartPolicy: Never
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-install-psp.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-install-psp.yaml
new file mode 100644
index 000000000..f0b5ee565
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-install-psp.yaml
@@ -0,0 +1,30 @@
+{{- if .Values.global.rbac.pspEnabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: istio-installer
+  namespace: {{ template "istio.namespace" . }}
+spec:
+  privileged: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  volumes:
+    - 'configMap'
+    - 'secret'
+{{- end }}
\ No newline at end of file
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-psp.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-psp.yaml
new file mode 100644
index 000000000..b3758b74f
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-psp.yaml
@@ -0,0 +1,81 @@
+{{- if .Values.global.rbac.pspEnabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: istio-psp
+  namespace: {{ template "istio.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: istio-psp
+subjects:
+  - kind: ServiceAccount
+    name: istio-egressgateway-service-account
+  - kind: ServiceAccount
+    name: istio-ingressgateway-service-account
+  - kind: ServiceAccount
+    name: istio-mixer-service-account
+  - kind: ServiceAccount
+    name: istio-operator-authproxy
+  - kind: ServiceAccount
+    name: istiod-service-account
+  - kind: ServiceAccount
+    name: istio-sidecar-injector-service-account
+  - kind: ServiceAccount
+    name: istiocoredns-service-account
+  - kind: ServiceAccount
+    name: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: istio-psp
+  namespace: {{ template "istio.namespace" . }}
+rules:
+- apiGroups:
+  - policy
+  resourceNames:
+  - istio-psp
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: istio-psp
+  namespace: {{ template "istio.namespace" . }}
+spec:
+  allowPrivilegeEscalation: false
+  forbiddenSysctls:
+  - '*'
+  fsGroup:
+      ranges:
+        - max: 65535
+          min: 1
+      rule: MustRunAs
+  requiredDropCapabilities:
+  - ALL
+  runAsUser:
+      rule: MustRunAsNonRoot
+  runAsGroup:
+      rule: MustRunAs
+      ranges:
+      - min: 1
+        max: 65535
+  seLinux:
+      rule: RunAsAny
+  supplementalGroups:
+      ranges:
+        - max: 65535
+          min: 1
+      rule: MustRunAs
+  volumes:
+  - configMap
+  - emptyDir
+  - projected
+  - secret
+  - downwardAPI
+  - persistentVolumeClaim
+{{- end }}
\ No newline at end of file
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-uninstall-job.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-uninstall-job.yaml
new file mode 100644
index 000000000..a7f156325
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/istio-uninstall-job.yaml
@@ -0,0 +1,45 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: istioctl-uninstaller
+  namespace: {{ template "istio.namespace" . }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  template:
+    spec:
+      containers:
+        - name: istioctl-uninstaller
+          image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }}
+          env:
+          - name: RELEASE_NAME
+            value: {{ .Release.Name }}
+          - name: ISTIO_NAMESPACE
+            value: {{ template "istio.namespace" . }}
+          command: ["/bin/sh","-c"]
+          args: ["/usr/local/app/scripts/uninstall_istio_system.sh"]
+          volumeMounts:
+          - name: config-volume
+            mountPath: /app/istio-base.yaml
+            subPath: istio-base.yaml
+          {{- if .Values.overlayFile }}
+          - name: overlay-volume
+            mountPath: /app/overlay-config.yaml
+            subPath: overlay-config.yaml
+          {{ end }}
+      volumes:
+        - name: config-volume
+          configMap:
+            name: istio-installer-base
+        {{- if .Values.overlayFile }}
+        - name: overlay-volume
+          configMap:
+            name: istio-installer-overlay
+        {{ end }}
+      serviceAccountName: istio-installer
+      securityContext:
+        runAsUser: 101
+        runAsGroup: 101
+      restartPolicy: OnFailure
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/overlay-config-map.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/overlay-config-map.yaml
