From 6d3604baa7d39695c91ec4466f253d8a66b5d50c Mon Sep 17 00:00:00 2001
From: Chris Kim <oats87g@gmail.com>
Date: Wed, 6 Sep 2023 14:54:56 -0700
Subject: [PATCH] rancher-provisioning-capi make charts

Signed-off-by: Chris Kim <oats87g@gmail.com>
---
 ...cher-provisioning-capi-103.0.0+up0.0.1.tgz | Bin 0 -> 3420 bytes
 .../103.0.0+up0.0.1/Chart.yaml                |  22 ++
 .../103.0.0+up0.0.1/templates/NOTES.txt       |   2 +
 .../103.0.0+up0.0.1/templates/_helpers.tpl    |  18 +
 ...sterrole-capi-aggregated-manager-role.yaml |  11 +
 .../clusterrole-capi-manager-role.yaml        | 323 ++++++++++++++++++
 .../templates/clusterrole-cattle.yaml         |  21 ++
 ...rrolebinding-capi-manager-rolebinding.yaml |  14 +
 .../deployment-capi-controller-manager.yaml   | 106 ++++++
 .../103.0.0+up0.0.1/templates/hardened.yaml   |  81 +++++
 .../role-capi-leader-election-role.yaml       |  26 ++
 ...ding-capi-leader-election-rolebinding.yaml |  15 +
 .../service-capi-webhook-service.yaml         |  15 +
 .../serviceaccount-capi-manager.yaml          |   7 +
 .../103.0.0+up0.0.1/values.yaml               |  25 ++
 index.yaml                                    |  27 ++
 16 files changed, 713 insertions(+)
 create mode 100644 assets/rancher-provisioning-capi/rancher-provisioning-capi-103.0.0+up0.0.1.tgz
 create mode 100644 charts/rancher-provisioning-capi/103.0.0+up0.0.1/Chart.yaml
 create mode 100644 charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/NOTES.txt
 create mode 100644 charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/_helpers.tpl
 create mode 100644 charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/clusterrole-capi-aggregated-manager-role.yaml
 create mode 100644 charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/clusterrole-capi-manager-role.yaml
 create mode 100644 charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/clusterrole-cattle.yaml
 create mode 100644 charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/clusterrolebinding-capi-manager-rolebinding.yaml
 create mode 100644 charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/deployment-capi-controller-manager.yaml
 create mode 100644 charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/hardened.yaml
 create mode 100644 charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/role-capi-leader-election-role.yaml
 create mode 100644 charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/rolebinding-capi-leader-election-rolebinding.yaml
 create mode 100644 charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/service-capi-webhook-service.yaml
 create mode 100644 charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/serviceaccount-capi-manager.yaml
 create mode 100644 charts/rancher-provisioning-capi/103.0.0+up0.0.1/values.yaml

diff --git a/assets/rancher-provisioning-capi/rancher-provisioning-capi-103.0.0+up0.0.1.tgz b/assets/rancher-provisioning-capi/rancher-provisioning-capi-103.0.0+up0.0.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..026b364e431e349cf30eff71d9072ff13a8effd7
GIT binary patch
literal 3420
zcmV-i4WsfOiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH+}Z`(Ms{o9{{@a{u^eU&Ubj?*Wg57$d`i{7?bBk3-1=q?Ic
z8r!^3q>iNAq*;IWgGfo%Pg`*uCoRlB5{slbLvm&~Gn|pY%$tL-LcteA63z&lSso5a
z?`)2RvTt!fUp%llj^m7mL;c@zobvzv$*BLLKOCNp`lo|ozyHGNj|QXT7sz=i;5H?a
z3X2!cgJG2?_l*?H7*|*k&ZOHx$ioU#KC?Zn6a|~`o(DpaDFNR_39Zz2^N9>8zO@(*
zz(tp)CmQFd3Z1<fze8u7DZwcPfj(e{XAQ&6iSGk*QCEowy0u-dqX}3G5b^LXI{N?D
zeS2_hJC<`)+dW21hS&oanaV23Tk=*a2x?#F(nXZ8=%%(c1Q8G=t*qC}FNFF0i>&V*
z1NK2$vxRUG4nt}C5K?{{08_n1zxJh+QS&oK1N*dj#sVl{3CWf;GI|Gx<o9&YMZbf?
