From b374d720df840daed9fa39dadfb8a9cceb258900 Mon Sep 17 00:00:00 2001
From: "rancher-pr-and-push-webhook[bot]"
 <181785884+rancher-pr-and-push-webhook[bot]@users.noreply.github.com>
Date: Wed, 3 Jun 2026 15:44:11 +0000
Subject: [PATCH 1/3] Bump rancher-webhook to v0.7.10-rc.3

---
 packages/rancher-webhook/package.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/rancher-webhook/package.yaml b/packages/rancher-webhook/package.yaml
index 5a9873e3ca..8dcc600a53 100644
--- a/packages/rancher-webhook/package.yaml
+++ b/packages/rancher-webhook/package.yaml
@@ -1,3 +1,3 @@
-url: https://github.com/rancher/webhook/releases/download/v0.7.10-rc.1/rancher-webhook-0.7.10-rc.1.tgz
+url: https://github.com/rancher/webhook/releases/download/v0.7.10-rc.3/rancher-webhook-0.7.10-rc.3.tgz
 version: 106.0.10
 doNotRelease: false

From 3c6af8d760f3a176253e59670fae7a354eb279f1 Mon Sep 17 00:00:00 2001
From: "rancher-pr-and-push-webhook[bot]"
 <181785884+rancher-pr-and-push-webhook[bot]@users.noreply.github.com>
Date: Wed, 3 Jun 2026 15:44:17 +0000
Subject: [PATCH 2/3] make charts

---
 ...rancher-webhook-106.0.10+up0.7.10-rc.3.tgz | Bin 0 -> 7593 bytes
 .../106.0.10+up0.7.10-rc.3/Chart.yaml         |  15 ++++
 ...rancher-webhook-109.0.1+up0.10.0-rc.11.tgz | Bin 0 -> 4235 bytes
 .../templates/_helpers.tpl                    |  22 +++++
 .../templates/deployment.yaml                 |  82 ++++++++++++++++++
 .../templates/rbac.yaml                       |  12 +++
 .../templates/secret.yaml                     |  11 +++
 .../templates/service.yaml                    |  13 +++
 .../templates/serviceaccount.yaml             |  11 +++
 .../templates/webhook.yaml                    |   9 ++
 .../106.0.10+up0.7.10-rc.3/tests/README.md    |  16 ++++
 .../tests/deployment_test.yaml                |  73 ++++++++++++++++
 .../tests/service_test.yaml                   |  18 ++++
 .../106.0.10+up0.7.10-rc.3/values.yaml        |  30 +++++++
 index.yaml                                    |  19 ++++
 15 files changed, 331 insertions(+)
 create mode 100644 assets/rancher-webhook/rancher-webhook-106.0.10+up0.7.10-rc.3.tgz
 create mode 100644 charts/rancher-webhook/106.0.10+up0.7.10-rc.3/Chart.yaml
 create mode 100644 charts/rancher-webhook/106.0.10+up0.7.10-rc.3/rancher-webhook-109.0.1+up0.10.0-rc.11.tgz
 create mode 100644 charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/_helpers.tpl
 create mode 100644 charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/deployment.yaml
 create mode 100644 charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/rbac.yaml