new file mode 100644
index 000000000..287d26b2c
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/overlay-config-map.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.overlayFile }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: istio-installer-overlay
+  namespace: {{ template "istio.namespace" . }}
+data:
+  overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }}
+{{- end }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/service-monitors.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/service-monitors.yaml
new file mode 100644
index 000000000..c3d60c4fc
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/service-monitors.yaml
@@ -0,0 +1,51 @@
+{{- if .Values.kiali.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: envoy-stats-monitor
+  namespace: {{ template "istio.namespace" . }}
+  labels:
+    monitoring: istio-proxies
+spec:
+  selector:
+    matchExpressions:
+    - {key: istio-prometheus-ignore, operator: DoesNotExist}
+  namespaceSelector:
+    any: true
+  jobLabel: envoy-stats
+  endpoints:
+  - path: /stats/prometheus
+    targetPort: 15090
+    interval: 15s
+    relabelings:
+    - sourceLabels: [__meta_kubernetes_pod_container_port_name]
+      action: keep
+      regex: '.*-envoy-prom'
+    - action: labeldrop
+      regex: "__meta_kubernetes_pod_label_(.+)"
+    - sourceLabels: [__meta_kubernetes_namespace]
+      action: replace
+      targetLabel: namespace
+    - sourceLabels: [__meta_kubernetes_pod_name]
+      action: replace
+      targetLabel: pod_name
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: istio-component-monitor
+  namespace: {{ template "istio.namespace" . }}
+  labels:
+    monitoring: istio-components
+spec:
+  jobLabel: istio
+  targetLabels: [app]
+  selector:
+    matchExpressions:
+    - {key: istio, operator: In, values: [pilot]}
+  namespaceSelector:
+    any: true
+  endpoints:
+  - port: http-monitoring
+    interval: 15s
+{{- end -}}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/serviceaccount.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/serviceaccount.yaml
new file mode 100644
index 000000000..82b6cbb7e
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+    name: istio-installer
+    namespace: {{ template "istio.namespace" . }}
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/view-role.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/view-role.yaml
new file mode 100644
index 000000000..5947d3eba
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/templates/view-role.yaml
@@ -0,0 +1,41 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+  namespace: {{ template "istio.namespace" . }}
+  name: istio-view
+rules:
+  - apiGroups:
+      - config.istio.io
+    resources:
+      - adapters
+      - attributemanifests
+      - handlers
+      - httpapispecbindings
+      - httpapispecs
+      - instances
+      - quotaspecbindings
+      - quotaspecs
+      - rules
+      - templates
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - networking.istio.io
+    resources:
+      - destinationrules
+      - envoyfilters
+      - gateways
+      - serviceentries
+      - sidecars
+      - virtualservices
+      - workloadentries
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - security.istio.io
+    resources:
+      - authorizationpolicies
+      - peerauthentications
+      - requestauthentications
+    verbs: ["get", "watch", "list"]
diff --git a/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/values.yaml b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/values.yaml
new file mode 100644
index 000000000..fdd9acea1
--- /dev/null
+++ b/charts/rancher-istio/rancher-istio/100.0.1+up1.10.4/values.yaml
@@ -0,0 +1,88 @@
+overlayFile: ""
+tag: 1.10.4
+##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install
+forceInstall: false
+
+installer:
+  repository: rancher/istio-installer
+  tag: 1.10.4-rancher4
+  ##releaseMirror are configurations for istio upgrades. 
+  ##Setting releaseMirror.enabled: true will cause istio to use bundled in images from rancher/istio-installer to perfom an upgrade - this is ideal
+  ##for airgap setups. Setting releaseMirror.enabled to false means istio will call externally to github to fetch the required assets.