zFnjFVLwnfqL3)CON>}NH^0HmD0<(+A<3WfOnNUDqh?>`uKxfWlROU*B((UzTM9rg#
z?eQR;T`!MaZ$kN`7huAAUM!1bPs^oFT%#~yAf(%|5CoV|7kP6*q<u|-zsX2KJZJ|Y
zGxf8$3H?HX&Zec1JQ5!0VIPQOwoQHK*mi8^f1}W`9lPIoYKAYBX8FIsGy=Jc17MT<
zAB>!`{6FcR9OVB#3JLHGV#zNc<dP^ZZZihy1w;rgz_&aaNd>|x@_q*)g=ewQ&|(51
zJ=i#+bj&I7Ze8?ldcoCLfCQ#Gof+j5Op{|qQ4JO$BXr-w6h~BD!i-22<Is(zek|iX
zMNP*#43iGJJ;i0<*aKY=He&JvQk;S?=N_7Jfz%utMcYa^+vo})6AdwN!9ao3Cm{D^
z&*RL4P|2S3=HN#(<|bGWF9y_$g_g1~^Q{&1o`xQ90f?|E@8s}u(WgH<9majQ0t%ku
z!bNw>PUnXo&{z;Ih`K$aSjr0=0K!s|83P|Fp2xQnmV4@z?ZAx^_?#^?3@m2)@V8Lc
zvI0<oc+#2>=3ChJ#cRqvOy^uG_m%U?>82g0fK?>GnqdX<^#|<D34<}`^z{@|2`|qK
z&0K;Js#l<j4Ig>PDWBaYwU-f7B!H{8za$m!@z>i+kSf4o2*Ol$pPTsn=1a5uR}h3W
z-rL^AuOH8^Y;~iygt0;XJN?sPN&cUnj)n*MzmIZvhkmq;si)=0a*5_xq6q*)gh_=d
z1>Z(zbMUSaQ4&doRV2~m7Kw<()Z(t>G_tHr%|>^3$i6fxs2<wXE|+Kq3WeO4-KU=W
zp|s=w&vT$52x+TuD^+k4|Br@)BL5GZ(aAyo+e^8-vycx{!T@!RCidAks@P|d=we-D
zEtj3RBbg%mcViY9T`sjYYjwEnwNMbIrl|Wrve(^e0H6}Ghwcg=V1DIyCqE-?i(9b@
zl~cK-8Nfo<5bK$F8$VWVwB6$-@5U7{or0%a)V<(WMyt~v2_DAd#Y$QC{67(<-BxJG
zM3pl*6g9||k0C$O<L-YO{!g@j!6_I&37*Xa#Co5f>d02y*kmhi;{W0Caf$y=`^WtQ
z|L>!uTS+*(jEqT^Z1*Lnnc*Rg1!kcDD{uZDPk<&>aY<gVZ>;NAnvgU4uoO=zB=hCv
z-A!VGJsU@A&IS3Zk+72?7X8jOVZMvbR@ig`P}s)`$DnBri3$RVhfTOBXSrtnpmj9d
z5fKGrdOh{l?4@kQ|81B)SJv}?e=s~P`F{o{&hT*l@1^X68`p}1ZTYu`X|-nphva9$
zqcD?CmT@H^Bp`F|rY)JZB6ZaQ#3a``1C{-zM6Mpb#8R*c8uoq8q+Om<6ADK^9o511
z1YiZ(qYo5vkByjx31;Rg3jO>byF@#c326%`*_#rEDftRQuI*+l$W060Fq3-RLjpGn
zSWL#!-hg-{6%Wz|t)UUE74D7#CY&p&1P<$0Q)6Mgj3LDgntKs86<8_}c`6bO{hl#N
zwOEI5e1`Yr7LQ^n>t)TignG5QB~L#M>O17@tsv(s*2u_pi}>8B<NKIQVD2zh*C*cv
z`t?m^LVP}4`=Dtw^!j#*aSoWOxi<&z`uo7Yp>54Z7P>vlgC;>V<eXNp*OhB#XWGAA
z0<BDF-DJPBi8fEBE%rM_5b6)C{Q@u5J^OQ}E#l?oXGF-&{tb__DVYU0e8}Q&2^$tI
zHK@l$gK__vSX|9GO7KJj^X>%8wP=wL2dxcn5@O#MAf-n!33e!MgbDv?jY#J2F(fV<
z8y-nxcxu1xuFC!W|N6G{UQwZ&?*C3J{{Lg=cy#dp@1yL<|8E@g1tJpHDYaOdjkmud
zsP*onPhD{ht8n-3pCwU&K6QUeDh=N!6_#b~>JGAD)`^<%__I$TZLtdJ{@;`TCxrP~
zx<vj8CTXY@44e4><YZL7|35uG-2d&RY|jaQH#@%5OZgg#>cqb<VHyvb(*GJ%I|x;I
zw$;VIj3)mEPbI8o2Dt*UARfH&JRUKlA5^i;s+07hZd2srbBtbY!~ZK!n$-{@zg{2M
z!2hGc$!UrINB#cb!2kOwdH%;?C|9ihHrw@wvp7mGJS~0W>7ptL6`8cLeKU{A5WFOz
zg%S@-7xg;`rEzx#@tQEEd(5TXY*PM7Am)}ZE_722)jII)5I`thiu8>%X)YbbLLLtS
z%=}fAsqW=RF$LJ7+{^6O_}90eFW!7OzZ$<eJ1_J|Vk!S2c;J>A5SkL8ej?Xv+s0VU
z-E7_LZ1dM5@wo6CLI3vd?c+g?h+mGrP1ARf4t_<7{|g7S+WHqF%m=1We}Hmfvdd)-
zawTU=vsN;aZnR5XG?%Rgpkx6Iq#O%Af#RIzN`*gzDo-@j^XnPE{?~FN7s^G|HnZ4O
zx{UkFGG%7OKGviC-*9+b0%L~z0+TuC*OmmaD2%E{7F=<UQx|<a8*c>Q)B<RjW5dV-
zuuryH%lOUPwo56&i*!yHX9{jgLt;w#m$4uVLSY8y(!&&+%wL^>Rp{&C5KjmtihwL5
z<_jKHDcnMD-oNh@*CGMs*Fg{wdm|H_Z*+2UJgBz*CSxI4Zd`C01@IwO+bYx%#I=UW
zdMXHe*RP~iq=a7lPisOTGWT#=l4A;lDmBEL@GGOYE{ZL;GLO0FC}!2<R9F*jZ=>b1
z!h@^iN3>kJm1c!!Xt_Mf!Az6-@)Nf#3fKo>>BF!_a>Or{rG|OAk!JKBTyS>DxhhRu
zg6Hud91A`rv_Q`4HUt+XDSt`Se+DS8a$nSI+wtit0>U(9{w%NuV-SS<SKx8x$47q3
zj)o2jXI}0885eAE!AxBag*=fE53Jl6r8LbuM3_e-zbW|NMt>oeEc2_?Dwo83e$aYR
zU+9r-TxrCD%r7LEHsD#vmB^zyYD6`kPg{#=zC(s+X*`|hk=0mP=EW-UBHJIGyP=WQ
zLCD2KihOik_C}i5u?jnF1ERYDhS9)Q=V3l8<c3HkcK|BDvHo{27~Kngegj^la;U8b
z0?PASfT++@i4H3H#;cxnsmOPCjW4dWj2z6THkZD;(#HOuW8nh>f7@?CY_R`_$ERic
zzwbB)`+qMbZ~sqXt9a!A_$Qy#c)J@3#?rTDmc&I%y~$87xe{;~wj8_k#Ug~dbD)7O
z=e_uB?z$-CQdvpv@=Nm+g)@PDsCKu^g{l>5%ckohbG}EO2jGMM5=~&r1z5UT-^CKn
zG8e;o6aOCTg=#zk?N_8|=+`Mwt&!M9&C6-weaA@^F99)Qsnn{xfR%x@8(rx^icD^t
zddEm|wUexlwT6n*k|_D@bo?KUj{jpR8#c+KuWI{E9gW_<&YWNKa+o*ib7Q1VA@r%6
zbnU)GUA-3ZkA%RmA+We6nP2?V3gf?be{^xAxHhzkKJ<_L8rUD*#MWCTS5pba$0iH<
z)U}u%qshbf2v>Nm_+uM!wQXWjagAl+{_bc7>gXjp(m;+Lx*B!YIFG$3ySve80qtJ*
zIxPidoAa%_E!pCifIqt<wv0Ff^@WRT!e$jZx-d;fh}6s^5e$}gD#d?WBA%XSVQkXp