 create mode 100644 charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/secret.yaml
 create mode 100644 charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/service.yaml
 create mode 100644 charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/webhook.yaml
 create mode 100644 charts/rancher-webhook/106.0.10+up0.7.10-rc.3/tests/README.md
 create mode 100644 charts/rancher-webhook/106.0.10+up0.7.10-rc.3/tests/deployment_test.yaml
 create mode 100644 charts/rancher-webhook/106.0.10+up0.7.10-rc.3/tests/service_test.yaml
 create mode 100644 charts/rancher-webhook/106.0.10+up0.7.10-rc.3/values.yaml

diff --git a/assets/rancher-webhook/rancher-webhook-106.0.10+up0.7.10-rc.3.tgz b/assets/rancher-webhook/rancher-webhook-106.0.10+up0.7.10-rc.3.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..a856ef204c8513493c141badc070975011008249
GIT binary patch
literal 7593
zcmV;a9aiEWiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PK8sToYN;C>AV1T?-a$jERV@rqKzCV(8MOiYPE76EZNF37H8<
z6HpWjvM5-<j$#+vqGDs!wP8WU!m21%umF|?1cba_5=s(+?zj4MzxO=<K<3_i&bj5Z
zJLilDL^*s&M2&!g_!t&SXY)Z3L5l<hh{iVq27|#cF*1_<WiS}3f0+zph6dBvfXQGO
z8JjXqH5g1I10!P%fbs2E=orK}0g5yjUrkGOa{o&JL{W?Y2^d3h76|}2AORv+FpUEe
z1Om}ujLv~X1k8gWE(>TrD{8y(VJ;U!Spb<3i6OGuE}`Neh#C%wa2P{bz(jyaGc=?z
zs0_881t1CrONo94Aqom0TnKU?79f8}#UpV75~%Hr;Vb}wQSltLtwKm7fC-%1+G|1t
zjB>FETy5_bp=q6rzU3sqfW~A>rvprs{%aupS6}^T2!TKxqDt9sUDOr<B!NQMy9I5y
z0SOceTYoZWrZgslD&o)#Nn8l$h+rWhYw!jUm<tjx8f?WCz__%xj~pGq!$g3)oCH8b
z3L%`No^0z>m<$sdgT`cx7Yh~X{pfT06aMdjs{RiL5ix{+TLbVV{cmh&qN@LmnMObL
z|Mvh`00u)+%`bw47!DJdD6&;K&{dTL01#j>3kX+K3;-ZQ;U-29Hw=L}ku1Q0=YkP#
zA_#|2f<y{Nupkg=HZBArBL)C+O>GVFKruqNL%}dkNGX%0nx2p0gbPGOV4_eKzylE+
zB9R0ffpj2*f<cJXEJ&>ai9`Vi41q*)`z6zL1RnyL*#)?e5Wyk^5K7Ph4+sMI1R=y(
zbeSO%p%4M#QgzJ5I5?eyp&Up^;B=hBhqz({MuVwPILwhErV}8H5>yc7QroD}Wz+<i
z2m)Y~hmjQcU;%!!NhrpJJRk((5SWMsM8}dy6bj%bf-w<HM6wYO$6Y`H1b{dW2cr-d
zATULCNkY}0vZWzW03jwKnn&S41Rv(`<&Ovq5aSRK!G};lBt}sf4Q{97r5#y-xsj2f
z6q6e$0tFBOiR23hiU~f15->+*M`Y_LGuWUI#vxHSB%+a|U8I{p0oYdR#whm(I0y`(
z1R!-Fa2nvi10aErh@8;+979ovBj33Q7(oCOBY+@C5h=u_$;dg2aamIkh(jhuR0!o@
zTzQ)u7u%}&<WK-B1i>N@7$*RX2e4h_bNh#kfoP=cA<(=hL6Nd$U|Rt~5f%<}Aua%;
ztt914OBv=!kB*!lP)Z)+vR&k-;73dMmqAtk6OcfNfCPlo1NaakghV)v5Pqd8_=5gt
zm>L_X=zkLvW5!SY|2-f&nhJ0s9*jZ&S+0`<xN@Z&AZpgiWPlnQOOkekc>v8@?jXpu
zdW%=9R-3mD6N+Gz-~nVkoKF5%2p|N9T7Qt+_<>MvyZ=dwGg3L-Gz1KS5L}J`6bjqB
z!7Z3n5y@f#s#K{f*nnn4R3H?Rnl8myL#m8qt`w_ztn>lI<3SvP1(01Z54o9<1vZ#a
zice}L$TneO5FvLw9|bn>X5%8~LD{6W#X1U@)bD@C@~>cyzS0}~g8UnqFichC-_+3b
zXZ-(NKzcw%OHD4on$#+rvfnX4vmyYvFoytS64Mr%f<hrq4`-4>VU)`PtXt0tNdOTb
z7bHNbqo6+2#Dx$?+S+o0<qn|$BshF0nS9D00DxKv1%Q?#+B{Byo)i!z6dfV~fEG5S
