From 3daebf77552fc08f99e1e922c5be0dd8a1b9a411 Mon Sep 17 00:00:00 2001
From: hasheddan <georgedanielmangum@gmail.com>
Date: Sun, 27 Feb 2022 17:32:22 -0500
Subject: [PATCH] universal-crossplane: generate v1.4.4004 chart

Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
---
 .../universal-crossplane-1.4.400101.tgz       | Bin 0 -> 11618 bytes
 .../1.4.400101/.helmignore                    |  21 ++
 .../1.4.400101/Chart.yaml                     |  40 +++
 .../1.4.400101/app-readme.md                  |  36 +++
 .../1.4.400101/questions.yaml                 | 184 ++++++++++++
 .../1.4.400101/templates/NOTES.txt            |  15 +
 .../1.4.400101/templates/_helpers.tpl         |  21 ++
 .../templates/bootstrapper/_helpers.tpl       |  21 ++
 .../templates/bootstrapper/clusterrole.yaml   |  26 ++
 .../bootstrapper/clusterrolebinding.yaml      |  14 +
 .../templates/bootstrapper/deployment.yaml    |  64 ++++
 .../templates/bootstrapper/role.yaml          |  28 ++
 .../templates/bootstrapper/rolebinding.yaml   |  14 +
 .../bootstrapper/secret-entitlement.yaml      |   9 +
 .../bootstrapper/serviceaccount.yaml          |  10 +
 .../bootstrapper/uxp-ca-tls-secret.yaml       |   7 +
 .../bootstrapper/versions-configmap.yaml      |  11 +
 .../1.4.400101/templates/crossplane/NOTES.txt |   8 +
 .../templates/crossplane/_helpers.tpl         |  14 +
 .../templates/crossplane/clusterrole.yaml     |  93 ++++++
 .../crossplane/clusterrolebinding.yaml        |  17 ++
 .../templates/crossplane/deployment.yaml      | 106 +++++++
 ...-manager-allowed-provider-permissions.yaml |  16 +
 .../crossplane/rbac-manager-clusterrole.yaml  |  94 ++++++
 .../rbac-manager-clusterrolebinding.yaml      |  19 ++
 .../crossplane/rbac-manager-deployment.yaml   |  87 ++++++
 .../rbac-manager-managed-clusterroles.yaml    | 279 ++++++++++++++++++
 .../rbac-manager-serviceaccount.yaml          |  11 +
 .../templates/crossplane/serviceaccount.yaml  |  15 +
 .../upbound-agent/_deployment-spec.tpl        |  87 ++++++
 .../templates/upbound-agent/_helpers.tpl      |  22 ++
 .../templates/upbound-agent/clusterrole.yaml  |  40 +++
 .../clusterrolebindings-managed.yaml          |  34 +++
 .../upbound-agent/clusterrolebindings.yaml    |  31 ++
 .../upbound-agent/clusterroles-managed.yaml   |  66 +++++
 .../control-plane-token-secret.yaml           |  11 +
 .../templates/upbound-agent/role.yaml         |  66 +++++
 .../templates/upbound-agent/service.yaml      |  16 +
 .../upbound-agent/serviceaccount.yaml         |   8 +
 .../templates/upbound-agent/tls-secret.yaml   |   9 +
 .../1.4.400101/templates/xgql/_helpers.tpl    |  22 ++
 .../1.4.400101/templates/xgql/deployment.yaml |  63 ++++
 .../1.4.400101/templates/xgql/service.yaml    |  14 +
 .../templates/xgql/serviceaccount.yaml        |   6 +
 .../1.4.400101/templates/xgql/tls-secret.yaml |   7 +
 .../1.4.400101/values.yaml                    | 185 ++++++++++++
 .../1.4.400101/values.yaml.tmpl               | 185 ++++++++++++
 index.yaml                                    |  44 +++
 48 files changed, 2196 insertions(+)
 create mode 100644 assets/universal-crossplane/universal-crossplane-1.4.400101.tgz
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/.helmignore
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/Chart.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/app-readme.md
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/questions.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/NOTES.txt
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/_helpers.tpl
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/_helpers.tpl
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/clusterrole.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/clusterrolebinding.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/deployment.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/role.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/rolebinding.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/secret-entitlement.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/serviceaccount.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/uxp-ca-tls-secret.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/versions-configmap.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/NOTES.txt
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/_helpers.tpl
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/clusterrole.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/clusterrolebinding.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/deployment.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-clusterrole.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-clusterrolebinding.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-deployment.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-managed-clusterroles.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-serviceaccount.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/serviceaccount.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/_deployment-spec.tpl
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/_helpers.tpl
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/clusterrole.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/clusterrolebindings-managed.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/clusterrolebindings.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/clusterroles-managed.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/control-plane-token-secret.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/role.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/service.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/serviceaccount.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/tls-secret.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/_helpers.tpl
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/deployment.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/service.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/serviceaccount.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/tls-secret.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/values.yaml
 create mode 100644 charts/universal-crossplane/universal-crossplane/1.4.400101/values.yaml.tmpl

diff --git a/assets/universal-crossplane/universal-crossplane-1.4.400101.tgz b/assets/universal-crossplane/universal-crossplane-1.4.400101.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..9459b7caca60cf7861939b60ba8908f94869ae79
GIT binary patch
literal 11618
zcmZXaQ*_<W8}5@dXw;yw8aHWdJB@8NYTVe|vC*)xZQHiZ#x{47o$u-Izt%Z7XRhaB
zX3aY<p6Bx=@*@`1e+!_6qBD|GVK$MH=alo{;V@>?VE(DfVX33a!>OpD!6~o#%gV_1
zr-z!doq&|-FB_<HpEJkxp}D_cuWKxbvNY8c0aht;Qa`VBCH+}O3%Rb2^c3}hJdc>6
z)D(uFzd3w7-mvZ~k*;nd=&AJ)@e!lx5XR7+LP{oYpJ)nAcVMH<tEl~GZZkoApMWg}
zX4xe1j$0UGOE8U`x{VDB9@HAUaQ5IC*eUP;s$Ql8wzmn--wL~%=Lw03&e0w}z0aLp
zU6GsvaGp<dUa~SR!skq#d{62Umu%8B5hcO_Ght}NP-uu)Gt$dqqOdKp$4#NBq$U9n
zvVpMhkM(QDf^kmfhY~acV(x^o7MS2`&P;v##L23)QxpU|hhJsO@-hg6`(G!xb7#@3
zUOz?bott;JFK?bbyu`$|4olH5EPDv|EZczuz2Jk23%hoOhfQ`du%KdK%~&Xi+CPVQ
zBi1Um82(HgN%oJaOm3S>lu0QT9q?}H%shT<3*sF}Ff71F*>wIYE|;L($8u*uX;0Zk
zf;#_gy|IHE&;8lXy<zVnKdU)%XxkX*xdLoJ-LbA60)U~N+kNxq=InNp&*{wt`YWsr