zzI}ucVKV_T%SYCAP^~iO`N!K3vif)C&E)CaJUq4f_2i|E{=Z86&AX2XXDt(eH^%?;
zhn4)_!}mY;Q|@_i>^u#>j-py$^=*5)wg^qF4=v_g_=(qXLz<~Zcf0sVR2TSJ3PLPK
zC?-*%+w6Z^{x1an)NR_D0H96$KkA=U;(tyK-~ZT4*@FKcBk*SpMYWd(+o_e+2%%b;
z^qqzWwc-Elx})X}q>WE-bNpX9{&zSU9r%AQWu1kxQw}fDO>3^MariL+-@^L#E%&)=
zb6aOMgEZH5E7Ky28?cg_@>P_8!eR!>-0fFl1d5?VE!X0y_qnOugZ~p}L?QOK)s?^|
y{vQl0{2z;i1OM-#+}A^~qX^&D?Elp3b0~*$D2MXBmj4C-0RR6_PW<QqXaE4Dyr&od

literal 0
HcmV?d00001

diff --git a/charts/rancher-provisioning-capi/103.0.0+up0.0.1/Chart.yaml b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/Chart.yaml
new file mode 100644
index 0000000000..5695c83fb3
--- /dev/null
+++ b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/Chart.yaml
@@ -0,0 +1,22 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Rancher Provisioning CAPI Controller Manager
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: '>=1.23.0-0'
+  catalog.cattle.io/namespace: cattle-provisioning-capi-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: apps.deployment/v1
+  catalog.cattle.io/rancher-version: '>= 2.7.0-0'
+  catalog.cattle.io/release-name: rancher-provisioning-capi
+apiVersion: v1
+appVersion: 1.4.4
+description: capi-controller-manager compatible with Rancher Provisioning
+home: https://github.com/rancher/provisioning/blob/main/charts/capi/
+maintainers:
+- email: chris.kim@suse.com
+  name: Chris Kim
+name: rancher-provisioning-capi
+sources:
+- https://github.com/rancher/provisioning/blob/main/charts/capi/
+version: 103.0.0+up0.0.1
diff --git a/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/NOTES.txt b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/NOTES.txt
new file mode 100644
index 0000000000..2070555e03
--- /dev/null
+++ b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/NOTES.txt
@@ -0,0 +1,2 @@
+{{ $.Chart.Name }} has been installed. Check its status by running:
+  kubectl --namespace {{ .Release.Namespace }} get pods"
\ No newline at end of file
diff --git a/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/_helpers.tpl b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/_helpers.tpl
new file mode 100644
index 0000000000..d46154c543
--- /dev/null
+++ b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/_helpers.tpl
@@ -0,0 +1,18 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
diff --git a/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/clusterrole-capi-aggregated-manager-role.yaml b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/clusterrole-capi-aggregated-manager-role.yaml
new file mode 100644
index 0000000000..760c5f9a63
--- /dev/null
+++ b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/clusterrole-capi-aggregated-manager-role.yaml
@@ -0,0 +1,11 @@
+aggregationRule:
+  clusterRoleSelectors:
+    - matchLabels:
+        cluster.x-k8s.io/aggregate-to-manager: "true"
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+  name: capi-aggregated-manager-role
+rules: []
diff --git a/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/clusterrole-capi-manager-role.yaml b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/clusterrole-capi-manager-role.yaml
new file mode 100644
index 0000000000..d3d02e51a0
--- /dev/null
+++ b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/clusterrole-capi-manager-role.yaml
@@ -0,0 +1,323 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    cluster.x-k8s.io/aggregate-to-manager: "true"
+    cluster.x-k8s.io/provider: cluster-api