+  releaseMirror:
+    enabled: false
+  ##Set the secondsSleep to run a sleep command `sleep <secondsSleep>s` to allow time to exec into istio-installer pod for debugging
+  debug:
+    secondsSleep: 0
+
+##Native support for dns added in 1.8
+dns:
+  enabled: false
+
+base:
+  enabled: true
+
+cni:
+  enabled: false
+  repository: rancher/mirrored-istio-install-cni
+  tag: 1.10.4
+  logLevel: info
+  excludeNamespaces:
+  - istio-system
+  - kube-system
+
+egressGateways:
+  enabled: false
+  type: NodePort
+
+ingressGateways:
+  enabled: true
+  type: NodePort
+
+istiodRemote:
+  enabled: false
+
+pilot:
+  enabled: true
+  repository: rancher/mirrored-istio-pilot
+  tag: 1.10.4
+
+telemetry:
+  enabled: true
+  v2:
+    enabled: true
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  proxy:
+    repository: rancher/mirrored-istio-proxyv2
+    tag: 1.10.4
+  proxy_init:
+    repository: rancher/mirrored-istio-proxyv2
+    tag: 1.10.4
+  defaultPodDisruptionBudget:
+    enabled: true
+  rbac:
+    pspEnabled: true
+
+# Kiali subchart from rancher-kiali-server
+kiali:
+  enabled: true
+  auth:
+    strategy: anonymous
+  deployment:
+    ingress_enabled: false
+  external_services:
+    prometheus:
+      custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090"
+      url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090"
+    tracing:
+      in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger"
+    grafana:
+      in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80"
+      url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80"
+
+tracing:
+  enabled: false
+  contextPath: "/jaeger"
diff --git a/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/Chart.yaml b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/Chart.yaml
new file mode 100644
index 000000000..434d9a728
--- /dev/null
+++ b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/Chart.yaml
@@ -0,0 +1,15 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/release-name: rancher-webhook
+apiVersion: v2
+appVersion: 0.2.1
+dependencies:
+- condition: capi.enabled
+  name: capi
+  repository: ""
+description: ValidatingAdmissionWebhook for Rancher types
+name: rancher-webhook
+version: 1.0.1+up0.2.1
diff --git a/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/charts/capi/Chart.yaml b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/charts/capi/Chart.yaml
new file mode 100644
index 000000000..388210bef
--- /dev/null
+++ b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/charts/capi/Chart.yaml
@@ -0,0 +1,4 @@
+apiVersion: v2
+appVersion: 0.0.0
+name: capi
+version: 0.0.0
diff --git a/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/charts/capi/templates/service.yaml b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/charts/capi/templates/service.yaml
new file mode 100644
index 000000000..08df65d62
--- /dev/null
+++ b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/charts/capi/templates/service.yaml
@@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: webhook-service
+  annotations:
+    need-a-cert.cattle.io/secret-name: rancher-webhook-tls
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: 8777
+  selector:
+    app: rancher-webhook
diff --git a/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/_helpers.tpl b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/_helpers.tpl
new file mode 100644
index 000000000..45f62d0b8
--- /dev/null
+++ b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/_helpers.tpl
@@ -0,0 +1,11 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "rancher-webhook.labels" -}}
+app: rancher-webhook
+{{- end }}
diff --git a/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/deployment.yaml b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/deployment.yaml
new file mode 100644
index 000000000..5104e7eef
--- /dev/null
+++ b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/deployment.yaml
@@ -0,0 +1,44 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rancher-webhook
+spec:
+  selector:
+    matchLabels:
+      app: rancher-webhook
+  template:
+    metadata:
+      labels:
+        app: rancher-webhook
+    spec:
+      volumes:
+      - name: tls
+        secret:
+          secretName: rancher-webhook-tls
+      {{- if .Values.global.hostNetwork }}
+      hostNetwork: true
+      {{- end }}
+      containers:
+      - env:
+        - name: STAMP
+          value: "{{.Values.stamp}}"
+        - name: ENABLE_CAPI
+          value: "{{.Values.capi.enabled}}"
+        - name: ENABLE_MCM
+          value: "{{.Values.mcm.enabled}}"
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: rancher-webhook
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+        ports:
+        - name: https
+          containerPort: 9443
+        - name: capi-https
+          containerPort: 8777
+        volumeMounts:
+        - name: tls
+          mountPath: /tmp/k8s-webhook-server/serving-certs
+      serviceAccountName: rancher-webhook
diff --git a/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-cluster-role-binding.yaml b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-cluster-role-binding.yaml
new file mode 100644
index 000000000..ca439ff48
--- /dev/null
+++ b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-cluster-role-binding.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-webhook-pre-delete
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "2"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rancher-webhook-pre-delete
+subjects:
+  - kind: ServiceAccount