z(5&2K3qfl&@UgMY&EXg#7C@~?sm&9UccgN_R$@5B5kW*7@s=kpYWpiF8znYWRHTAC
z+}2geN0vFm9pF@PM56&1<sf2iN6Lf-!~iIaa-|NES%;h{A_Zg$7$7iTP=KiK5d)~l
zsKls}2i*amO1f8(Rg(@`RSXc+a;n&&l~I$=Fv`JDX+!{t6b=N0hPUl{%lYu|v~qS+
zI14QXAv(H+Hco&7VQeh9-B24BtEo;l0nTja&yE*x1hnRmNF5fom8YkZO@N!LyJvee
zZCGRhM4Pxv0|X!j2oqxj)H>-lq%Ky@HXd$PY#UXSwjxZRc=Q2)2SW(g9pWiJZGP?s
z5`0#x_|jT0^IH2V31ypO4XEMC%E`&q$HqE<?c&jXqWaO%KnMn-0C@sg9X5R>ib`AE
z9NfxrwCJ7BI7&1iHa0rC^=Qck)7m0yAU2lOu9*OXm6%YkG?n;K47SPb5UO+m6i<e9
ztMT?HRTdd5tX%66caw#T3MAB>6@}%J8dE|nbQ57gkm9aO3D_xXMgS1XP5_zChd_kj
zN0F5qWt7P>&XilEA-XIew)gaO^H6N#fiNN#L7sdOg!3_k%K}Uo3e7@D1Y=weh=ZYA
zoCO%SHX(30ghDv}gV^qnuP>OT7Q^I>iBWaC+TK0^fI!+;E_!rAAf$(y;Voy3Di4q8
z>V}CRkn4&fkxI5kt-z?LUk)gAfrzOv%JqOm;V=hMIxP@KEW72vPy(8xw9Fh(2nN9j
zOu!JXy!;@StNefpxY&3GOm%Rv4)CyX_jXXwOzrr?<xE&{IMQ`+`HZNk%%k0fOdC#h
zcQp#iRkgKE92L0xVg6so{=X;)<b0cZ;4j7hMutq)_@Bu%{OSLH4^Z^!Wjij_HJAvF
zl6ge5P%~LT+3M)C5iw3cB6kddq%sYo!T-SF7hwq0>;-^A*iM9rg`Xit0)Te3T2XW4
z&!`|*0HY*a925d^q^ghFJjO#wzB}Yd{=E6!VRSUjUH(dr=F;-Cqj35EIp|pa<&n#`
z&;VbOe?tRfRrxnE{VD(71^y@Te~0df(mQJ=sYM%bKpLmneQZCbMP8+cOpOjvbV53O
z&rd`OAr{~&1jED->Azr2|M$V?<X@&rzkveyqWqhv=Kq+O{LKIPKA>baRR#IWru{R*
z*>b<u8gf#bgCip&Lzx3ifTCcC_@6|WLJ>w_91LLro^1KWigNg>e50uL=I=+Z_kRt(
zDF2|`mHHYr@J0Whq4NIEfMLKi{VD(715_kltrz`eH9)0ORdvU|!$if!TxkTLl9t$#
zJ0i>1P|SQIdssDRL2y762!a4uAcRCXhJu7VsUj#+2;#UZ86dnlV-7>fKY9m#EOadY
zE$>XfgZ(!)YH$Bde#-y%0Ht?&Ey<(J7uxEt0NRpGn{!Or7|Mf##q#bQi+EcGY&&)F
z&j>q<iLWF3qu2Vs2&(e0s*jlra~gxjlw|`m88lhaACpNVf}{R9jnB(JlVQL#RJH#m
zhClOvz6<Cs?V&CEM>0-hJZSIE;MhBxI7ONp2N`-ZxE{vvOb>GtS8s0<XCEX4M7fck
z)3HhR5F*fcGcgo@dUW}RjQp%=r*=EPvenj`_CAH?u+sMFXb+v}S)AY_Iqu`=)`v&G
zN!94C@qGG;hmYoJ#&7+&;#pEqVMWgXWciecF6DzWOZq0(X=zssTSqgKJjj@^$gOgT
z_2b<qjSD}V0Q0e?s0}`i_p7^=_>@>hl=rSb``AIU@@_@#!jnFw6~853r7mBx$md~N
zn3sNS+}3{QkCK;&#@O|Vch&A$_n>;Q`>12-5i#0Ju8r+Rv5(9?aDQI6P6zw_o^HSY
zcJXuE;9O1r1zXoGEB)oV__w5-yEQ{C>=Kvf*&fpbDE$i7d^GFau%GJV4&ExxxZE!>
zT`yqRqw{0QySNrr)%6Px#y`4v{$a-TXK8hnu5pPQ?pM5i`G@Y``CS^TBCc*>T9Xg#
zy;L~Zc)*mTKmShZ_2yt%s@b);DD*CV^6=Xd^lneL`g!LIPShnN8UafV)|oBZajPWm
z_qT!PHDeB%P1zfi?qc{bhBmuu+3UO#iQ|+0r&jZBu^W#3zN;x<1;Z*Ypv!)?r1tpy
zxn7cAqV&5rN`^19<)+O1pp~4rb;(k%oM9}l5uG+&jOjXR`q-6S0=or_2Irh+zuIT}
zc5e8!+Y6>Fb~3*<@tH^eZ9JO=-FnC0zELH#UEvmc#(bsYQv@E7U+TVo%dy8#KJ?&?
zPA@lGuKP0K;zgrd-K_3+xnSP;99#R2NJnq`pdRBk_YEBW-Yd~5Pq?^;R(6p2t04nM
z5BW8HX20$aR*%?dsLRo_xET<bnwWm|{?V<cx;>blXmESX1pdAQ;$DXrX>~2&Js5YL
zIWO*05jgRWX}xav%t|h;xfYg^QaaU*wqvIARPuB4#eEm06W16T=axQWh2?Jd9a`2S
zh~~+1Jactky;g&LnEmK8S3B!0N@NziFn*q6ky7fMAGc@J?7miH&#`aLEVrhnj(at%
zOVFJgYeM>aEDl<HMobJo+0%}pW4dfyZTHDrFKYAeS{-{kx7(0&A=Rw7YdY*ll@EIN