+  name: capi-manager-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - addons.cluster.x-k8s.io
+    resources:
+      - '*'
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - addons.cluster.x-k8s.io
+    resources:
+      - clusterresourcesets/finalizers
+      - clusterresourcesets/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - bootstrap.cluster.x-k8s.io
+      - controlplane.cluster.x-k8s.io
+      - infrastructure.cluster.x-k8s.io
+    resources:
+      - '*'
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - bootstrap.cluster.x-k8s.io
+      - infrastructure.cluster.x-k8s.io
+    resources:
+      - '*'
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - clusterclasses
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - clusterclasses
+      - clusterclasses/status
+    verbs:
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - clusters
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - clusters
+      - clusters/finalizers
+      - clusters/status
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - clusters
+      - clusters/status
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinedeployments
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinedeployments
+      - machinedeployments/finalizers
+    verbs:
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinedeployments
+      - machinedeployments/finalizers
+      - machinedeployments/status
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinehealthchecks
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinehealthchecks
+      - machinehealthchecks/finalizers
+      - machinehealthchecks/status
+    verbs:
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinepools
+      - machinepools/finalizers
+      - machinepools/status
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machines
+      - machines/finalizers
+      - machines/status
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machines
+      - machines/status
+    verbs:
+      - delete
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinesets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinesets
+      - machinesets/finalizers
+    verbs:
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - cluster.x-k8s.io
+    resources:
+      - machinesets
+      - machinesets/finalizers
+      - machinesets/status
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - patch
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - get
+      - list
+      - patch
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - watch
+  - apiGroups:
+      - ipam.cluster.x-k8s.io
+    resources:
+      - ipaddressclaims
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - runtime.cluster.x-k8s.io
+    resources:
+      - extensionconfigs
+      - extensionconfigs/status
+    verbs:
+      - get
+      - list
+      - patch
+      - update
+      - watch
diff --git a/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/clusterrole-cattle.yaml b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/clusterrole-cattle.yaml
new file mode 100644
index 0000000000..5beeafddab
--- /dev/null
+++ b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/clusterrole-cattle.yaml
@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: provisioning-rke-cattle-io
+  labels:
+    cluster.x-k8s.io/aggregate-to-manager: "true"
+rules:
+  - apiGroups: ["rke.cattle.io"]
+    resources: ["*"]
+    verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: provisioning-rke-machine-cattle-io