+    name: rancher-webhook-pre-delete
+    namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-cluster-role.yaml b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-cluster-role.yaml
new file mode 100644
index 000000000..36a1c7fef
--- /dev/null
+++ b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-cluster-role.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.preDelete.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rancher-webhook-pre-delete
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+rules:
+  - apiGroups: [ "admissionregistration.k8s.io" ]
+    resources: [ "mutatingwebhookconfigurations" ]
+    verbs: [ "delete" ]
+    resourceNames: [ "rancher.cattle.io" ]
+  - apiGroups: [ "" ]
+    resources: [ "serviceaccounts" ]
+    verbs: [ "get" ]
+  - apiGroups: [ "policy" ]
+    resources: [ "podsecuritypolicies" ]
+    verbs: [ "use" ]
+    resourceNames: [ "rancher-webhook-pre-delete" ]
+{{- end }}
diff --git a/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-job.yaml b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-job.yaml
new file mode 100644
index 000000000..de1233b57
--- /dev/null
+++ b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-job.yaml
@@ -0,0 +1,26 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: rancher-webhook-pre-delete
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "3"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  backoffLimit: 3
+  template:
+    metadata:
+      name: rancher-webhook-pre-delete
+      labels: {{ include "rancher-webhook.labels" . | nindent 8 }}
+    spec:
+      serviceAccountName: rancher-webhook-pre-delete
+      restartPolicy: OnFailure
+      containers:
+        - name: rancher-webhook-pre-delete
+          image: "{{ include "system_default_registry" . }}{{ .Values.preDelete.image.repository }}:{{ .Values.preDelete.image.tag }}"
+          imagePullPolicy: IfNotPresent
+          command: [ "kubectl", "delete", "--ignore-not-found=true", "mutatingwebhookconfigurations", "rancher.cattle.io" ]
+{{- end }}
diff --git a/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-psp.yaml b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-psp.yaml
new file mode 100644
index 000000000..8acf758d0
--- /dev/null
+++ b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-psp.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: rancher-webhook-pre-delete
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+spec:
+  privileged: false
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+  volumes:
+    - 'secret'
+{{- end }}
diff --git a/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-service-account.yaml b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-service-account.yaml
new file mode 100644
index 000000000..93e215394
--- /dev/null
+++ b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/pre-delete-hook-service-account.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.preDelete.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook-pre-delete
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+{{- end }}
diff --git a/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/rbac.yaml b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/rbac.yaml
new file mode 100644
index 000000000..9afaae6c6
--- /dev/null
+++ b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/rbac.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-webhook
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: rancher-webhook
+  namespace: {{.Release.Namespace}}
diff --git a/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/service.yaml b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/service.yaml
new file mode 100644
index 000000000..74a8a9e5a
--- /dev/null
+++ b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/service.yaml
@@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: rancher-webhook
+  namespace: cattle-system
+spec:
+  ports:
+  - port: 443
+    targetPort: 9443
+    protocol: TCP
+    name: https
+  selector:
+    app: rancher-webhook
diff --git a/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/serviceaccount.yaml b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/serviceaccount.yaml
new file mode 100644
index 000000000..f9251b418
--- /dev/null
+++ b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook
diff --git a/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/webhook.yaml b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/webhook.yaml
new file mode 100644
index 000000000..4f95ae896
--- /dev/null
+++ b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/templates/webhook.yaml
@@ -0,0 +1,19 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: rancher.cattle.io
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: rancher-webhook
+      namespace: cattle-system
+      path: /v1/webhook/validation
+      port: 443
+  failurePolicy: Ignore
+  matchPolicy: Equivalent
+  name: rancher.cattle.io
+  sideEffects: None
+  timeoutSeconds: 10
diff --git a/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/values.yaml b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/values.yaml
new file mode 100644
index 000000000..ec897efa7
--- /dev/null
+++ b/charts/rancher-webhook/rancher-webhook/1.0.1+up0.2.1/values.yaml
@@ -0,0 +1,21 @@
+image:
+  repository: rancher/rancher-webhook
+  tag: v0.2.1
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  hostNetwork: false
+
+capi:
+  enabled: false
+
+mcm:
+  enabled: true
+
+preDelete:
+  enabled: true
+  image:
+    repository: rancher/kubectl
+    tag: v1.20.2