zW(UqXt-W*#Q`r01A?r*Z4{}&BM)?pK_{eugT3CU(9itC>?g00l@r8jRv@G29Ob@?|
zq}0kw1hfh?SUBUYUT=m*fhc_y-+BK&-wQX{Mp3=Sl&#WQN1;w1RedQ@-zmXbueZ}G
zYY*+r^U1!Pk=)p9EgwyjRStV1T&AWcE;(G}^2gKk$LlCF+&hn2p`kfs!<KcYtNy-X
zIK(p8kk$RQD?F%SQr|)Gv-&1<niYFA@z&X*-L!!D&!%M1Q|$|0%)BzlbKU{c6w1k=
zV-qIy?0qSHq37Pxg}XFewR?P8;kG$1p=+nxiK&cp8)k@RZ$CPkQhv{C#l(J=j>oOj
zmgYy0laJ2Oi66Vt=<kJ|4Z+4%wdO?zyCRLca}z6j+#E$|q{r*(Q-;j(=f=&{rj*y5
zn!Kfc`ocZMCrx*R>(&(R7?XL0m;Un7($Rlbywdj~+%Jzym{Hnmfq&ha?woDqX7jfW
zvNpHdWInMUH)WNdd-m2?(>`JLF;{#w&F05n<Bc_%7P^;`d(e=Spa=HIZ>X-d&2!sn
zy!|!TI@BsB@JOb)e&y_}+II#%i>k_!%YJjs&)PWTNKvnlv%PQDO~tmCW#|uzBGr*>
zj2v~lByyL4Im16((C9b4>B--r6Rw->JNPlD_r@^e&iyYeNJ@1~xO1S&_vHdHXqz2e
zk?DBl;n<NMQVV_Jip&aXto$ey6Z|TMo!H_&`uyX$YrEo}=6LAh_@xW`Eb$wYsQ1f&
zZHs2SEU|B}ziU3vwfw`_soRW`Z<pF+ztb<zj2(RRR<zR@;mHQW)08z?t4ujL3=N0e
z4M49*^4XQIjjqo+xb@B-ovqWC?X^zYk?kH@v?!+0g0f(H{ivP;Nw(Uvv$pLvtISV0
zB-C8D*;|k)zTLZfUa7+nzSp?vBU1W43fx^UA#ExC7_t7f=0Yav<*tv5?Gi>b<wqEl
zdwr5T78XzbC@H*wV)y%&CL1KKs=l(XOXz_dn^$X(Y>JI2D^DT1RsK>F&yQ`Gu<J&7
zQQ6rbtBg#m*OQ^`)nhe=I9`eS{m$QjR*1ynoQ~Jg`^GhPGc`u1yq=!g%Y9(#;-0y=
z%c<+Sx=+~|8#0jNd{56foS&X@`xl`JJ7C!+@imY8A)Wm~*>_ltD^mC8Mp|kba6@dU
zy`i(YDdK^Eag~HuM>k`-CU<+2DzU<5tdyjkiZGK*o>tWBy>5M}=9bAX4#IOKop+Ms
z<LgPuf9_$YjZT4r{}Nkz3`#DYeQmr;;*ze`{VHH1yP;6>+@WENoGU$048Nr(DXYBJ
zDOE4xhS?I`<RQT${kH&Jxa-!Xj89z|ou#QC)}?QJ^2`$V5&S!sue#1(==gNbd&c5B
z8-gv?=T{WhIHWjb(f823=ZYQ{=Wj}L<a!#xqrwkX&Lr(vb8&I(NJhpvWDH0ixMZ@&
zsN27JQkz1Okg5JXu?Me;g4T3ho1UhXud!vq^`_Ug!?wG1CE0GC|3t#h+MjoUe!bTL
zYyLRep@eHIX!I4V2lgS%H@EEJ18kRaq1NU)ox^{aUtAShb8*Pa_aQOik3IXaDEyL#
zyrbFV=`j&^clDk$NjJYy7!_+`exGIeo?<#_q>)ud^1d9)b^ZY{p9rt+hZY8%aSyG2
zx9!p7g#o40&J28!=HF$K?#A{0{>l2=y;9=_P5gD^6Q1_j(gD{BT#L#ETT^ZG)*Y|A
zu=xb$5Ow$QQ2r+P)8n%jbX_0KcD+V_J)p6&X3*Rh=~l1ByL;Y?&`ZwV>%!hP$adSN
z!)E@p2PFg3x9Ggdq2vl9On061=K7Pfe0#1gAGc8GXB@wh=Ju@Dq_e|z4bp5}zW^tt
z`6uy6yLTq>vOH2x<oFE#YyZ44WbeU!20Wq07iPaY^QWcOp^%`$&M_6g>==EjZ_E;#
zDC2qg>A5CTkTp5CeSx00p9JiEKW%;<G<JOc@}|zt+}eFUK7&`Ei!hve*1Gie)J?PA
zGKQSKKK?|?bhnYSvI>0xJH`w<@ACdSj&)PH*w)abOIMO#WE`&TeSGGT^%~17L$gnA
z$vXO>E;{3Y`2P7w3+J<4SCmq;eDo}eFM<P?Ri%9#e%r5L-ZbrLuQ-eSuDd!N-C(#N
zVA|z3X~pO5VdJ4T^EM6Lz?yvW*xZJuPbJmQUvAfZI5-_#W(hAI(s0T@=>zrV><qh#
z%V&o2itLi+S?)VEJ2c+*(blbf-@CyN7o^Wi+3!2h$gg&F&6+qr!G}6}pKa0gy-pZP
zwnw|0OM1I3JbSjT%6#T7N)Ihk&4H1Z9=@mHLw4)`Sv*JUwP6rD{?o`Ln}&&3-`}wP
zly-GPSmB`yL$PrC=r_Ixc8wdx^X(Pxcha-Z+SS988+sLX@jKpkHTm7RSB}Ko!SB2E
z)m#?kmLrL~&ugS_`}5Inor(uas&sumOin6cHx+*PJ?p%QMa~E@tvvtD;D*9SYvV;Z
ze-;Ja&>xu<zG&RqN9-i6kwH-*`pm|qr4A=FGrG8)T{*v|;*d#Ca>4Knr#Rbyjl=G}
zTyuE^9uu(J-SpSBXP)Qh9rkS!*o$<B2Cn|3Tiea6PIvedNnz2*{*p&?R?(kNh*<A5
z?Bk!+Ma9!%oyP3Tyfl=sf7dmiS?ISnX!z+1YhoPUmY$oqOOO_~#j$piMtFhb`tCSM