+  labels:
+    cluster.x-k8s.io/aggregate-to-manager: "true"
+rules:
+  - apiGroups: ["rke-machine.cattle.io"]
+    resources: ["*"]
+    verbs: ["*"]
diff --git a/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/clusterrolebinding-capi-manager-rolebinding.yaml b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/clusterrolebinding-capi-manager-rolebinding.yaml
new file mode 100644
index 0000000000..2fb193d4ac
--- /dev/null
+++ b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/clusterrolebinding-capi-manager-rolebinding.yaml
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+  name: capi-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: capi-aggregated-manager-role
+subjects:
+  - kind: ServiceAccount
+    name: capi-manager
+    namespace: "{{ .Release.Namespace }}"
diff --git a/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/deployment-capi-controller-manager.yaml b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/deployment-capi-controller-manager.yaml
new file mode 100644
index 0000000000..edfd66fd71
--- /dev/null
+++ b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/deployment-capi-controller-manager.yaml
@@ -0,0 +1,106 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+    control-plane: controller-manager
+  name: capi-controller-manager
+  namespace: "{{ .Release.Namespace }}"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      cluster.x-k8s.io/provider: cluster-api
+      control-plane: controller-manager
+  template:
+    metadata:
+      labels:
+        cluster.x-k8s.io/provider: cluster-api
+        control-plane: controller-manager
+    spec:
+      containers:
+        - command:
+            - /manager
+          env:
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
+{{- if .Values.extraEnv }}
+{{ toYaml .Values.extraEnv | indent 12 }}
+{{- end }}
+          imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: healthz
+          name: manager
+          ports:
+            - containerPort: 9443
+              name: webhook-server
+              protocol: TCP
+            - containerPort: 9440
+              name: healthz
+              protocol: TCP
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: healthz
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            privileged: false
+            runAsGroup: 65532
+            runAsUser: 65532
+          volumeMounts:
+            - mountPath: /tmp/k8s-webhook-server/serving-certs
+              name: cert
+              readOnly: true
+          image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+          args:
+            - --leader-elect
+{{ toYaml .Values.args | indent 12 }}
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: capi-manager
+      terminationGracePeriodSeconds: 10
+      volumes:
+        - name: cert
+          secret:
+            secretName: capi-webhook-service-cert
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
+      {{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 6 }}
+      {{- else }}
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/controlplane
+        value: "true"
+      - effect: NoSchedule
+        key: "node-role.kubernetes.io/control-plane"
+        operator: "Exists"
+      - effect: NoSchedule
+        key: "node-role.kubernetes.io/master"
+        operator: "Exists"
+      - effect: "NoExecute"
+        key: "node-role.kubernetes.io/etcd"
+        operator: "Exists"