zg0pD51G_`j^?3+uHX1Q*haYv<9!&TUibF4^A|(nRqy0oxcxdY$OvIj_yA>}t<Fix_
z#%^6yXh-QADA8S0tDy3jAO@K|xseu$7?(QhEx>m<I-hXSR#?I!NQLG(w8z08%o=%B
zR9Jb59*ZINF2(6qD5y7D_Z-2eIr`E31F-nCEz-Td4U8dTgu{|!m?3Eskz=AzCEg3^
zQotx>WLJ|{pG~AXEg#@7o$<v^);^_M9c^$RVNP7hLpO{7y@uVI$w1&{VDy`TWPAc}
zPrxSO%^##7h{zk$UlR}S{n2Om#(`)?JB-4C3=h+tm9UQo6$Vp&Ye*1t#X%~JTFVL}
z#AGZy=ND&?T8l>$47vq*aLdncT;c6L2&4)Df1}_B(ouI7pHZ>RQJjbnhr>%^ne6=p
zL{`xSeH~#@nb~+{-zD}~!oyNZzbN>{#je)US8Hk3!19I3J8OS6yH9&gk>)np*Uv>f
z6mx$n-*aatNRZCctumuKpNc1K=^^PCEtSRfKGiqkl$VI<ml*MiCTE|Gwhl;rhknKm
zNBjCY<g1h+KqJ-CbDjZT=b<`K#3fvk77wd9dJE&Q%LCPj2lJB~MokJ{iJCw-?iUM1
zA_fZ|68e!{qSSc_Pmg6E|AbTY*EnP;DRxAt4sLwW?q%e~YV=U6ji*<>>TuChu>kN}
z9p7u<@_+;PBPLwHLUeQ93WaQ**n6@GXHf6^`=!FmNp=*q!#gS*bSIC=ej2QMKx}I$
zj6fE%1oX0+#JeTd#1t(yKni`x#%OO*a-6~<6#t^&N{4NQ`ArAP{+3TLE(OiVfDG5b
zi;6X~o14Fmx|jD@?bJ~|2&vX^K=tqL$7q;V;RTLN25vIF5mU@AY!v92D#ZM_j4}IY
zytqQ1k4Qwwq!?keA$t76jFxRvI7EQ=^UL}E%IaJ+@sSNAsGw>a1}dhHyJwS*pD<uf
z-{%2*J$Z6~Hhi@CB^Jc8?Uup7E!5@i<yeZ;V#bqm*4^F5_JHraL+0#kk|}C5fBO1w
zTPa=Vyn~7`mERJj#xGaNH7R@($`7wj7-Lz3I;6@#o-!$WVhMX)V<TMXXX%aXg|s1u
zD8cwUoWcDI@F+U(2`2GiL3%X~)vy<PM9o*<96hOv5|H}%M~T3CH5KTAl;EJVB#Osy
zr7v)ueQ`^~Ivr^mdaB#%DXnE%KSUz`tdE8Yb7oqucoNe^o|MUSKej<GyWmTtTgP0Z
z_E~j$ch8W_>GXzw=CS$k%TQOB>TwmUmSTE7m6uk9EH$9ijP3v7#x`rSrOCW_(OioI
zYxB*{SG0{*-Ax23A}`6ku$S}Rj3=FsZYx<A?{P~_O~OfVX3~{)a0~=fEvW2uyvM24
z03M+#5ox%INQ`(9CKIgTY;}T+tP9Px)|y~B$#sdHX})8MJXc|v^o{G~FnuEogpq#K
z+s}SEN>wjt)7vP}wH9Hv&%bl*x!+!QW@k^<x&B-kbiVnHSok#qzP_H0Z|{>kXM0y)
z&KGiB0VaDq1S!KV$l?9%a~_@Tp#F;mAFwI3LU#e6y>xC)zJrKQ22qS91fqN}<+J*u
zsQvKZ_dU3ADAS~>9xd<?*jmVpkzne7e~9p=Rq@VyOo%_2r&1H<Cvupm<WMQ<;3keF
z9H_BIaw#T9AvyxytAP)HRI&6+w}um;!&`(SYOT=hfPV1vEF3HR*k9{6=r)}>GyOH>
zI@>Osz$uPiu1xds#kjNPDYobPQ7{O21-+v^2UGve{YdVa!1#%31%<ye|IfXQB5o{9
z+B2}jJ=`n<Bh4Ek#V8=;n>fRS8VtLOEM@EymR800Fa(9@-$DDf=?x1}AFI3CL3_4S
zz!Y;NG$(EM%sg>yBvBu}yuR7<c9%icdcH^0Q%@KknO~fKVDWvDe^kd&=@0%8^Jh>e
zdKpHmy^8*1jwVIG6iK{mfC{*)^#GVIZUG1u0*hG(-R@#+fbKr%%Fs?J89+erA_RBG
z+~4dya@ouG<?6IYOZyGd4{Zm>({Ev+?WA8QW)n%`IK^1t&3%Mn?}K(z3(1%eBuV%v
zCJDOodp${D8x&bNn76TuNWqhtB8|hP6by-ZS@5qq41VL|I!gLllxjOh{}V;uhr%ai
z6Fka~HN08=Ge|oK?oeg+=Q2n9XFBzFKQu(_mXSb?%HuukZQ{ugxa6*xr=Nu{Y3wIP
z))Wq7E3J+CXN|@3*x<pLJRQB0(UJcCh+|slRsMH|H@oUxO&oZeHzB-p95Be-yjy7H
z8sMGld&^cd^-^f@^ldY1bD1m5(x;wIuAiNBm#Bwn39d9w(DG28H=LsKXJ9MyCdaK|
z?~B93d9^ax(^!en6ZkTu18zd9c;bB@zwXxF9qT+%aqG8v?auT~1>Bxq(jnVA@iyxJ
z((zfIxEw7-clmhE<zll=?PDe#CRnWIk|7fvd7r{RBvpHGIQF+frVdMP5kKDH+*eAO
zUfk7|5efb059F9&Zp@mmXZ4glWsWB;41Ft_p-SS(RC}pid@SpAl;mG9i6$17l0IJ3
z9+DPG^;p0oew`I>e12S%%`y2+e{%ZDII{Gl@3IqVoM$_S@>bP_-=MfL@l-*=v|k=A
zqOp7`#pM*eN;92hIIC<=d}1TzmpUFV^&7n$S*(val#sHcw2zKdPwNj_1VMffET&18
zNDhG-ya1-UG$l_{8XirWKQ6lTIU1rF8!3_KzDX-XH{tvD0m_2R`%uxGyRU2&V7a-7
zTaY+;ws^weg7DdkUG-0(wcf3!I}WgxE*}SQJ(2j+2y&nWhfSPft)mDDSnQ$7kbcp+
zd$7LXKC0Az*-Tl*An_!TpJ?1r!Sd6S(rC6nIhpN`0a)McHh1Yw30C?5ulDx9+ZQ|Y
z>h2xDg)$vbCc4X5G%(ADXwgrZoTJjYI-Cf~G!u+9_J=RZm*#u$vA6g8!*hQhW4GO5
zP*plMAI$2K_YnH72+{vdX_x$&9R9b1tGkUYRr?^_XjN<UM0pa*sN+D>U%6E2GUOcE
z9Y=gT<+v&y9~asAt49Fds+t~m#mu3nU4sG_&m31w@Sz2^BvSOAFFJ9DuWNT*W-9C=
z$b?fmEVdaDNuPG3m9J=mBgi4H2*nNVu?XWv>F=C%YN*{khsxR+H;41t)g_76KFjNy
zj%SiQ-(7%<M7HGzl<%KW3`UGPeLfi+N5bOyHVfC=PDxmH!u+B#jO-Rj(`_r(Dn`{n
zL7-<3nW<&uK947uv$c(e$`(XD`h#r&lP%~{A(#l~|DX#)Wm-<-Q*SFL!y`{nGbe0@
z`uQ`Lk%&B7p)Qfl2}d>UD{Dz-XR>at4Aa>CAgZ$XP|9*cHX??;k_<cpyF{P>k%x=C
z=W0w%qB;k*PD$Fw7LjaS9y+9CxEC?54b(eM86O;KZ(`ENsD&Yh&55c)B*|eHbzAc|
zTNDEd&f3)0DoLJ$@=WQX<Rm&&P0#+>hnlWCI)1ND1~hC5oTO0~a@a9?1A067Z@CL4
zKT8yvKV&{-ItEX)eP5ap(B-1WmP6WRmHv}PF^Nmkx}#EiGKU|qnV-|0!(3v=UT$W&
z`abpM6)Qhynfd_CA#_tWW&)QN$xi@Z=lkKi8-wL21W4e1ZbT#7(J#KUK7qpAa=GS+
zf#u?PImXy>;SY)H$vm2oP8^SaqtghDozC6cgF>z-qo46tPC6j5om*OfKH6MMGgL-6
zt)3hn9kn_4q=6V!f7sy0hZ}Gbn27Ra!bKN(fw<n1)%aGmylGn={QeM3AtIi$k)2Vu
zL>s4Ot9v$*_C=GP9b-)FX(gjItD)k};Pmfu!P4D!X6G$<`ttqo&78p!4h(pZyxA&v
zThIRsb~!4BS#O~yp?1g^WZJN%{$HpU6fQc`qDYS6oNg3+!#G_8Z^HVe47z_TW_kJj
z_p6!wE4c9B*#J?<39J1XGbb8&dO{m}+vZyt0BOlu86E{B>uS#u?gWs7l%eNU=-smB
zh!gX0q5qcO2S9Jyy9|^5L1r{ozL6_y1ozEq?p$9g^qtj)w#O&$fI2&!?-F+5z6%oq
zPY4IE1};<`I{-%k)uM-I&rBbzjm~Rr?N$LhLq9Oo8PNW6NG5&*sQ|3+fxm_(Kx4An
zI3Q`|ZIIuh0J|WE$3}M9QK#rNru#m6dkofL#>`^jr*58Uy~L_sZHJN1vV`;D1EbTc
zC?=PyX@urRE@;5fEhel#7ngljxoo&!>DQP3m*ai(HnBTg0E1fK{Oa8160{UQ0Zz!M
z46ZNvuRh8Dkcy6*(Bn+yy(%QOW1}<nnUvAdQ~nuIF<?aERafMEIsBFEl?8vtm<%f)
z12K#=#SJteCT@G_r#rX%*4;*DPY9rSz8<`8zf-^OdCnQXgT{C+pE)JQ6ve$3i>D~Y
zvYT}uqUk*0U)-bOh5e|$v#MJS=L87}*HGRX)|9_f?tEv}Xj`_qrQlcj<3aEVH5GQA
zUIW@eiu=)seLQz@Jdq$J+RkxJaYBl6Xa*eLZZIYgjq0Ubue-znNb4@s2M$xj0RN6s
z_GCZ@Ts^)(ZXpJC^?-q*CpXYNL??tbd=~+;FY@7*+;suUXFj`9w=C<bt_O>aJaN%F
z5KV}+R|_$EDnVG=+l$Aw^lMEkq@0CKb72fD7Efz~*&d+t#vT-7h<J&IjPu`=(N<Oe
zX%0<(W(s~J>u{tb3n}P;B$^7}MsYOh<SH=(FB;jT_jv}+Mr2<rCX&&j9z$}y^!X%v
zj9wDqg9f$u;-j+Mb!AT+ufQl%k*t6xA}+g}(6^+5JvwavWAAxwl)#O&<uU=~!^tW~
zY<1Aa&zb3d+ulzXueslQ7%_{OQ`+vzr4Ou2Rab4jBt4jlwo^3I>rg^;!kYeykDTZ#
z3gPn0q$=jc4~lvi7Yy4FxDPV91z#7ToSD$&$$KU?%)Qu2Q`9s;wneDk`?oIteSCqF
zUI-}rh4ni3EzBBqlwfjX?PIgw;))ffx5K-^;;WnglhDh5zt6Cy70{M#Lj$&pr*_qa
zjK{GkAtk!jE{wL{OR){J1hexZ&a54fvrhTwBHgL~Ogzh>Kb4vM7&Me9N|{BEq*X|)
zh>c76WVFscs}?rqaOS=K+O%v*(<czJ>wTqePcjbutzC^tcpI)re73QzceHh=^4C`S
z2N%W->^{vO%A>MN{58g?UX8|!uT`QQ8r3&Q7yHS#B}<@{mXErmjofhSzCBJGeg}`i
zJADX<1EPX|PILt}@2RqkH5prMbqcOq6WR^8diUzDNoI)9kq$IMOtO#<ysJm$$k&hN
zvjtnJSeY*MwC@fT2kTkwa^kuPbnLtjigRPj+FyO-mv+?{<QMAhJn#5vy`Yypp_Ze-
zWfWV?TT>hUU3<(-Wd=|MW+jMnN*Z66TC!;M$<;^sttL~=o|s3!b*<2Dm=`mt!@ft>
z_vi2REod;#0fy{E$r~lZun1kNDhvA=w2-uK*S7l1K@E2ad;NcgkFH`BV`3Q%GP_D$
z4Ny*$ym2c?o!9io&%Q8xlWnK+8N<DyseVZ?m?uTNv33d5B1%y5orm36QdC*%wEP>D
z<9gw}nMWm@7OA1$_CT)1)x`*F5_T|`icA!qt%fEEO&$#XJBp@mDpWj5uhAyJ)vq=2
z1JkTILr`vMp<;?D{PYb{S7fCf*V<PuPX5~3+M#rU(H3h;!mwbar#E@F>^aZKr0RWK
zHCL{0UZ^l{epm6`<^A`M!uAShS%cU{K-U|XmKbrGoHwcR6!`SIdOO~jr=Ssour>|I
zJZ`sl_6`9~0;TM&m0a|b3Tg^Vjhh-%=^Bc6zjku%;*OLl*LBUmIfHKu;($M_@RmD3
zX0Pq)yEVwIrWVkW)d>TZdta*ry0fUOg_6O-`me#qV+@*CsBZ7FTSJ<Rg<_4%LzVEz
zk*?i6rl4<d_+8ZA4_TLsBqp;8N1L=sUQ>nTBwP2@?Szg{zj_a_`oWR?`R8P-=#z$h
zN|X!j1{vnia}?hUBdX+&ohrT{R;A{a@0l5~lgEJ!<kJaHgXPV$;;AIM$bJOAb+^CU
zalu>60+1gE?{@Yz9)O*|iT}S6D*=<;&-%BQ0X{-pYsEW9yzToh_{$onl>#9#9p!f>
zQ<OP!;0X=>UnP3wgG_>_b>`-7flCSU@`z{0&SE1$V~leWdFiqi+jAL`iK>E_6>ARG
zxO5h_@Fg45y0kcH)ZSADS(4MTA25c5)hk7xp1iAnG~{c&IClE}igcTHYg@OyGW5a0
zDl{t9QDQG45J)PpFZ&dUT$O6I%`vj+(P&MNn8v_!E}_|YS`!_AZgcDA(pL-_+Y>3e
z@1HuH-q84ofkhbgJ-K1Irg*(`)pq4?^|rgor`T#U%9)iu8Mh}_>vB9a_Qh^C=5c)N
zg{5DCx$jyIgAjuki6)=4^_I^W-N5<@>bINhPcL4CKz3sR#|FRzf)9K9Eq=yrK2N-g
z@N4|O0I6w>JxHoEvXPSlDR3cypV!CU8Zq3ni9?TYuvT%*C>oIe$jD+K)LD(#1%4`M
z9`J_TldyR9XIs>Sg%-68bsAcIA38PeP%yux!~9aT=o7i--RbI#ovTIAaR7VrnZVX0
zupTZsx(z0|<W6y{g;h%m6(1IEly!)x_-vtb$V7-Be;jhUZ#O7c<6gyhmwlH0VsP|G
zOs$tf2ux^wf7ei)%O{N<z0nIUL7JUdRk>P{<;Ir~RDxHNV`(QN`VbClHuBkCY(VYO
zpQ4_Rz0!HdF~WSz^8;K)S#k!$YO=py-Mt}>F1*-<+DOg>-74jY_k5~ia2p1?YQ?11
zz1SUjuy+u2G)%?Lk_1hF6}fO5Go9GR2$!k&`NgQyCgjvaw{NV6cd}bLQ7sn>+WhQ?
zvQ)GVJM~HRfuvamtbgzb4Vga_=IY`AJ)>e`q1*rp4b@08J2=3N7Ww8#>AG%jy1dA+
zkbL!tZ+avD?vGx4DC_7%K!B$VrmrAK8-J0vzi!NrGc{>4J2f_+&q||7mH{!l<?we+
zmA+{~CSy6Biu}&6$~-z8?3cS$szBmNKNA!#)m?c84(Ml%9RZmj9g5Lg73Po&$nsel
zoMmgAbu1N`)uXYjjd4~>(C?aE7um3ed9dE2Fui(@781c9iQZqE-s<^KU(!djA{44N
zqnTQxeRlPVbM?8_vArtOUrOf#+wSA6v>9M_9A#SS;ZDD4UVIR3l%w3pUrs3vSR?qT
zL^(QTF%cG_ozaZIrAl;i02NN{mzcafV!^Z<dQe5hbaXJW90N;1G($*};Y=DrmhNq3
zmp&Aw(KoU@h2Y6nvMeMRwXdOtQ$LjdH$P`Y3>N(peK@%^1?E8!bf^dv*@MFq1|I7!