z)yQWO^O=_rZ_T=d3x^I0dBF!K`rmh<ENyH$V7_b|`NfWr{WmPr^m$PBxJS;I8n(T8
zjh|(c@rG*usFV4*hdr7Wi?cUmbqlYT_&;xmD||gdS67PA=E<;=<s~7TN>Cs1g{MF+
z)W3Ydl<W!A-2lV4;oO<+cb=PFT~OO|{?1F&ZAY0?3bx&G^<geQxTM=E__TKL-qjBi
zRtwfXpL{tZs#`<AZi!BxU#d427CD+v@~sH0?{v((>;4>Lr)j<P&kdJcC7;TP-?MXR
z!zjyXw~DTx`g>;F(!Df^`=x8!i{2eS<Y7vxnaA1QIC<x7$%s>ui5_@L3h>Ob=cqsQ
z%1gE*ebOED`uk-)H`85qU_oV%rge#<K5CJ*ogU7&U(<MJnp3^ipmq4VjdSZ^$7g54
zEbe$-PSK%QSZX#JbpLDE>4A>fqZ|M{>s{uPPD{_GYwtNdLg$$MkW89ZFUq2`To;`y
zJ5ovavV(me?Ww_BZj&>PS^ma4=4SzVzN}jnmxu2fzRY=_odqTTfer1=X#c3Hnj4wV
z<JLDs3wWQ5bOVonia6PHDa=?BQ9P+w5)2z`CV7mTz<u`u-8AW_kLdIWyT4|dH>T{G
z?p;QiJ}{*8O<l?GGJ(UYNh_x<UeGniq;&P4gL;<bS&zxJJ70cWM<=H)*CqW^QmyL%
zeTF36;N+{9QP{yb^KDnvto-edB*fQ&&h~cLeQ%Xsp39M2U31rM%boV*k9B@`R&IWo
z_>7fs`Mg`yg%VTxp>^gjFv#54s`@$i!L0|YR_qTvR#1FX;6L%#!nC){-98RoLLbcb
z*1Mqn>Gq+^JB)NfP;pu4B&`f2H)A3g{3{-|)adx=9zzfB-EitKJo)DE$kMFzI-lZ9
z{VJy=Pu{Vq4$Gp=bnbJX5+BBJN)N9YuxP(c%1Y<)v9&|IUKQWBd_nfUM4@e)x@u{$
z7JcrEhT_KeQ5C7@w_PdNHm_Up^jmL7_n``k23(xW9rJSGtea)ildkT3na7&&p&<0?
zC@;&ybu-W1>>Ewd*d_K|1XTsC_8jk3cicbbp!4{WM`i;x?g-rA8&$s;Zk#>h$qVwD
z%t4_uPR%Y@8YZq^=_sCjeur!0=Dv3Z>~#S?6lf=*-tpCM_ZIwm<kjn9!L7`{&J7&X
z<AGb5OLjtNj?Qj_8FdAVp2qf%eqjIRUKn-u^8Gg^go&{aD<I3`&iiY-UyCiZ>5~gF
zcs)M$U$7}5@5UB;e%;&!CP&xnH16u3a4@YpbUUZw?$fxkn|U?&mPfnh#y1Z0<wZ}n
z3tO3MxqJsQdQ5)d(}$rO{Xh0Yd>fK>rp45nnu}j&ZEOrVb8zvM1ITrzPH)?M<c5Ck
z%&pZW^w7*JnvB_nOG$+VtIu;?4~6o6<#fNwiJlL#!ZH0LF}A2lzq`Msbt^fsjlb{W
zn_ENQ4qOH6_NbU@S}556C@*`5$<-_9lW9q4&CSfGaTe(XUBcchkwlj`e#*Z)BK#!#
zQ<eEl|76YlCX*rc*GJx}952yJs!T8opDWpSUJ_mM_>xuA#_Wnlce9VTFU9O?IR5-E
zFVV2dq|mX?<_RLgA5?iCS?ynsWf@<N8}3y5?lE0p@hso;?~po4N!n?vrj1($=1Yvd
z_}-RXc{Zolp3-<VVDpqgn>0EPu6kHGu`g{=%!S6$Q@zdEf6e*L$Kv(MO>4J2Je+x}
z_w>tD_TdHeh`#r!)`OdDeRrPUSeQ9JFk+pr<K2u~zmTsMU=2OTPFoSKHS;z#ASbU=
zlz4pq#o6TIGrarjZ}?e5;g6qfFahsBSaQoqQ{QmN@iTp&&-?5A;sI|5?40B2-)a8K
zumOTfADTgBMYKay!>kpK83(|Go3Gq@_6+@Ke>h+B{o(38{&4-Ga}(%iJk0hSrP6mu
z)>g!2HstH;2CkM&Hp_V^5k6Tz{C(Vp?12?=-kP2V>dsBwAAI@KrK0I~yrzo74h_DC
zIcz;JzjlKiPJhy?eD%YJY>VI77QZj6i0h)EA(52#sJ^a&{^*O4|4*U){Xb6Nbaxvo
zYiAppfcs5oeDVFCsp|c|k*Tr4&-=gc0VE0qKrjx709+^>knTQ=1_LmP6C$y^IG03n
zmAz~Om@L3nj35Aq4~htY?Er|xC=dY?d;pYXP`4!Kkw}4ofk7b7C(-EgS9LgDHU_72
zU_jc~iqe1uctSWK#e@T3Fes%ftGSiaz)&O-XhTPl@dYA?tP3AP1b`3`2g4}9gGD$2
zP?esw^lhp74u%Q7IEco<1axUPsu+a{>3o%c(Sl)uB&8-@4{8hh%3W~2d=fu;@4f}7
zm;bifzW~{czwRC27v$g2)W}e^{?CN*^Zx(404|0Js96dXs`y%81IrV4RBAy<B-t^M
zx4{Gp!1<UM;Q}~BD13ZDp1&hY=aGL^M4pv{<B&oP3Kf9D#PZKWDA!luLWo0aVS^_7
z)mC`r$Cxe46O#R-RIJjz{Kvc{-$+WVxi9`N=s{?>N`(xBs#J!2uIj3-d`rp@nWS#*
z#6qqtZ=q!kg)I}p+iFncIaCIQO!FVJoUN4qE6XWmsQq%H7$I9y#X1roD6-{P($p^=
zjJt@Df3tcjl`Lv^7gc3P_OXuk1u`%$E3%=f?tHtR3dK0>X7Uv~qcRtoBF{9C%T=>&