+      {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{.Values.priorityClassName}}"
+      {{- end }}
diff --git a/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/hardened.yaml b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/hardened.yaml
new file mode 100644
index 0000000000..c56951b43d
--- /dev/null
+++ b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/hardened.yaml
@@ -0,0 +1,81 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: rancher-provisioning-capi-patch-sa
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: rancher-provisioning-capi-patch-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    metadata:
+      name: rancher-provisioning-capi-patch-sa
+      labels:
+        app: rancher-provisioning-capi-patch-sa
+    spec:
+      serviceAccountName: rancher-provisioning-capi-patch-sa
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+      restartPolicy: Never
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+      containers:
+        - name: patch-sa-{{ .Release.Namespace }}
+          image: {{ template "system_default_registry" $ }}{{ $.Values.global.kubectl.repository }}:{{ $.Values.global.kubectl.tag }}
+          imagePullPolicy: {{ $.Values.global.kubectl.pullPolicy }}
+          command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+          args: ["-n", "{{ .Release.Namespace }}"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rancher-provisioning-capi-patch-sa
+  labels:
+    app: rancher-provisioning-capi-patch-sa
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - serviceaccounts
+    verbs: ['get', 'patch']
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-provisioning-capi-patch-sa
+  labels:
+    app: rancher-provisioning-capi-patch-sa
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rancher-provisioning-capi-patch-sa
+subjects:
+  - kind: ServiceAccount
+    name: rancher-provisioning-capi-patch-sa
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-provisioning-capi-patch-sa
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: rancher-provisioning-capi-patch-sa
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector: {}
+  ingress:
+    - {}
+  egress:
+    - {}
+  policyTypes:
+    - Ingress
+    - Egress
diff --git a/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/role-capi-leader-election-role.yaml b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/role-capi-leader-election-role.yaml
new file mode 100644
index 0000000000..d1b53aafc5
--- /dev/null
+++ b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/role-capi-leader-election-role.yaml
@@ -0,0 +1,26 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+  name: capi-leader-election-role
+  namespace: "{{ .Release.Namespace }}"
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
diff --git a/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/rolebinding-capi-leader-election-rolebinding.yaml b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/rolebinding-capi-leader-election-rolebinding.yaml
new file mode 100644
index 0000000000..28c91de659
--- /dev/null
+++ b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/rolebinding-capi-leader-election-rolebinding.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+  name: capi-leader-election-rolebinding
+  namespace: "{{ .Release.Namespace }}"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: capi-leader-election-role
+subjects:
+  - kind: ServiceAccount
+    name: capi-manager
+    namespace: "{{ .Release.Namespace }}"