zU1n{;B9ff8s$~$j>q$%3+h?=gUp)`h){_%@C!0DV&6U}79Z&Yir@>(h-mc_@Q#3tj
z4z6|QmePdO*1SxqUhKErNPN5H=lSxLR0aJ<4R=%K<N4>k<(oqIH`f+U&cT@(rHunb
zkc>xPFs1e~V~tgn>dW2Mg^)%ApnXca()9ertMm3XHt=7yh8#5(6hee>K$MRsUbi+K
z+sS_cbpz0kzmVa;I$-(oeQF4BV>lt%0{NcqfMm%T>kF5wH@@{p-8Sc%;Oi%h3^z~j
zAa@$pUsRo?)lF8&N7r$Jm`%Gxt#*KWi0{MN!Q<;j_{0IrBaSyx)g(}_c>`>$pFDBC
zb;tbd_AP?fMy>G8qjz&Z=WF6J8H^~qp0n0b!R1c0!O8YiKRjt#H<~@EIc{y%n}=lG
z1W)MQ>4;HU7sv)!LdQWj=_*ij<{VeoW*pOaS?=%V4`q_#Qq26_EhJQV#wHGr_(Ah1
z))c*EP`GT1{7!57wZ=G>vE_8o9gS@#M%qwvWpk)+JsICrgaT&kL8~#2j$gMdnvS2Y
z!Qo#Q+(P0gDZP*2zEi}n=1(me(9V5pB7-zCcGZ7j6X{%3TE#>0?C+>dZd*ElZwm81
z@<Z<Y{NloOjKmDzo24``ugC!_q50^m(_6zm`k8f26{~}XypP^_%U;{J;`%g@er}{X
z@i|hL<^gkO@&{Eh@2#Ta4*6OSI(_2Iu2y~_0S}O?<MZJ&<lrQB*lx{hvEq#)Yw?~a
zsnfX<Op1p(wZIaQqscwjmv=r`Jdd4)Dw3qr=TyN=uI2R`8^M&exOQ<DGIeL$0H@d)
zYZCa`NEu08?<0bjSG$JoL`e<_YKXmubFz=Yf`H10)TActxgWEem|)7jjBFO(KG%Fz
zvR%-w%C+;Qe69FF==gYjq-e}d;h&31U#7zaqhk6ArE5$C3s-*u0<ibTR}E+pQMu2`
z>9{5miNl^8)=^TwnZ0>TQxq-#qLE#3kS;%yC?`!;Mp$+?6O^@gwzeE{;38{n=IA3y
zowSzAV0Vqj2}Z+=?$FP&mXZ~@)K(?)amq<lO05b8brKVP&yxN_h9#WXw(RkyHJI)U
zShhm8trY#5vjMd&U~9Vr=+0_bdEHiUN!Rk;YFAC6k!Nx_^U-bkUc%o^yz<JsDc%L1
zPc=&j*=_Mkieiqe={aSUOPv$v#w<N;PL64NnsDK_fX;VK*M=|Fvf!v8@w)zV0AOcB
z+5PJhHf7$9Haj~Zs6aJEsywObHOD(M2q7MU+W-Hmj=h2yndS$t1+Sf3RXmf3X`jjh
zic|{(&O}#IR+BDWWQSZ@Gi_)!2Xzvu3Y6?8&lcOHT#tl$cYEz1<3AmwX&$(vf9D*u
zw<6^IGl=#~H=LO5KOd+d?!&R)AlsJ{6lPHk+Ea#^CsZI3VRKUbaTu`sU<b|q^;<Iz
z{(~j*9PX-<RBd$y!A)oo^Lc*?>$MWP{d$-)e5iSKo4tq_ijWz>5c>%ntYm<ga24}N
z>0vk&W{f{gAhYRmls`4hHN&kqGaJsq$!J`Y&36&QwFGpz{dZLKbjsW&yP5PT1>)yS
z_W9qAB?DrfH+2nBBh#Yw@QZH6&IAk03hB{fn3n30?6j4_IK#tA1f6@3!C}(5(Bl)=
zjlohp$#<ZdFH0`kbe&b_a%XRb2I`KPy{Ra5Tb&0>el3n6?20mUSwM{=q)ySg1j`SN
zMXhW{r@T9KA7~!~zCZe3+;-o-D}wIcr#<J)n*d#<oQ*xsYkx`^xW3^0w`Q_7sTH76
z>LGN^xyn*J;x7)BZ$A_RuefaI<aG^_p*pyGrf<6d2i)BZs?iMxy4!039a&E-a5cXq
zzD7(QnJHdH%CIoGlrbZoMDE3Rooi-nRjgjr_c2XL5?<FCEd9Nso)f2*-ZkYwYLsJn
zwTiM`6Po59EDWyRfk_{fp4dJW)Qqie;&jNH_SE^K;qYLLZ~i#s>1qg=#X&N{P>R?=
zzl0<DOc;iY1-tUcNptEO#n*BrjzI(+a?zR0o*z_2Vi=(lYldA{9+gjE?-^^a(#V@@
zW@Qo_`xsCV>b=R3O`D`qU0Cc9LC`319&V*{S0dS)-2QlkQ3{D@LkgOrL>i6zl5a)5
zy^bxUx-hd`rgdy-VNt@w$qm}(QOL`S@8Ax|giJyJ9hK3K9jo{5F<(kDpdKQuJR%R1
z#rz32^9|Z~qh~{5`DkIwF5pD`gbdkN`s2)X>4aD~eQFx804D2a6BT6O>XYlM>1+4a
z*1sm3;bis_X!_f|OaC_n5hi1Bt0X<CYN-iKIB{Y{qwC6}Yo9-bz4h)59~Ahgu^@nV
z!LV2tWY(V3<}YqCCfZ40;M&*~50Q5yB=lY~@ktQU+q5vBm%H_<*J>Nzx$#jtm)@!o
z+(6xp_<A5q6sH@gqO-eY+P*<aa39WAK$2kkSZ(fWj?BI2P(K$jb|^iV5y)0wA~aVQ
zd<uppiTF9}Vb4q4EYk|E_%3*?{^0pD5K&yMIaY@)b{qQ)p*<PouE1JS?X%jt@G{M<
z%G3_~YaLL(0=VA4oXN!c0tTOW>$=Jz>{7xvxrYZZpYWa(#t{}Pd8v^GsI}DI6wbUA
zIQssjM-HBi%06H`1j<SPIMLh%-M{`PM9(Gc0dRqzHnZ`b-FQw)6=iR_KR%Nmbsj8?
z0i6+mCa7iyXe=lm08o!c)HUyuJUZ<)-mWH}sT;3>i+!=0vURuQwPz5hdjjYTj0TQ8
z=aAmFzlEucLUettA6}A!(=xh1O$1tlN4kxje&cQeD1$D(0`%j2-kOG<=e<?Zk=G!S
z2fN_$Y`9C%<J0&J=+z5>5YnCev)mYKm|tkbD>d44U1tOHV<f{MM<7EBS+z&K%M?lH
z+P!e#PXr?RP$GH+V!gW1^G*o=`Ck}+gmSgOK?*d^L6Q!Wdyy1E{~Br{T^6LB4(=cs
zyds~4AhJZTjq=Az)&tU@JL53z#Z$2`27)754mH9<YjXwhx(xUiJ%kFi2$@G4mNa!$
zy}CI{Wy4@C=G_~{m>HTLUlvAPBtKeq+@P)IPEpCiYp+3z*x;F{ZEdou#9f+DLwbq8
z3I^L@?FvcfA3=RDc)^YC6OpPGPpY3(SI|pp1k{W;v~~tpcV-=o=n3)=I3*c=#pssU
z4OrXTguz<u>3#laf1>194*x-qGg(KZs>hLR;hV@pT3^W`oJu;OOeLP2e7I+;gU>G;
z1Nq1bK%?VvROJjj{bLm<{%<tYR%{zrpXjf8P1XtE*zR92=wC@|xga^L4Luf_$9(JV
z8%N`9ya5#cJs4km`fK(>fmcgJD-+B0O2KopT;w$nu`H-<wFmefK>oa6ih%loGpTX?
z!Jo*h>K+~T(03~>b}AnLw_@&(qm+3l+mc@@pM)TD5JeDZX8jqcrn2e9$Aqbu0-v6+
zEZZ@}Vq!j1rU^%N(6RS+l)pV9B4iC%<)V5=1VT|m6Q8K+{PW&E^h0Cr6O@l!EV*HU
zr*OpG^W-nPWAI55bkD70-vIX|xK=&{g3>fh$}pBdKk=3`XM-Od-ROx%=E(nZmV9~J
zpt6}S{}Btn%0V2@3U2p&>l#4Om!bq4u;M>`KyuwfjACD(s<!QQcZy5j_cPzNv*hs@
zxQMQA1$@}er+fX`IEb3)M<@TG0+-pn!OCZaKhJnJXO2<tXHHlajc>8LE2em0vdfV7
z%~y+d-~?6X-<3tGo5O+T<OVpqMvw2ECRhI>E)KabO#STL%_DpUK@c6A%+U2xXyrdM
z=Kmjqfg-pQ5T~3+`GL5<y#w4)8gO)3&)9)!;BfGZU-jykLPP?3X^s+^G`{(cXloWv
zG6(JIPUC+_#&W(9(wQr<;y+cKBqHf646*qYMB+0ohib<TO-{HSG(E`G1}Td6Lx}QU
zBuwLLjO-X1V?n*o3KEp0#zp&-L1D*Y9tU2AX<T@bwD3{fy?Q;UX{DT!YI6SKg00lP
z0Wi|B%>RG`k+6OYGrh*N1OcasM^mRDk%^M*V}z(^$S0Zxk7b9Zf`Wz{hMY6*?iq0&
zxf!h`Nl$(?kCfS<MMZ*xc@mG7xgX151XP%^F9Js}!$cBVkRoJuYyLe`BmEIuoxEO4
zzxJ5<t3J95^=w=oj{|N{(#Xbd(vdesQRiU)uPEd2lTHV!zn1IX?j+si<fWx0FsWLQ
ztA|blt(3mE*LF<$NiZ*tq-u;+3N2UWN_h>9Zn(ia^AK?oF_jhvJd`D;7w<GF3Upn-
z?Q1VPyuYm5b@PB8Fme3G6-lebDhRF-u1gtD&z*OI6cX>`O{tHE;_=k}pwA$N_qdoy
z6gom;a!1mQ;j64;;=5jVFIFSxo9%vd3Gwst`n(>_-QO&$KI(CPIgY_(WcjYVwAtQY
zuemnp_9?k2)+Q!6qs3cS{qJ<h6V%t1wO2?x)2Hblsa!ei$L;#uDnG>h{=y)bJRyv!
zKa=;XkI`4b`0wxtgvOzdr1#+th8ArRbqQAWS$J-q6=lg;1z0qj@v@Q+aLWv$7?gjH
z+W#g@<ZJyH{*D?yGK}I&7j<pd^FVhLTiM8Y(xr0oawQhf8sS-co1{oKX#hO9p}|A`
z*<WrZKz&vs>ch<HH_P#W$cDW>4r6gfKi0?%g4Q?^l*UA9lT9?ED3};xC?94liYYsq
zJ7TCWPO%t`1$cdhm==i3-+1)lu^Q2O#9t3wkhb|QejiDUG5p0v;@t7er*y6x-^s1@
za_y;zjdC)6T;v#9Fin(4FA)vmZC%hsKVfk9=e|L*&L6sw`{Fq{+uVhf<C!pWP@o4>
zOqDq8i%GjuF=c#u7e)EvFcw7)fq9s)@s5z(3K8F(=}s;e2eI(~rp?3^{FcZ-cK5lL
zOFPrJ{&y9DWBdedCK+!Ydk;-rocvdW?78$Oe*8j|r>v->-A{(toC(y!>^&pH=iD==
zTEu+>%+`)bQf@Ix{=aDvR<P(}x2++zLVrG#GFXn`>2RCDW2<Lbh)zjRH#2pjqagC9
zu72d$$BAppFfJ#xS5+~hS{B4HbNuT3zI#pc9ixldgjqv%dZDB7hGXN`-5rm*>{WAZ
zY!G6SS#8tqaT@t8-O{InOw3Bw+s1@%W<jjvW|GjmZ}KnvrMYT8W^qd9MJVodzj>FK
z&>)Vm@q|wnj-j(m_*JVP7fq9>?`-72Z#x{(KVvi5Cl9~pR>xHYzaNIJV%*A=R%KNr
z_f(G4?UtcBB4@fBN|Ufv;{0wX<V-iLQvUqVs=gI<c#1lj3rA3taL#y|AEegFsBOQm
zQp*&XK9^l?RyvXGVKqduZI(2zVrBGTBGy!}s|__x-Qlc;QOen1WdGT$@c^l%l%(Go
z>FBJ9(c1+N)&L)WjLc3tH+u0-VGu4x&j~(-)-u_CLO6IUpgQrm)aJwh5!Y1OmZQMf
zwfs;GYLtHf?N$s^pt*Y_sZ=neL9k3I6QA;sr$hp~w5LKdS|b@bv!7H;l#r3X=q+L(
zRQue5@7-zsxM_iAYG+=nWVzvZg`Rf-tmad3>Xp%7ddM@6>*%zvPEcN#zO~7-M4p?b
z-g6mbAFNG4@U<PNN26V&_4;Ii+fa<{?Q;GZI;@{5v|6!iEa>&46S2HHCerp$3I>r!