z?JICP+K=W^S^yI%6)!1l%~$VCGl_pcRL+vxJ!D(Six-<Wk8K5DLV4*ZD1xLtR5wj2
z@0q3Y1rsU<Y85e+x<tilF6GacC^Up%-(vTb*Xs+?sIE9nUEMSAh1%z@I-yG2^c8IX
z%VM|=%Hh6`I#gfk+Nutf&&mYp3Hhx3SMUEd=YD<*=kFiHf5wLGzW=~5{+a*vT|m+Q
zYsmsvasCtw0lu5(*XoY6Wr=s-+I`NEk`Mmoe$+o=PKNqNZ|_g|2|wW{bO`?^00960
L{GN6A09pV5pKj^p

literal 0
HcmV?d00001

diff --git a/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/Chart.yaml b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/Chart.yaml
new file mode 100644
index 0000000000..6ccaa08407
--- /dev/null
+++ b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/Chart.yaml
@@ -0,0 +1,15 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/kube-version: < 1.33.0-0
+  catalog.cattle.io/managed: "true"
+  catalog.cattle.io/namespace: cattle-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/rancher-version: '>= 2.11.0-0 < 2.12.0-0'
+  catalog.cattle.io/release-name: rancher-webhook
+apiVersion: v2
+appVersion: 0.7.10-rc.3
+description: ValidatingAdmissionWebhook for Rancher types
+name: rancher-webhook
+version: 106.0.10+up0.7.10-rc.3
diff --git a/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/rancher-webhook-109.0.1+up0.10.0-rc.11.tgz b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/rancher-webhook-109.0.1+up0.10.0-rc.11.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..7065ed746e0f051cb11f5611ddeb3cfb9b049b65
GIT binary patch
literal 4235
zcmV;65OnV!iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH+#bK|&?^O?V*OTMd3>P8eLOY)8`NtH(9BvToCTw`aqu2Ly4
zM7AXCkN^h&<x#xe-+l#vr1+BLhhop|314iHKz9S^7n<D=g!u~;?HimfIRD(4EQnC<
zibUb7y*1DCykWm@{(7EQ{oC~h-B;Z~cjyiJ!{JH)mDla}hP_wd?T>`bEs=_dSKgCx
zRVVj<q!GrrB8qY*M-G5b6bbp<^@&m;x|DZ(6pGF$1|vv$rLo(B1_81Ww3JA&)!5~8
zGR5{1g`}K~;1AGskB6?;_8L1!gps*Mx&<I35z3hOI0E~yEmu-u)YzHJ5rmW_UmM@X
zC?cw4JMZ=ShO&U)$j088(BzZ(?oWS&p4;u~>A)ZKzXSd6cg>?QL?W@R$<G%x6F`T=
z^oI=WvgeRE&VPDt*K@tL@ZE0L2~hfi#>%|;frK<5in94Qh^W-vf3)ym#sz$`I6$pp
zluk3=d@fz@jqADH|4QN#zL#dyL;JV1s{UV+FhRLr1F%E?_q&6BRsRoqCkOri9F0a~
zj#~2zjJc$Wi&d^0I#nG3pvZg#AyFum17HSUBw={LL+Y<a@P2mA)rCNbOgYXx<Wmx+
zW<`Yt4S?0r?{G$vP<_HVl}h7mX&t}dQk|o^;o|cMW+as8IFTRefyl@-)CNJ@1IIZ6
z#X}U<av3G376>V!5MUhgRfJ5raES;DrD8ei7!xEIDwJ9g2i%t(pEDn0B|FkzV335A
z&D*%7z6RV;gfi78ENHK>bquzM3k1q$+$qp8f`9zeVLZS~4AECyjNtapagL7QLQpQK
zT1`SC<vEEEh?I2BFaX7i<T`P+r&${32x2Z&I!eOLg8B>lNO4Fc!p#C1h=ei9<~8N6
zJC5K@zkjSDT@XPcR4DAikwh(!De4;oV%E`^Y7$e4Vu`|abQiq|M=%*TjVbpBKcvVM
zXxBly@O}mu#cK6Bf6f_0-|pNE4MSjD!4!)?F>npKvqYL#QzCKLZzJ=0VBc9-lX1#9
zM=%aUeiKrufX`rZZs&GS!U$WLhmh{cbY+%dGKN_2B@HkD%5s#JXic!MS;x{tG<pms
z=avhcBP~%O^~r=MOo2ot4NR6qQxuxUj9FtIWPPOzR|PhfNvwBHLX?Dxw$o0)<CNi?