diff --git a/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/service-capi-webhook-service.yaml b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/service-capi-webhook-service.yaml
new file mode 100644
index 0000000000..109b368d4b
--- /dev/null
+++ b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/service-capi-webhook-service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+  name: capi-webhook-service
+  namespace: "{{ .Release.Namespace }}"
+  annotations:
+    need-a-cert.cattle.io/secret-name: capi-webhook-service-cert
+spec:
+  ports:
+    - port: 443
+      targetPort: webhook-server
+  selector:
+    cluster.x-k8s.io/provider: cluster-api
diff --git a/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/serviceaccount-capi-manager.yaml b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/serviceaccount-capi-manager.yaml
new file mode 100644
index 0000000000..afba516203
--- /dev/null
+++ b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/templates/serviceaccount-capi-manager.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    cluster.x-k8s.io/provider: cluster-api
+  name: capi-manager
+  namespace: "{{ .Release.Namespace }}"
diff --git a/charts/rancher-provisioning-capi/103.0.0+up0.0.1/values.yaml b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/values.yaml
new file mode 100644
index 0000000000..0be412e186
--- /dev/null
+++ b/charts/rancher-provisioning-capi/103.0.0+up0.0.1/values.yaml
@@ -0,0 +1,25 @@
+image:
+  repository: rancher/mirrored-cluster-api-controller
+  tag: v1.4.4
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+    pullPolicy: IfNotPresent
+
+# tolerations for the capi-controller-manager deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more info
+tolerations: []
+
+nodeSelector: {}
+
+## PriorityClassName assigned to deployment.
+priorityClassName: ""
+
+extraEnv: []
+args:
+  - "--metrics-bind-addr=localhost:8080"
+  - "--feature-gates=MachinePool=false,ClusterResourceSet=false,ClusterTopology=false,RuntimeSDK=false,LazyRestmapper=false"
diff --git a/index.yaml b/index.yaml
index f4f41dd8a4..503afcaa02 100755
--- a/index.yaml
+++ b/index.yaml
@@ -13912,6 +13912,33 @@ entries:
     urls:
     - assets/rancher-prometheus-adapter/rancher-prometheus-adapter-2.12.101.tgz
     version: 2.12.101
+  rancher-provisioning-capi:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: Rancher Provisioning CAPI Controller Manager
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: '>=1.23.0-0'
+      catalog.cattle.io/namespace: cattle-provisioning-capi-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: apps.deployment/v1
+      catalog.cattle.io/rancher-version: '>= 2.7.0-0'
+      catalog.cattle.io/release-name: rancher-provisioning-capi
+    apiVersion: v1
+    appVersion: 1.4.4
+    created: "2023-09-06T14:54:17.66821-07:00"
+    description: capi-controller-manager compatible with Rancher Provisioning
+    digest: 1f195a10d86eb0041b33056a16fe25b8aaa253757937dd6e7a1885f0370e6f22
+    home: https://github.com/rancher/provisioning/blob/main/charts/capi/
+    maintainers:
+    - email: chris.kim@suse.com
+      name: Chris Kim
+    name: rancher-provisioning-capi
+    sources:
+    - https://github.com/rancher/provisioning/blob/main/charts/capi/
+    urls:
+    - assets/rancher-provisioning-capi/rancher-provisioning-capi-103.0.0+up0.0.1.tgz
+    version: 103.0.0+up0.0.1
   rancher-pushprox:
   - annotations:
       catalog.cattle.io/hidden: "true"