z%bA)6hB`w={Gj1v<V&e=Ab~UCowWnw$A{w3mcstEBjGY7xzTA^g9GkqO(nCinBQE3
z`U<|oUnwc`YG`a3m4BWh-|~eBo0ZK*s=|~<Tw9@#JxXK3>|7IsCYGisVFVo~2T6ZK
z{8MOWf%(ilH(Wy&u7*P#n1We_y8F->^8W3sTFJT!u@mzX(^@dKKnsIyIU&w=>-8o`
zo)^yF_;Y=nJ3+g|nD#1F9pV_}VF)ir0owu+OGFDx%d#dtMaAWoyk8|V$=wk(Wqo*e
zl0Cly%wkb&wS%xp=_$d-8my+9#^o@pG|d6kU>bFb@EsI3g_fSUXX#ugEK<xgL(|jW
zNGH~9m}Cv&>TP`!aNpt4sPq((*+TsOCw(WY$SPsScm_41!P=&MaKRKSkIDwX1`3BG
z5jw+Z89V89)|#$mP(cgJgtDu58#Xf98z)HRB#@D{>^~*4i0q0JiyrQ)cg-x_uFVzH
z{XV}U=X2+r<lyvExWvDC|G1;Ko-p{CRydr^d)v=?SE<G}cnDV*fE=>xemQ0T6FWUn
zSGV@NQUjR|Qorcn92j%~nQnANOwVOLj<9dcLDR6R1@MXPJr7>9MeOe0*L75aM7=$u
z@hJpJM2G7?wPoCwnEeCt{snH?a|oEFc+aBxM`N-)v3q?a*0`snf<8Nb-yZ{#%<La}
z$7dJg{UBd(;RkeG#*XSCyAp1blszeK1#zE@At$`PVa1pnXwF&iq8+;i8veurTCqF2
zQ9+gC5B1d(PN{(Os=LtZOU+^0Yfp~$sjD@(Y){P;`GmMVt@g3pT^Z?Sxl^tyw#pCf
z8Rt+3CZV~>iYg5YMixZQR54K4@z9Ck@Jf`r2PhsNi8-*N=AEjds2n{P%bp&8WT513
zp9K%~3aa&YZ*P0ZPdvikflb{W5vs%Y?9Zu?U<nYt=^_N`D0%noc+AA`&abX63$o?p
zrtS%mU_70MMmP|!VZS(`!Flqt?WD8?W~qLA7lHY;)wrbQd=8g;u2F4^%>Y%WKY;#-
z?Re9uNuJ=M)WXP{)TZ}2cY;;)(PD|%Qr?_yU86j730iVFXjUpyqYz2$qLK$^b(|Wk
zGabRZ`>Xe6I<$IPAtsYybH!n6NinQ+-1`5~ai<S120nt`PM+ZY8;_^qJ%foSVsqrF
zSf;Hky)u~6>FO%r9cg;uXd<vRpYRL|DP3b5aDS84Kgo<qfcXa9KwWEG&o?JAmU3Qj
zqxhZ13&+}D91<zvKckd4H?p*ptes_L=Qb?e|9TqMWjC!DG9xWNs`QJnTRMgd2SG@Q
zk!$5pvr*2BHm8+K2!<rU<M(KXoP!ZhXz|XZ6^Z63oy86LA8_4?-0V{M+62{BiFT{p
zG}bv0wr&`5rE}omCiXjg{Wp@d=n(CRwO826h%Ja!SvfQ(!-tAK7|i-U?`70Nryqa}
zAFGgcu~(Wp*MUn`>Z4_ET4}bKdNHUqei8<?(UmtQpHmn)%8raQOJF7x;P-WEU6ZN?
z(PQ6(wt5rEi)%vVsA4;@^?uganJiZs$38{Q&yPor-}Tqm@7+zCuGr|kcjOC^TbUOu
zjH800SFmxuX~_iAz>(4<uKV@hafu248ypA)DQSp40k*$lw!1ySkl(XVb^zq<UYrmX
e1n{&G+00Sf%zc&yg#O{w0P>}CFq8!})c*m*$xe>|

literal 0
HcmV?d00001

diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/.helmignore b/charts/universal-crossplane/universal-crossplane/1.4.400101/.helmignore
new file mode 100644
index 000000000..f0c131944
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/Chart.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/Chart.yaml
new file mode 100644
index 000000000..93be54f6f
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/Chart.yaml
@@ -0,0 +1,40 @@
+annotations:
+  catalog.cattle.io/certified: partner
+  catalog.cattle.io/display-name: Upbound Universal Crossplane
+  catalog.cattle.io/release-name: universal-crossplane
+apiVersion: v1
+appVersion: 1.4.4001
+description: Upbound Universal Crossplane (UXP) is Upbound's official enterprise-grade
+  distribution of Crossplane.
+home: https://upbound.io
+icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png
+keywords:
+- cloud
+- infrastructure
+- services
+- application
+- database
+- cache
+- bucket
+- infra
+- app
+- ops
+- oam
+- gcp
+- azure
+- aws
+- alibaba
+- cloudsql
+- rds
+- s3
+- azuredatabase
+- asparadb
+- gke
+- aks
+- eks
+kubeVersion: '>= 1.15'
+maintainers:
+- email: info@upbound.io
+  name: Upbound Inc.
+name: universal-crossplane
+version: 1.4.400101
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/app-readme.md b/charts/universal-crossplane/universal-crossplane/1.4.400101/app-readme.md
new file mode 100644
index 000000000..c6d8ecfe0
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/app-readme.md
@@ -0,0 +1,36 @@
+# Upbound Universal Crossplane (UXP)
+
+Upbound Universal Crossplane (UXP) is [Upbound's](https://upbound.io) official enterprise-grade distribution of [Crossplane](https://crossplane.io). It's fully compatible with upstream Crossplane, [open source](https://github.com/upbound/universal-crossplane), capable of connecting to [Upbound Cloud](https://cloud.upbound.io) for real-time dashboard visibility, and maintained by Upbound. It's the easiest way for both individual community members and enterprises to build their production control planes.
+
+## Connecting to Upbound Cloud
+
+You can optionally connect your Universal Crossplane instance to Upbound Cloud.
+Follow the steps below to connect your Universal Crossplane cluster to your Upbound Cloud Console.
+
+1. Install Upbound CLI
+
+	You will need to make sure you have the Upbound CLI installed before you continue. If you need more information on how to install the Upbound CLI, you can read the [Installing Upbound CLI Documentation](https://cloud.upbound.io/docs/cli).
+
+	```
+	curl -sL https://cli.upbound.io | sh
+	```
+
+2. Log in to Upbound Cloud
+
+	```
+	up cloud login --profile=rancher --account=$UPBOUND_ACCOUNT
+	```
+
+	Or, to log in using an Upbound [API token](https://cloud.upbound.io/account/settings/tokens):
+
+	```
+	up cloud login --profile=rancher --account=$UPBOUND_ACCOUNT --token=$API_TOKEN
+	```
+
+3. Create a Self-Hosted Control Plane
+
+	```
+	up cloud controlplane attach $CONTROL_PLANE_NAME --profile=rancher
+	```
+
+4. Provide the token obtained in the previous step as `upbound.controlPlane.token` under `Upbound Cloud` section
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/questions.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/questions.yaml
new file mode 100644
index 000000000..c5cb628bf
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/questions.yaml
@@ -0,0 +1,184 @@
+questions:
+# Upbound Cloud configuration
+- variable: upbound.controlPlane.token
+  label: upbound.controlPlane.token
+  required: false
+  type: password
+  description: Token used to connect Upbound Cloud
+  group: "Upbound Cloud"
+- variable: upbound.controlPlane.permission
+  label: upbound.controlPlane.permission
+  required: false
+  type: enum
+  default: "edit"
+  options:
+  - "edit"
+  - "view"
+  description: Cluster permissions for Upbound Cloud
+  group: "Upbound Cloud"
+# Basic Crossplane configuration
+- variable: replicas
+  label: replicas
+  description: Number of replicas to run for Crossplane pods
+  type: int
+  default: 1
+  required: true
+  group: "Crossplane"
+# Advanced Crossplane configuration
+- variable: advancedCrossplaneConfiguration
+  description: View advanced configuration settings
+  label: View advanced configuration
+  type: boolean
+  default: false
+  show_subquestion_if: true
+  group: "Crossplane"
+  subquestions:
+  - variable: leaderElection
+    label: leaderElection
+    description: "Enable leader election for Crossplane Managers pod"
+    type: boolean
+    default: true
+    required: false
+    group: "Crossplane"
+  - variable: deploymentStrategy
+    label: deploymentStrategy
+    description: "The deployment strategy for the Crossplane and RBAC Manager (if enabled) pods"
+    type: enum
+    default: "RollingUpdate"
+    options:
+    - "RollingUpdate"
+    - "Recreate"
+    required: true
+    group: "Crossplane"
+  - variable: priorityClassName
+    label: priorityClassName
+    description: "Priority class name for Crossplane and RBAC Manager (if enabled) pods"
+    type: string
+    required: false
+    group: "Crossplane"
+  - variable: metrics.enabled
+    label: metrics.enabled
+    description: "Expose Crossplane and RBAC Manager metrics endpoint"
+    type: boolean
+    required: false
+    group: "Crossplane"
+# Basic Crossplane RBAC Manager configuration
+- variable: rbacManager.deploy
+  label: rbacManager.deploy
+  description: "Deploy RBAC Manager"
+  type: boolean
+  default: true
+  required: true
+  group: "Crossplane RBAC Manager"
+- variable: rbacManager.replicas
+  label: rbacManager.replicas
+  description: "The number of replicas to run for the RBAC Manager pods"
+  type: int
+  default: 1
+  required: true
+  group: "Crossplane RBAC Manager"
+# Advanced Crossplane RBAC Manager configuration
+- variable: advancedRBACManagerConfiguration
+  description: View advanced configuration settings
+  label: View advanced configuration
+  type: boolean
+  default: false
+  show_subquestion_if: true
+  group: "Crossplane RBAC Manager"
+  subquestions:
+  - variable: rbacManager.leaderElection
+    label: rbacManager.leaderElection
+    description: "Enable leader election for RBAC Managers pod"
+    type: boolean
+    default: true
+    group: "Crossplane RBAC Manager"
+  - variable: rbacManager.managementPolicy
+    label: rbacManager.managementPolicy
+    description: RBAC manager permissions. 'All' enables management for every Crossplane controller and user role. 'Basic' enables management just for Crossplane controller roles and the crossplane-admin, crossplane-edit, and crossplane-view user roles.
+    type: enum
+    default: "Basic"
+    options:
+    - "Basic"
+    - "All"
+    required: true
+    group: "Crossplane RBAC Manager"
+  - variable: rbacManager.skipAggregatedClusterRoles
+    label: rbacManager.skipAggregatedClusterRoles
+    description: "Opt out of deploying aggregated ClusterRoles"
+    type: boolean
+    default: true
+    group: "Crossplane RBAC Manager"
+# Basic Package configuration
+- variable: provider.packages
+  label: provider.packages
+  description: List of Provider packages to install with Crossplane. Select 'Edit as YAML' for the best editing experience.
+  type: string
+  required: false
+  group: "Packages"
+- variable: configuration.packages
+  label: configuration.packages
+  description: List of Configuration packages to install with Crossplane. Select 'Edit as YAML' for the best editing experience.