zBUn-bA(8+E7@nh?!SD3UGZ;Q+Gdc(BPiYqWJrEXvTo8c)Tz$BN)Wg%OE?<M>K$$O)
zNXq6~%obFFu?j#Vy&5QiEC~(Cl!jET;D)LNPZS9Jl2D<!fdm27gpe@Bo>+2Sr??~|
z=-O41JP|%hyF`<Vzjq>xxL6s0D3vtyhE)4!H9_||(=w`gGzVma?g-K$BmFOcA15Oi
zcwS_GS`;Jb_P#%(`ca0g*u6KXb|3c7s3w}sW|Zm4izLMD>L*onQp+iUSl|qWUip{@
zW2WdhgQONjIY*#5JP~A$mRnM#q<uFIaY%g3Sp_(QfX-$pG)rr(Bek+K3V|hI2*3OF
z_eQx;sWqqTWJGI0u3)#CIVbL2qWAGKSBUTDjOUL}zoMTQx6=%2!wu5;LT{(%nI{%{
z3i%2}G)f->gk*|gt{n5n01;9C;`D1Q&^WKM_^u6~aWw)G$AyQGN`cm~?^)@Ebzw%O
zXYHCw%-$#-^N`P1f73Y1_CZ@C?JQgE8@!`ZB*x)>n*?)IIdf}?fQyC>id!axB@Yv(
zh*;^}Nc%|FIf75<^C&{5HH_8ZMWyj4=$d^OxYT=0!f?I&Gr=R6qLw#ft}p;ewVogh
zc_PD=>om|@vZU6)0z{OJtwe{YrBZ9th<yD!BZa5>Aqf=<MigD5rmHyazk#!G1)QN)
zZJKq}4F|d4Nf>BVDN!Ac5Z_>{`u_@}*!Xvy>jj1}3hAo&iARAQ{=auJ=vDmx;c(bL
z`2Ww*Zg1NV;EXbami5f918cFaMe3WkpnZ4e=#F#-?hp2WXnp%Es?q4v=fh$_nVLcC
zKV_%&C;%8r%zw1j^dJjr|2xGQRk+(V_D5O(B#!G*kPK24kckPkwUI5H1X4h$eQFhB
zP1+?jc4(B2)emqsLtl-cb<R`UY64qpL)JR|l8~^qc|HX)WNJk%4Q0c%j&&6vHShms
z`7byzPmBiakpDq%Se5^izIQnPKTFdL@*n!(1*1RavT1(*0;wW^fcgrI#H>S;B#vcg
z*>yfs7L4Fs&MQuYiUdRv?P)Ye8fA=r8gVeL%m{98bJQjO=kCq{kR^A~IEo*P7-t?{
zqaXuhoScp;kd=F)1t)O>5P*zY-BKNB*2~RLgN91uc=9lb)}CiOoxkna_DPORqA#p3
zR(^8c*uS8YN@P?tX(4v9?pg|{n8=BJ9x$23Y$jnM6^cJoA=QsmE&ghUY(icMZ`|tB
zVweP*l#>g;0HZ9>{_FP}r%(h6Mxle^|3jj%xyLWi46#ILDK4{t&XO)Kk~-W-YBB88
zNNKS{PUvt8q4^oMz&Xg4Yxc+(>GEoPcHvYGIwNS^-e$O^B2j#I*QyOYJs-dQaC&_<
zIomou@*_7r9yCFjjIXXfoL*mi{B%_ZvxZ{AQfu|`rr$q?U*Jo^73Py(13e#~onBsy
zC#O}Ae-=C{pW<c|!{8In%1_hh7ep;axtzQC$DzD$NqX1e8fc(t{NcmLA5Y(1PtGsv
z6aDV?7JlZGLF;v^3EFohjHRtkL#7r+rl7VsUM}3-6_leH?5-oVaCbMVy;fviBBEId
zm*^>ma9cHil`c@^3_Zgesul(PorQA>lU|2r3ahDyW};J&yslRq*|35pB32g;6XGp^
z&!y_Z#6AnNYGTg<eC-dYB)$-QibZ-gg1?ltHb88cuGLu}3Dx3Xt@2BQxn(FTzmfg|
zO=S14S63I8#dkA8!$jcKLZDpmFc`tmE4+?TP##>O&siWxFjz-c=n@%9`9frGq-%%C
z%#7xlw)YLYTDP45k?w1yy`!SI^Z9$3v31+Vc{@$R1d`w*3s)sO*vMfOjqj8A9MxOO