+  type: string
+  required: false
+  group: "Packages"
+# Advanced Package configuration
+- variable: advancedPackageConfiguration
+  description: View advanced configuration settings
+  label: View advanced configuration
+  type: boolean
+  default: false
+  show_subquestion_if: true
+  group: "Packages"
+  subquestions:
+  - variable: packageCache.sizeLimit
+    label: packageCache.sizeLimit
+    description: "Size limit for package cache. If medium is Memory then maximum usage would be the minimum of this value the sum of all memory limits on containers in the Crossplane pod"
+    type: string
+    default: "5Mi"
+    group: "Packages"
+  - variable: packageCache.medium
+    label: packageCache.medium
+    description: "Storage medium for package cache. Memory means volume will be backed by tmpfs, which can be useful for development"
+    type: string
+    group: "Packages"
+  - variable: packageCache.pvc
+    label: packageCache.pvc
+    description: "Name of the PersistentVolumeClaim to be used as the package cache. Providing a value will cause the default emptyDir volume to not be mounted"
+    type: string
+    group: "Packages"
+# Basic XGQL configuration
+- variable: xgql.config.debugMode
+  label: xgql.config.debugMode
+  description: "Enable debug mode for XGQL"
+  type: boolean
+  default: false
+  group: "XGQL"
+# Advanced Crossplane configuration
+- variable: advancedXGQLConfiguration
+  description: View advanced configuration settings
+  label: View advanced configuration
+  type: boolean
+  default: false
+  show_subquestion_if: true
+  group: "XGQL"
+  subquestions:
+  - variable: xgql.metrics.enabled
+    label: xgql.metrics.enabled
+    description: "Expose XGQL metrics endpoint"
+    type: boolean
+    required: false
+    group: "XGQL"
+# Basic Agent configuration
+- variable: agent.config.debugMode
+  label: agent.config.debugMode
+  description: "Enable debug mode for Upbound Agent"
+  type: boolean
+  default: false
+  group: "Upbound Agent"
+# Basic Bootstrapper configuration
+- variable: bootstrapper.config.debugMode
+  label: bootstrapper.config.debugMode
+  description: "Enable debug mode for Bootstrapper"
+  type: boolean
+  default: false
+  group: "Bootstrapper"
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/NOTES.txt b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/NOTES.txt
new file mode 100644
index 000000000..33260c04f
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/NOTES.txt
@@ -0,0 +1,15 @@
+By proceeding, you are accepting to comply with terms and conditions in https://licenses.upbound.io/upbound-software-license.html
+
+✨ Thank you for installing Universal Crossplane!
+{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
+🚀 You can now connect your cluster to Upbound Cloud!
+
+Example command:
+{{ if eq .Values.upbound.controlPlane.permission "edit" }}
+$ up cloud controlplane attach <control plane name> | \
+up uxp connect --token-secret-name {{ .Values.upbound.controlPlane.tokenSecretName }} --namespace {{ .Release.Namespace }} -
+{{- else if eq .Values.upbound.controlPlane.permission "view" }}
+$ up cloud controlplane attach --view-only <control plane name> | \
+up uxp connect --token-secret-name {{ .Values.upbound.controlPlane.tokenSecretName }} --namespace {{ .Release.Namespace }} -
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/_helpers.tpl
new file mode 100644
index 000000000..7ba5d8058
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/_helpers.tpl
@@ -0,0 +1,21 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Common labels
+*/}}
+{{- define "labels" -}}
+helm.sh/chart: {{ include "chart" . }}
+{{ include "selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "selectorLabels" -}}
+app.kubernetes.io/name: {{ include "name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/_helpers.tpl
new file mode 100644
index 000000000..bdca1ae09
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/_helpers.tpl
@@ -0,0 +1,21 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "bootstrapper-name" -}}
+{{- "upbound-bootstrapper" -}}
+{{- end -}}
+
+{{/*
+Labels - bootstrapper
+*/}}
+{{- define "labelsBootstrapper" -}}
+{{ include "labels" . }}
+app.kubernetes.io/component: bootstrapper
+{{- end }}
+
+{{/*
+Selector labels - bootstrapper
+*/}}
+{{- define "selectorLabelsBootstrapper" -}}
+{{ include "selectorLabels" . }}
+app.kubernetes.io/component: bootstrapper
+{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/clusterrole.yaml
new file mode 100644
index 000000000..162abdd7a
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/clusterrole.yaml
@@ -0,0 +1,26 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "bootstrapper-name" . }}
+  labels:
+    {{- include "labelsBootstrapper" . | nindent 4 }}
+rules:
+  # Bootstrapper needs to identify the cluster uniquely and it does that by using
+  # UID of kube-system namespace.
+  - apiGroups:
+    - ""
+    resources:
+    - namespaces
+    resourceNames:
+    - "kube-system"
+    verbs:
+    - "get"
+  # Controller-runtime requires watch and list permissions to build its resource
+  # cache of the kind that any client query is made for.
+  - apiGroups:
+    - ""
+    resources:
+    - namespaces
+    verbs:
+    - "list"
+    - "watch"
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/clusterrolebinding.yaml
new file mode 100644
index 000000000..33fd634cd
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/clusterrolebinding.yaml
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "bootstrapper-name" . }}
+  labels:
+    {{- include "labelsBootstrapper" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "bootstrapper-name" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "bootstrapper-name" . }}
+    namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/deployment.yaml
new file mode 100644
index 000000000..0030f4139
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/deployment.yaml
@@ -0,0 +1,64 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "bootstrapper-name" . }}
+  labels:
+    {{- include "labelsBootstrapper" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "selectorLabelsBootstrapper" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "selectorLabelsBootstrapper" . | nindent 8 }}
+    spec:
+      serviceAccountName: {{ template "bootstrapper-name" . }}
+      {{- if .Values.billing.awsMarketplace.enabled }}
+      securityContext:
+        # Providing this is not required for 1.19 or later clusters.
+        # See https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html
+        fsGroup: 1337
+      {{- end }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+      {{- range $index, $secret := .Values.imagePullSecrets }}
+      - name: {{ $secret }}
+      {{- end }}
+      {{ end }}
+      containers:
+        - name: bootstrapper
+          image: "{{ .Values.bootstrapper.image.repository }}:{{ .Values.bootstrapper.image.tag }}"
+          args:
+            - start
+            - --namespace
+            - {{ .Release.Namespace }}
+            - --upbound-api-url
+            - {{ .Values.upbound.apiURL }}
+            - --upbound-token-secret
+            - {{ .Values.upbound.controlPlane.tokenSecretName }}
+            - --agent-manifest
+            - {{ include "agent-spec" . | b64enc }}
+            - --controller
+            - upbound-agent
+            - --controller
+            - tls-secrets
+          {{- if .Values.billing.awsMarketplace.enabled }}
+            - --controller
+            - aws-marketplace
+          {{- end }}
+          {{- if .Values.bootstrapper.config.debugMode }}
+            - "--debug"
+          {{- end }}
+          {{- range $arg := .Values.bootstrapper.config.args }}
+            - {{ $arg }}
+          {{- end }}
+          env:
+          {{- range $key, $value := .Values.bootstrapper.config.envVars }}
+            - name: {{ $key | replace "." "_" }}
+              value: {{ $value | quote }}
+          {{- end}}
+          imagePullPolicy: {{ .Values.bootstrapper.image.pullPolicy }}
+          resources:
+            {{- toYaml .Values.bootstrapper.resources | nindent 12 }}
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/role.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/role.yaml
new file mode 100644
index 000000000..cb19df19f
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/role.yaml
@@ -0,0 +1,28 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "bootstrapper-name" . }}
+  labels:
+    {{- include "labelsBootstrapper" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["create", "update", "patch", "delete"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["watch", "list"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "update", "patch"]
+    resourceNames:
+    - uxp-ca
+    - upbound-agent-public-certs
+    - upbound-agent-tls
+    - xgql-tls
+    - {{ .Values.upbound.controlPlane.tokenSecretName }}
+    {{- if .Values.billing.awsMarketplace.enabled }}
+    - upbound-entitlement
+    {{- end}}
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    verbs: ["create", "update", "watch", "list"]
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/rolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/rolebinding.yaml
new file mode 100644
index 000000000..aa41bb33a
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/rolebinding.yaml
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "bootstrapper-name" . }}
+  labels:
+    {{- include "labelsBootstrapper" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "bootstrapper-name" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "bootstrapper-name" . }}
+    namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/secret-entitlement.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/secret-entitlement.yaml
new file mode 100644
index 000000000..7e311b629
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/secret-entitlement.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.billing.awsMarketplace.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: upbound-entitlement
+  labels:
+    {{- include "labelsBootstrapper" . | nindent 4 }}
+type: Opaque
+{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/serviceaccount.yaml
new file mode 100644
index 000000000..1768272a3
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/serviceaccount.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "bootstrapper-name" . }}
+  {{- if and .Values.billing.awsMarketplace.enabled .Values.billing.awsMarketplace.iamRoleARN }}
+  annotations:
+    eks.amazonaws.com/role-arn: {{ .Values.billing.awsMarketplace.iamRoleARN | quote }}
+  {{- end }}
+  labels:
+    {{- include "labelsBootstrapper" . | nindent 4 }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/uxp-ca-tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/uxp-ca-tls-secret.yaml
new file mode 100644
index 000000000..07163971e
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/uxp-ca-tls-secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: uxp-ca
+  labels:
+    {{- include "labels" . | nindent 4 }}
+type: Opaque
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/versions-configmap.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/versions-configmap.yaml
new file mode 100644
index 000000000..008b62988
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/bootstrapper/versions-configmap.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: universal-crossplane-config
+  labels:
+    {{- include "labelsBootstrapper" . | nindent 4 }}
+data:
+  crossplaneVersion: {{ (trimPrefix "v" .Values.image.tag) }}
+  xgqlVersion: {{ (trimPrefix "v" .Values.xgql.image.tag) }}
+  agentVersion: {{ (trimPrefix "v" .Values.agent.image.tag) }}
+  uxpVersion: {{ .Chart.Version }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/NOTES.txt b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/NOTES.txt
new file mode 100644
index 000000000..f1c8a0c63
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/NOTES.txt
@@ -0,0 +1,8 @@
+Release: {{.Release.Name}}
+
+Chart Name: {{.Chart.Name}}
+Chart Description: {{.Chart.Description}}
+Chart Version: {{.Chart.Version}}
+Chart Application Version: {{.Chart.AppVersion}}
+
+Kube Version: {{.Capabilities.KubeVersion}}
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/_helpers.tpl
new file mode 100644
index 000000000..921e9df26
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/_helpers.tpl
@@ -0,0 +1,14 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/clusterrole.yaml
new file mode 100644
index 000000000..8a6b573cc
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/clusterrole.yaml
@@ -0,0 +1,93 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "name" . }}
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-crossplane: "true"
+rules: []
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "name" . }}:system:aggregate-to-crossplane
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+    crossplane.io/scope: "system"
+    rbac.crossplane.io/aggregate-to-crossplane: "true"
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - "*"
+- apiGroups:
+  - apiextensions.crossplane.io
+  - pkg.crossplane.io
+  resources:
+  - "*"
+  verbs:
+  - "*"
+- apiGroups:
+  - extensions
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - patch
+  - delete
+  - watch
+- apiGroups:
+  - ""
+  - coordination.k8s.io
+  resources:
+  - configmaps
+  - leases
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - patch
+  - watch
+  - delete
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/clusterrolebinding.yaml
new file mode 100644
index 000000000..d0fb877c2
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/clusterrolebinding.yaml
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "name" . }}
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "name" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "name" . }}
+  namespace: {{ .Release.Namespace }}
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/deployment.yaml
new file mode 100644
index 000000000..c8ac46d7f
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/deployment.yaml
@@ -0,0 +1,106 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "name" . }}
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: {{ template "name" . }}
+      release: {{ .Release.Name }}
+  strategy:
+    type: {{ .Values.deploymentStrategy }}
+  template:
+    metadata:
+      {{- if .Values.metrics.enabled }}
+      annotations:
+        prometheus.io/path: /metrics
+        prometheus.io/port: "8080"
+        prometheus.io/scrape: "true"
+      {{- end }}
+      labels:
+        app: {{ template "name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      securityContext:
+        {{- toYaml .Values.podSecurityContextCrossplane | nindent 8 }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName  | quote }}
+      {{- end }}
+      serviceAccountName: {{ template "name" . }}
+      initContainers:
+        - image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+          args:
+          - core
+          - init
+          {{- range $arg := .Values.provider.packages }}
+          - --provider
+          - "{{ $arg }}"
+          {{- end }}
+          {{- range $arg := .Values.configuration.packages }}
+          - --configuration
+          - "{{ $arg }}"
+          {{- end }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          name: {{ .Chart.Name }}-init
+          resources:
+            {{- toYaml .Values.resourcesCrossplane | nindent 12 }}
+          securityContext:
+            {{- toYaml .Values.securityContextCrossplane | nindent 12 }}
+      containers:
+      - image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        args:
+        - core
+        - start
+        {{- range $arg := .Values.args }}
+        - {{ $arg }}
+        {{- end }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        name: {{ .Chart.Name }}
+        resources:
+          {{- toYaml .Values.resourcesCrossplane | nindent 12 }}
+        {{- if .Values.metrics.enabled }}
+        ports:
+        - name: metrics
+          containerPort: 8080
+        {{- end }}
+        securityContext:
+          {{- toYaml .Values.securityContextCrossplane | nindent 12 }}
+        env:
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: LEADER_ELECTION
+            value: "{{ .Values.leaderElection }}"
+        {{- range $key, $value := .Values.extraEnvVarsCrossplane }}
+          - name: {{ $key | replace "." "_" }}
+            value: {{ $value | quote }}
+        {{- end}}
+        volumeMounts:
+          - mountPath: /cache
+            name: package-cache
+      volumes:
+      - name: package-cache
+        {{- if .Values.packageCache.pvc }}
+        persistentVolumeClaim:
+          claimName: {{ .Values.packageCache.pvc }}
+        {{- else }}
+        emptyDir:
+          medium: {{ .Values.packageCache.medium }}
+          sizeLimit: {{ .Values.packageCache.sizeLimit }}
+        {{- end }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+      {{- end }}
+      {{- if .Values.tolerations }}
+      tolerations: {{ toYaml .Values.tolerations | nindent 8 }}
+      {{- end }}
+      {{- if .Values.affinity }}
+      affinity: {{ toYaml .Values.affinity | nindent 8 }}
+      {{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml
new file mode 100644
index 000000000..3b6ce2270
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.rbacManager.deploy }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "name" . }}:allowed-provider-permissions
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-allowed-provider-permissions: "true"
+{{- end}}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-clusterrole.yaml
new file mode 100644
index 000000000..de8478697
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-clusterrole.yaml
@@ -0,0 +1,94 @@
+{{- if .Values.rbacManager.deploy }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "name" . }}-rbac-manager
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - serviceaccounts
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources:
+  - compositeresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - pkg.crossplane.io
+  resources:
+  - providerrevisions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  - roles
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  # The RBAC manager may grant access it does not have.
+  - escalate
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  verbs:
+  - bind
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterrolebindings
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  - coordination.k8s.io
+  resources:
+  - configmaps
+  - leases
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - patch
+  - watch
+  - delete
+{{- end}}
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-clusterrolebinding.yaml
new file mode 100644
index 000000000..bda467f24
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.rbacManager.deploy }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "name" . }}-rbac-manager
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "name" . }}-rbac-manager
+subjects:
+- kind: ServiceAccount
+  name: rbac-manager
+  namespace: {{ .Release.Namespace }}
+{{- end}}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-deployment.yaml
new file mode 100644
index 000000000..c36144e70
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-deployment.yaml
@@ -0,0 +1,87 @@
+{{- if .Values.rbacManager.deploy }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "name" . }}-rbac-manager
+  labels:
+    app: {{ template "name" . }}-rbac-manager
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.rbacManager.replicas }}
+  selector:
+    matchLabels:
+      app: {{ template "name" . }}-rbac-manager
+      release: {{ .Release.Name }}
+  strategy:
+    type: {{ .Values.deploymentStrategy }}
+  template:
+    metadata:
+      {{- if .Values.metrics.enabled }}
+      annotations:
+        prometheus.io/path: /metrics
+        prometheus.io/port: "8080"
+        prometheus.io/scrape: "true"
+      {{- end }}
+      labels:
+        app: {{ template "name" . }}-rbac-manager
+        release: {{ .Release.Name }}
+    spec:
+      securityContext:
+        {{- toYaml .Values.podSecurityContextRBACManager | nindent 8 }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- end }}
+      serviceAccountName: rbac-manager
+      initContainers:
+      - image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        args:
+        - rbac
+        - init
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        name: {{ .Chart.Name }}-init
+        resources:
+          {{- toYaml .Values.resourcesRBACManager | nindent 12 }}
+        securityContext:
+          {{- toYaml .Values.securityContextRBACManager | nindent 12 }}
+      containers:
+      - image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        args:
+        - rbac
+        - start
+        {{- if .Values.rbacManager.managementPolicy }}
+        - --manage={{ .Values.rbacManager.managementPolicy }}
+        {{- end }}
+        {{- range $arg := .Values.rbacManager.args }}
+        - {{ $arg }}
+        {{- end }}
+        - --provider-clusterrole={{ template "name" .}}:allowed-provider-permissions
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        name: {{ .Chart.Name }}
+        resources:
+          {{- toYaml .Values.resourcesRBACManager | nindent 12 }}
+        {{- if .Values.metrics.enabled }}
+        ports:
+        - name: metrics
+          containerPort: 8080
+        {{- end }}
+        securityContext:
+          {{- toYaml .Values.securityContextRBACManager | nindent 12 }}
+        env:
+          - name: LEADER_ELECTION
+            value: "{{ .Values.rbacManager.leaderElection }}"
+        {{- range $key, $value := .Values.extraEnvVarsRBACManager }}
+          - name: {{ $key | replace "." "_" }}
+            value: {{ $value | quote }}
+        {{- end}}
+      {{- if .Values.rbacManager.nodeSelector }}
+      nodeSelector: {{ toYaml .Values.rbacManager.nodeSelector | nindent 8 }}
+      {{- end }}
+      {{- if .Values.rbacManager.tolerations }}
+      tolerations: {{ toYaml .Values.rbacManager.tolerations | nindent 8 }}
+      {{- end }}
+      {{- if .Values.rbacManager.affinity }}
+      affinity: {{ toYaml .Values.rbacManager.affinity | nindent 8 }}
+      {{- end }}
+{{- end}}
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-managed-clusterroles.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-managed-clusterroles.yaml
new file mode 100644
index 000000000..3d41fb9b5
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-managed-clusterroles.yaml
@@ -0,0 +1,279 @@
+{{- if .Values.rbacManager.deploy }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "name" . }}-admin
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "name" . }}-admin
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: {{ template "name" . }}:masters
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "name" . }}-admin
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-admin: "true"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "name" . }}-edit
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-edit: "true"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "name" . }}-view
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-view: "true"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "name" . }}-browse
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rbac.crossplane.io/aggregate-to-browse: "true"
+{{- if not .Values.rbacManager.skipAggregatedClusterRoles }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "name" . }}:aggregate-to-admin
+  labels:
+    rbac.crossplane.io/aggregate-to-admin: "true"
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+# Crossplane administrators have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane administrators must create provider credential secrets, and may
+# need to read or otherwise interact with connection secrets. They may also need
+# to create or annotate namespaces.
+- apiGroups: [""]
+  resources: [secrets, namespaces]
+  verbs: ["*"]
+# Crossplane administrators have access to view the roles that they may be able
+# to grant to other subjects.
+- apiGroups: [rbac.authorization.k8s.io]
+  resources: [clusterroles, roles]
+  verbs: [get, list, watch]
+# Crossplane administrators have access to grant the access they have to other
+# subjects.
+- apiGroups: [rbac.authorization.k8s.io]
+  resources: [clusterrolebindings, rolebindings]
+  verbs: ["*"]
+# Crossplane administrators have full access to built in Crossplane types.
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources: ["*"]
+  verbs: ["*"]
+- apiGroups:
+  - pkg.crossplane.io
+  resources: [providers, configurations, providerrevisions, configurationrevisions]
+  verbs: ["*"]
+# Crossplane administrators have access to view CRDs in order to debug XRDs.
+- apiGroups: [apiextensions.k8s.io]
+  resources: [customresourcedefinitions]
+  verbs: [get, list, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "name" . }}:aggregate-to-edit
+  labels:
+    rbac.crossplane.io/aggregate-to-edit: "true"
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+# Crossplane editors have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane editors must create provider credential secrets, and may need to
+# read or otherwise interact with connection secrets.
+- apiGroups: [""]
+  resources: [secrets]
+  verbs: ["*"]
+# Crossplane editors may see which namespaces exist, but not edit them.
+- apiGroups: [""]
+  resources: [namespaces]
+  verbs: [get, list, watch]
+# Crossplane editors have full access to built in Crossplane types.
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources: ["*"]
+  verbs: ["*"]
+- apiGroups:
+  - pkg.crossplane.io
+  resources: [providers, configurations, providerrevisions, configurationrevisions]
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "name" . }}:aggregate-to-view
+  labels:
+    rbac.crossplane.io/aggregate-to-view: "true"
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+# Crossplane viewers have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane viewers may see which namespaces exist.
+- apiGroups: [""]
+  resources: [namespaces]
+  verbs: [get, list, watch]
+# Crossplane viewers have read-only access to built in Crossplane types.
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources: ["*"]
+  verbs: [get, list, watch]
+- apiGroups:
+  - pkg.crossplane.io
+  resources: [providers, configurations, providerrevisions, configurationrevisions]
+  verbs: [get, list, watch]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "name" . }}:aggregate-to-browse
+  labels:
+    rbac.crossplane.io/aggregate-to-browse: "true"
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+# Crossplane browsers have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane browsers have read-only access to compositions and XRDs. This
+# allows them to discover and select an appropriate composition when creating a
+# resource claim.
+- apiGroups:
+  - apiextensions.crossplane.io
+  resources: ["*"]
+  verbs: [get, list, watch]
+{{- if .Values.rbacManager.managementPolicy }}
+---
+# The below ClusterRoles are aggregated to the namespaced RBAC roles created by
+# the Crossplane RBAC manager when it is running in --manage=All mode.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "name" . }}:aggregate-to-ns-admin
+  labels:
+    rbac.crossplane.io/aggregate-to-ns-admin: "true"
+    rbac.crossplane.io/base-of-ns-admin: "true"
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+# Crossplane namespace admins have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane namespace admins may need to read or otherwise interact with
+# resource claim connection secrets.
+- apiGroups: [""]
+  resources: [secrets]
+  verbs: ["*"]
+# Crossplane namespace admins have access to view the roles that they may be
+# able to grant to other subjects.
+- apiGroups: [rbac.authorization.k8s.io]
+  resources: [roles]
+  verbs: [get, list, watch]
+# Crossplane namespace admins have access to grant the access they have to other
+# subjects.
+- apiGroups: [rbac.authorization.k8s.io]
+  resources: [rolebindings]
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "name" . }}:aggregate-to-ns-edit
+  labels:
+    rbac.crossplane.io/aggregate-to-ns-edit: "true"
+    rbac.crossplane.io/base-of-ns-edit: "true"
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+# Crossplane namespace editors have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+# Crossplane namespace editors may need to read or otherwise interact with
+# resource claim connection secrets.
+- apiGroups: [""]
+  resources: [secrets]
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "name" . }}:aggregate-to-ns-view
+  labels:
+    rbac.crossplane.io/aggregate-to-ns-view: "true"
+    rbac.crossplane.io/base-of-ns-view: "true"
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+# Crossplane namespace viewers have access to view events.
+- apiGroups: [""]
+  resources: [events]
+  verbs: [get, list, watch]
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-serviceaccount.yaml
new file mode 100644
index 000000000..dfefe4050
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/rbac-manager-serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.rbacManager.deploy }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rbac-manager
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- end}}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/serviceaccount.yaml
new file mode 100644
index 000000000..d3d47223c
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/crossplane/serviceaccount.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "name" . }}
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ template "chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- if .Values.imagePullSecrets }}
+imagePullSecrets:
+{{- range $index, $secret := .Values.imagePullSecrets }}
+- name: {{ $secret }}
+{{- end }}
+{{ end }}
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/_deployment-spec.tpl b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/_deployment-spec.tpl
new file mode 100644
index 000000000..281f34e72
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/_deployment-spec.tpl
@@ -0,0 +1,87 @@
+{{- define "agent-spec" -}}
+replicas: 1
+selector:
+  matchLabels:
+    {{- include "selectorLabelsAgent" . | nindent 8 }}
+template:
+  metadata:
+    labels:
+      {{- include "selectorLabelsAgent" . | nindent 10 }}
+  spec:
+    serviceAccountName: {{ template "agent-name" . }}
+    {{- if .Values.imagePullSecrets }}
+    imagePullSecrets:
+    {{- range $index, $secret := .Values.imagePullSecrets }}
+    - name: {{ $secret }}
+    {{- end }}
+    {{ end }}
+    containers:
+      - name: agent
+        image: "{{ .Values.agent.image.repository }}:{{ .Values.agent.image.tag }}"
+        args:
+        - agent
+        - --tls-cert-file
+        - /etc/certs/upbound-agent/tls.crt
+        - --tls-key-file
+        - /etc/certs/upbound-agent/tls.key
+        - --xgql-ca-bundle-file
+        - /etc/certs/upbound-agent/ca.crt
+        - --nats-endpoint
+        - nats://{{ .Values.upbound.connectHost }}:{{ .Values.upbound.connectPort | default "443" }}
+        - --upbound-api-endpoint
+        - {{ .Values.upbound.apiURL }}
+        {{- if .Values.agent.config.debugMode }}
+        - "--debug"
+        {{- end }}
+        {{- range $arg := .Values.agent.config.args }}
+        - {{ $arg }}
+        {{- end }}
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: CONTROL_PLANE_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.upbound.controlPlane.tokenSecretName }}
+              key: token
+        {{- range $key, $value := .Values.agent.config.envVars }}
+        - name: {{ $key | replace "." "_" }}
+          value: {{ $value | quote }}
+        {{- end}}
+        imagePullPolicy: {{ .Values.agent.image.pullPolicy }}
+        ports:
+        - name: agent
+          containerPort: 6443
+          protocol: TCP
+        resources:
+          {{- toYaml .Values.agent.resources | nindent 14 }}
+        readinessProbe:
+          httpGet:
+            scheme: HTTPS
+            path: /readyz
+            port: 6443
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+          periodSeconds: 5
+          failureThreshold: 3
+        livenessProbe:
+          httpGet:
+            scheme: HTTPS
+            path: /livez
+            port: 6443
+          initialDelaySeconds: 10
+          timeoutSeconds: 5
+          periodSeconds: 30
+          failureThreshold: 5
+        volumeMounts:
+          - mountPath: /etc/certs/upbound-agent
+            name: certs
+            readOnly: true
+    volumes:
+      - name: certs
+        secret:
+          defaultMode: 420
+          secretName: upbound-agent-tls
+{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/_helpers.tpl
new file mode 100644
index 000000000..4db04bfaa
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/_helpers.tpl
@@ -0,0 +1,22 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "agent-name" -}}
+{{- "upbound-agent" -}}
+{{- end -}}
+
+{{/*
+Labels - agent
+*/}}
+{{- define "labelsAgent" -}}
+{{ include "labels" . }}
+app.kubernetes.io/component: agent
+{{- end }}
+
+{{/*
+Selector labels - agent
+*/}}
+{{- define "selectorLabelsAgent" -}}
+{{ include "selectorLabels" . }}
+app.kubernetes.io/component: agent
+{{- end }}
+
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/clusterrole.yaml
new file mode 100644
index 000000000..9dc24441e
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/clusterrole.yaml
@@ -0,0 +1,40 @@
+{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "agent-name" . }}
+  labels:
+    {{- include "labelsAgent" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    resourceNames: ["kube-system"]
+    verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "agent-name" . }}-impersonator
+  labels:
+    {{- include "labelsAgent" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["users"]
+    verbs: ["impersonate"]
+    resourceNames: ["upbound-cloud-impersonator"]
+  - apiGroups: ["authentication.k8s.io"]
+    resources: ["userextras/upbound-id"]
+    verbs: ["impersonate"]
+  - apiGroups: [""]
+    resources: ["groups"]
+    resourceNames:
+    # system:authenticated is required for calls to discovery API. Some Kubernetes
+    # clients like kubectl use it to figure out exactly which endpoints to call
+    # for given arguments.
+    - "system:authenticated"
+    - "upbound:view"
+{{- if eq .Values.upbound.controlPlane.permission "edit" }}
+    - "upbound:edit"
+{{- end }}
+    verbs: ["impersonate"]
+{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/clusterrolebindings-managed.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/clusterrolebindings-managed.yaml
new file mode 100644
index 000000000..66e157620
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/clusterrolebindings-managed.yaml
@@ -0,0 +1,34 @@
+{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "name" . }}-view
+  labels:
+    {{- include "labelsAgent" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "name" . }}-view
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: upbound:view
+{{- if eq .Values.upbound.controlPlane.permission "edit" }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "name" . }}-edit
+  labels:
+    {{- include "labelsAgent" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "name" . }}-edit
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: upbound:edit
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/clusterrolebindings.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/clusterrolebindings.yaml
new file mode 100644
index 000000000..ec99faf43
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/clusterrolebindings.yaml
@@ -0,0 +1,31 @@
+{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "agent-name" . }}
+  labels:
+    {{- include "labelsAgent" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "agent-name" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "agent-name" . }}
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "agent-name" . }}-impersonator
+  labels:
+    {{- include "labelsAgent" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "agent-name" . }}-impersonator
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "agent-name" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/clusterroles-managed.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/clusterroles-managed.yaml
new file mode 100644
index 000000000..fcca427a0
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/clusterroles-managed.yaml
@@ -0,0 +1,66 @@
+{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
+# There are more permissions in upstream aggregated ClusterRoles than we'd like
+# to have, so, we have our own ClusterRoles with only the permissions we need.
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "name" . }}:aggregate-to-view
+  labels:
+    rbac.crossplane.io/aggregate-to-view: "true"
+    {{- include "labelsAgent" . | nindent 4 }}
+rules:
+  # Universal Crossplane viewers have access to view events.
+  - apiGroups: [""]
+    resources: [events]
+    verbs: [get, list, watch]
+  # Universal Crossplane viewers may see which namespaces exist.
+  - apiGroups: [""]
+    resources: [namespaces]
+    verbs: [get, list, watch]
+  # Universal Crossplane viewers may see CRDs installed in the cluster.
+  - apiGroups: [apiextensions.k8s.io]
+    resources: [customresourcedefinitions]
+    verbs: [get, list, watch]
+  # Universal Crossplane viewers have read-only access to built in Crossplane types.
+  - apiGroups:
+      - apiextensions.crossplane.io
+    resources: ["*"]
+    verbs: [get, list, watch]
+  - apiGroups:
+      - pkg.crossplane.io
+    resources: [providers, configurations, providerrevisions, configurationrevisions]
+    verbs: [get, list, watch]
+{{- if eq .Values.upbound.controlPlane.permission "edit" }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "name" . }}:aggregate-to-edit
+  labels:
+    rbac.crossplane.io/aggregate-to-edit: "true"
+    {{- include "labelsAgent" . | nindent 4 }}
+rules:
+  # Universal Crossplane editors have access to view events.
+  - apiGroups: [""]
+    resources: [events]
+    verbs: [get, list, watch]
+  # Universal Crossplane editors may see which namespaces exist, but not edit them.
+  - apiGroups: [""]
+    resources: [namespaces]
+    verbs: [get, list, watch]
+  # Universal Crossplane editors may see CRDs installed in the cluster.
+  - apiGroups: [apiextensions.k8s.io]
+    resources: [customresourcedefinitions]
+    verbs: [get, list, watch]
+  # Universal Crossplane editors have full access to built in Crossplane types.
+  - apiGroups:
+      - apiextensions.crossplane.io
+    resources: ["*"]
+    verbs: ["*"]
+  - apiGroups:
+      - pkg.crossplane.io
+    resources: [providers, configurations, providerrevisions, configurationrevisions]
+    verbs: ["*"]
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/control-plane-token-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/control-plane-token-secret.yaml
new file mode 100644
index 000000000..897846ae7
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/control-plane-token-secret.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.upbound.controlPlane.token }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.upbound.controlPlane.tokenSecretName }}
+  labels:
+    {{- include "labels" . | nindent 4 }}
+type: Opaque
+data:
+  token: {{ .Values.upbound.controlPlane.token | b64enc | quote }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/role.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/role.yaml
new file mode 100644
index 000000000..960bc4d48
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/role.yaml
@@ -0,0 +1,66 @@
+{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
+---
+# We need to be able to read universal-crossplane-config configmap in the namespace
+# where UXP is deployed to provide version/configuration information.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "agent-name" . }}-uxp-config
+  labels:
+    {{- include "labelsAgent" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    resourceNames: ["universal-crossplane-config"]
+    verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "agent-name" . }}-uxp-config
+  labels:
+    {{- include "labelsAgent" . | nindent 4 }}
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: upbound:view
+{{- if eq .Values.upbound.controlPlane.permission "edit" }}
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: upbound:edit
+{{- end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "agent-name" . }}-uxp-config
+{{- end }}
+{{- if eq .Values.upbound.controlPlane.permission "edit" }}
+---
+# We need to be able to manage Secrets in the namespace where UXP is deployed
+# so that Secrets pointed by ProviderConfig objects can be created by the agent.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "agent-name" . }}-secret
+  labels:
+    {{- include "labelsAgent" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "agent-name" . }}-secret
+  labels:
+    {{- include "labelsAgent" . | nindent 4 }}
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: upbound:edit
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "agent-name" . }}-secret
+{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/service.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/service.yaml
new file mode 100644
index 000000000..7e22879a3
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/service.yaml
@@ -0,0 +1,16 @@
+{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "agent-name" . }}
+  labels:
+    {{- include "labelsAgent" . | nindent 4 }}
+spec:
+  selector:
+    {{- include "selectorLabelsAgent" . | nindent 4 }}
+  ports:
+    - port: 6443
+      targetPort: 6443
+      protocol: TCP
+      name: https
+{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/serviceaccount.yaml
new file mode 100644
index 000000000..fe136d5c0
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/serviceaccount.yaml
@@ -0,0 +1,8 @@
+{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "agent-name" . }}
+  labels:
+    {{- include "labelsAgent" . | nindent 4 }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/tls-secret.yaml
new file mode 100644
index 000000000..19a5c9748
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/upbound-agent/tls-secret.yaml
@@ -0,0 +1,9 @@
+{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: upbound-agent-tls
+  labels:
+    {{- include "labelsAgent" . | nindent 4 }}
+type: Opaque
+{{- end }}
\ No newline at end of file
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/_helpers.tpl
new file mode 100644
index 000000000..bd1141516
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/_helpers.tpl
@@ -0,0 +1,22 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "xgql-name" -}}
+{{- "xgql" -}}
+{{- end -}}
+
+{{/*
+Labels - xgql
+*/}}
+{{- define "labelsXgql" -}}
+{{ include "labels" . }}
+app.kubernetes.io/component: xgql
+{{- end }}
+
+{{/*
+Selector labels - xgql
+*/}}
+{{- define "selectorLabelsXgql" -}}
+{{ include "selectorLabels" . }}
+app.kubernetes.io/component: xgql
+{{- end }}
+
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/deployment.yaml
new file mode 100644
index 000000000..66f3694cc
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/deployment.yaml
@@ -0,0 +1,63 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "xgql-name" . }}
+  labels:
+    {{- include "labelsXgql" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "selectorLabelsXgql" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "selectorLabelsXgql" . | nindent 8 }}
+    spec:
+      serviceAccountName: {{ template "xgql-name" . }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+      {{- range $index, $secret := .Values.imagePullSecrets }}
+        - name: {{ $secret }}
+      {{- end }}
+      {{ end }}
+      containers:
+      - name: xgql
+        image: "{{ .Values.xgql.image.repository }}:{{ .Values.xgql.image.tag }}"
+        imagePullPolicy: {{ .Values.xgql.image.pullPolicy }}
+        resources:
+          {{- toYaml .Values.xgql.resources | nindent 12 }}
+        ports:
+          - name: https
+            containerPort: 8443
+            protocol: TCP
+        {{- if .Values.xgql.metrics.enabled }}
+          - name: metrics
+            containerPort: 8080
+        {{- end }}
+        args:
+          - --tls-key=/etc/certs/xgql/tls.key
+          - --tls-cert=/etc/certs/xgql/tls.crt
+          {{- if .Values.xgql.config.debugMode }}
+          - "--debug"
+          {{- end }}
+          {{- range $arg := .Values.xgql.config.args }}
+          - {{ $arg }}
+          {{- end }}
+        env:
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+        {{- range $key, $value := .Values.xgql.config.envVars }}
+          - name: {{ $key | replace "." "_" }}
+            value: {{ $value | quote }}
+        {{- end}}
+        volumeMounts:
+          - mountPath: /etc/certs/xgql
+            name: certs
+            readOnly: true
+      volumes:
+        - name: certs
+          secret:
+            defaultMode: 420
+            secretName: xgql-tls
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/service.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/service.yaml
new file mode 100644
index 000000000..80f822d3c
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "xgql-name" . }}
+  labels:
+    {{- include "labelsXgql" . | nindent 4 }}
+spec:
+  selector:
+    {{- include "selectorLabelsXgql" . | nindent 4 }}
+  ports:
+    - port: 443
+      targetPort: https
+      protocol: TCP
+      name: https
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/serviceaccount.yaml
new file mode 100644
index 000000000..88e8bbdb7
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/serviceaccount.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "xgql-name" . }}
+  labels:
+    {{- include "labelsXgql" . | nindent 4 }}
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/tls-secret.yaml
new file mode 100644
index 000000000..4b06ca735
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/templates/xgql/tls-secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: xgql-tls
+  labels:
+    {{- include "labelsXgql" . | nindent 4 }}
+type: Opaque
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/values.yaml b/charts/universal-crossplane/universal-crossplane/1.4.400101/values.yaml
new file mode 100644
index 000000000..70027244f
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/values.yaml
@@ -0,0 +1,185 @@
+nameOverride: "crossplane"
+
+replicas: 1
+
+deploymentStrategy: RollingUpdate
+
+image:
+  repository: upbound/crossplane
+  tag: v1.4.4-up.1
+  pullPolicy: IfNotPresent
+
+nodeSelector: {}
+tolerations: {}
+affinity: {}
+
+leaderElection: true
+args: {}
+
+provider:
+  packages: []
+
+configuration:
+  packages: []
+
+imagePullSecrets:
+  - dockerhub
+
+rbacManager:
+  deploy: true
+  skipAggregatedClusterRoles: true
+  replicas: 1
+  managementPolicy: Basic
+  leaderElection: true
+  args: {}
+  nodeSelector: {}
+  tolerations: {}
+  affinity: {}
+
+priorityClassName: ""
+
+resourcesCrossplane:
+  limits:
+    cpu: 100m
+    memory: 512Mi
+  requests:
+    cpu: 100m
+    memory: 256Mi
+
+securityContextCrossplane:
+  runAsUser: 65532
+  runAsGroup: 65532
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+
+packageCache:
+  medium: ""
+  sizeLimit: 5Mi
+  pvc: ""
+
+resourcesRBACManager:
+  limits:
+    cpu: 100m
+    memory: 512Mi
+  requests:
+    cpu: 100m
+    memory: 256Mi
+
+securityContextRBACManager:
+  runAsUser: 65532
+  runAsGroup: 65532
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+
+metrics:
+  enabled: false
+
+# List of extra environment variables to set in the crossplane deployment.
+# EXAMPLE
+# extraEnvironmentVars:
+#   sample.key: value1
+#   ANOTHER.KEY: value2
+# RESULT
+#   - name: sample_key
+#     value: "value1"
+#   - name: ANOTHER_KEY
+#     value: "value2"
+extraEnvVarsCrossplane: {}
+
+# List of extra environment variables to set in the crossplane rbac manager deployment.
+# EXAMPLE
+# extraEnvironmentVars:
+#   sample.key: value1
+#   ANOTHER.KEY: value2
+# RESULT
+#   - name: sample_key
+#     value: "value1"
+#   - name: ANOTHER_KEY
+#     value: "value2"
+extraEnvVarsRBACManager: {}
+
+podSecurityContextCrossplane: {}
+
+podSecurityContextRBACManager: {}
+
+### Agent Values
+
+upbound:
+  apiURL: "https://api.upbound.io"
+  connectHost: "connect.upbound.io"
+  controlPlane:
+    permission: edit
+    tokenSecretName: upbound-control-plane-token
+    token: ""
+
+xgql:
+  image:
+    repository: upbound/xgql
+    tag: v0.1.5
+    pullPolicy: IfNotPresent
+  resources: {}
+  metrics:
+    enabled: false
+  config:
+    debugMode: false
+    args: []
+    envVars: {}
+    # List of extra environment variables to set in the xgql deployment.
+    # EXAMPLE
+    # envVars:
+    #   sample.key: value1
+    #   ANOTHER.KEY: value2
+    # RESULT
+    #   - name: sample_key
+    #     value: "value1"
+    #   - name: ANOTHER_KEY
+    #     value: "value2"
+
+agent:
+  image:
+    repository: upbound/upbound-agent
+    tag: v1.4.4-up.1
+    pullPolicy: IfNotPresent
+  resources: {}
+  config:
+    debugMode: false
+    args: []
+    envVars: {}
+    # List of extra environment variables to set in the agent deployment.
+    # EXAMPLE
+    # envVars:
+    #   sample.key: value1
+    #   ANOTHER.KEY: value2
+    # RESULT
+    #   - name: sample_key
+    #     value: "value1"
+    #   - name: ANOTHER_KEY
+    #     value: "value2"
+
+### Bootstrapper Values
+
+bootstrapper:
+  image:
+    repository: upbound/uxp-bootstrapper
+    tag: v1.4.4-up.1
+    pullPolicy: IfNotPresent
+  resources: {}
+  config:
+    debugMode: false
+    args: []
+    envVars: {}
+    # List of extra environment variables to set in the bootstrapper deployment.
+    # EXAMPLE
+    # envVars:
+    #   sample.key: value1
+    #   ANOTHER.KEY: value2
+    # RESULT
+    #   - name: sample_key
+    #     value: "value1"
+    #   - name: ANOTHER_KEY
+    #     value: "value2"
+
+billing:
+  awsMarketplace:
+    enabled: false
+    iamRoleARN: arn:aws:iam::<ACCOUNT_ID>:role/<ROLE_NAME>
diff --git a/charts/universal-crossplane/universal-crossplane/1.4.400101/values.yaml.tmpl b/charts/universal-crossplane/universal-crossplane/1.4.400101/values.yaml.tmpl
new file mode 100644
index 000000000..2e91ec174
--- /dev/null
+++ b/charts/universal-crossplane/universal-crossplane/1.4.400101/values.yaml.tmpl
@@ -0,0 +1,185 @@
+nameOverride: "crossplane"
+
+replicas: 1
+
+deploymentStrategy: RollingUpdate
+
+image:
+  repository: upbound/crossplane
+  tag: %%CROSSPLANE_TAG%%
+  pullPolicy: IfNotPresent
+
+nodeSelector: {}
+tolerations: {}
+affinity: {}
+
+leaderElection: true
+args: {}
+
+provider:
+  packages: []
+
+configuration:
+  packages: []
+
+imagePullSecrets:
+  - dockerhub
+
+rbacManager:
+  deploy: true
+  skipAggregatedClusterRoles: true
+  replicas: 1
+  managementPolicy: Basic
+  leaderElection: true
+  args: {}
+  nodeSelector: {}
+  tolerations: {}
+  affinity: {}
+
+priorityClassName: ""
+
+resourcesCrossplane:
+  limits:
+    cpu: 100m
+    memory: 512Mi
+  requests:
+    cpu: 100m
+    memory: 256Mi
+
+securityContextCrossplane:
+  runAsUser: 65532
+  runAsGroup: 65532
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+
+packageCache:
+  medium: ""
+  sizeLimit: 5Mi
+  pvc: ""
+
+resourcesRBACManager:
+  limits:
+    cpu: 100m
+    memory: 512Mi
+  requests:
+    cpu: 100m
+    memory: 256Mi
+
+securityContextRBACManager:
+  runAsUser: 65532
+  runAsGroup: 65532
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+
+metrics:
+  enabled: false
+
+# List of extra environment variables to set in the crossplane deployment.
+# EXAMPLE
+# extraEnvironmentVars:
+#   sample.key: value1
+#   ANOTHER.KEY: value2
+# RESULT
+#   - name: sample_key
+#     value: "value1"
+#   - name: ANOTHER_KEY
+#     value: "value2"
+extraEnvVarsCrossplane: {}
+
+# List of extra environment variables to set in the crossplane rbac manager deployment.
+# EXAMPLE
+# extraEnvironmentVars:
+#   sample.key: value1
+#   ANOTHER.KEY: value2
+# RESULT
+#   - name: sample_key
+#     value: "value1"
+#   - name: ANOTHER_KEY
+#     value: "value2"
+extraEnvVarsRBACManager: {}
+
+podSecurityContextCrossplane: {}
+
+podSecurityContextRBACManager: {}
+
+### Agent Values
+
+upbound:
+  apiURL: "https://api.upbound.io"
+  connectHost: "connect.upbound.io"
+  controlPlane:
+    permission: edit
+    tokenSecretName: upbound-control-plane-token
+    token: ""
+
+xgql:
+  image:
+    repository: upbound/xgql
+    tag: %%XGQL_TAG%%
+    pullPolicy: IfNotPresent
+  resources: {}
+  metrics:
+    enabled: false
+  config:
+    debugMode: false
+    args: []
+    envVars: {}
+    # List of extra environment variables to set in the xgql deployment.
+    # EXAMPLE
+    # envVars:
+    #   sample.key: value1
+    #   ANOTHER.KEY: value2
+    # RESULT
+    #   - name: sample_key
+    #     value: "value1"
+    #   - name: ANOTHER_KEY
+    #     value: "value2"
+
+agent:
+  image:
+    repository: upbound/upbound-agent
+    tag: %%AGENT_TAG%%
+    pullPolicy: IfNotPresent
+  resources: {}
+  config:
+    debugMode: false
+    args: []
+    envVars: {}
+    # List of extra environment variables to set in the agent deployment.
+    # EXAMPLE
+    # envVars:
+    #   sample.key: value1
+    #   ANOTHER.KEY: value2
+    # RESULT
+    #   - name: sample_key
+    #     value: "value1"
+    #   - name: ANOTHER_KEY
+    #     value: "value2"
+
+### Bootstrapper Values
+
+bootstrapper:
+  image:
+    repository: upbound/uxp-bootstrapper
+    tag: %%BOOTSTRAPPER_TAG%%
+    pullPolicy: IfNotPresent
+  resources: {}
+  config:
+    debugMode: false
+    args: []
+    envVars: {}
+    # List of extra environment variables to set in the bootstrapper deployment.
+    # EXAMPLE
+    # envVars:
+    #   sample.key: value1
+    #   ANOTHER.KEY: value2
+    # RESULT
+    #   - name: sample_key
+    #     value: "value1"
+    #   - name: ANOTHER_KEY
+    #     value: "value2"
+
+billing:
+  awsMarketplace:
+    enabled: false
+    iamRoleARN: arn:aws:iam::<ACCOUNT_ID>:role/<ROLE_NAME>
diff --git a/index.yaml b/index.yaml
index 63b757153..25391bc14 100755
--- a/index.yaml
+++ b/index.yaml
@@ -3386,6 +3386,50 @@ entries:
     urls:
     - assets/universal-crossplane/universal-crossplane-1.5.100101.tgz
     version: 1.5.100101
+  - annotations:
+      catalog.cattle.io/certified: partner
+      catalog.cattle.io/display-name: Upbound Universal Crossplane
+      catalog.cattle.io/release-name: universal-crossplane
+    apiVersion: v1
+    appVersion: 1.4.4001
+    created: "2022-02-27T17:31:03.077775885-05:00"
+    description: Upbound Universal Crossplane (UXP) is Upbound's official enterprise-grade
+      distribution of Crossplane.
+    digest: 8449146ae4326b72379451982afaa806a0342748bd9e097d128ebd1477e9e454
+    home: https://upbound.io
+    icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png
+    keywords:
+    - cloud
+    - infrastructure
+    - services
+    - application
+    - database
+    - cache
+    - bucket
+    - infra
+    - app
+    - ops
+    - oam
+    - gcp
+    - azure
+    - aws
+    - alibaba
+    - cloudsql
+    - rds
+    - s3
+    - azuredatabase
+    - asparadb
+    - gke
+    - aks
+    - eks
+    kubeVersion: '>= 1.15'
+    maintainers:
+    - email: info@upbound.io
+      name: Upbound Inc.
+    name: universal-crossplane
+    urls:
+    - assets/universal-crossplane/universal-crossplane-1.4.400101.tgz
+    version: 1.4.400101
   - annotations:
       catalog.cattle.io/certified: partner
       catalog.cattle.io/display-name: Upbound Universal Crossplane