zf=d)j>SKvp&`(Ubo->7COUvw&*v3d{H5x^Npc<Y!KfSts`~Ljh_2ucOAKn*~VU0d%
zi5UC7UWfB7(p{NH?aRU%X46N9f<CXlU2A|w-=w4v@=$5sg_MGhuvrx}Tlbgtn15Ss
z^Z73hrhEDfyfgo&dr~?74Niu`!};$yTB;)m3kvqJ9?9PFE^`>GC&buz3+pptLxB7q
zhei85&GOMk{FBX|anG~I8gF(;d+b@Uswo?0Sqyety;KgHmmG}y49^2wyAYQm@hR#`
zbbc4|1`q{}dQh(af7@pLFQ&xbj{(>f|L-4H^FN2(L;lb6w4%l~JFXpdF6h7P7yHlO
zn}Bkz#M5BWCmy19h$)-jLx&3<VtQ&PG5w3+NxTJ_15m@2gZAySHVGoi9GOgiMqi&B
z+Uc0fl5>1tt5P>Ao5JP4xwcvUZAfw-8eo_FANK}T`5zqO|IgDN693<LmM`Tjcb!Zd
z_{8<o*h_s(Ca;>w8gxkU1ivxQTdiUo!N-_<N$}vsJgRMzf1^tGpa6Et|In*{|L-2;
z|2bO8Y*q#NfycA5aAs$+JYL&QBa8k1u{n(?BIc+b5}u6(SKQ~}2(BjfLr6LHTR#3Z
zp7maOy}z}#Q~rr{rJkY&cKZKb<@<ln>m45-<o`KZMdBO1=-q0d-ELQP$KxQiWfJHU
zK&31#s~|90`^Cbi*5x?Oh4%@AsmW1BAvq(;rq)kaF_E&029{~T6lblM-hr2Go8>>t
znR*8MU#tHa4iEL8&(lgdJz4Ew`T@E*1hB3(OiK(W#T@_5BEGJGtf`CpAwEmg)6l;3
zT7QeJF8@-=&ZpDyyR%a_3ig6yr~N;v)&Cv7|2$K3j*cMYJ_#YfCFtF!Yz~x3B@$br
z<v1UWv4!pk{+xs%_zNNwOx}Y?nElpEO!`3<oO7I?e)?%j<ic?~)>O-m86!JB1^qGy
z*&D$XN~Ix5AakPen&JVA!;}=P!5ta8NEn(f3k)NO!(>hw%&3qG+NEb%->mj;PSqlr
zx;~FOx?4M8RO$Jaf4Ot29F0w{M>`|G+(j<zBwl*&_R*T<f1Ue#ZD#y5A7H!ucfJ0}
zaW(&U*ge?)XK6B_3R5X8Wbx*1pgp)(a={%(*;+aMj;c{s=Oa-SYT)eo-5lp_NtQj8
zONoU9t~TJ8#1;wXxkM(lN5<&885yqmwN8}$hxbntCoun%GQH~QdT+9LgGQG2m5;!O
zY*|S!Lsm(v+Lk4`PPfzqwVbB4OX9$sTh^7K>4fAufy>5FddJ;2FSDFE=5J*=H9_^|
zWZcx;mXfewy2{wnZC*So&y(;mt5-<_YusH{CC3!})w9c}G#P4cb?0k63z=-SnLJ@<
zDsyp*G`l1S8n&&TzP4#U(j0l<qLlep*qSHrOp4<1LoG>-dpH@}WaD)6CS%~Xm=lPw
zMUItCD}DDERqEK=KIS4;$s;bNLY9lz3om}=``G>RdhL+Lrp(Hwf(F=8)bJz@Ep5{i
z$bMud>4sd==TV2vsp+{oEc421%^_7jw)tAc(hz$i0IGFah-L3$msBfN`MX|xvP~=9
z-#8Tj)@@K}(eDp4pIsf|<|3Gy7He3(UCN7bb^4V`bw9?aPyL|~))TExAoI!;hi+DY
z_3*9AD!1zE*lpCB*~Jwm2;5NTPNjist{JN`Soz9`<9!l)+(_)&aV=euu+c1Wb#L>M
zWj?!2u=fYfec(k7wPi472>23(pn<v3qey7^euXx;of-YA5`nUl^=qeN?bqXf=hC_M
z+L3!twSfH_S!R1bM{$+4K9Q(wBqqPl<KAnZUicAgS^I~nlYI9#Id$uzpZ#jWvWd*G
zY|t?o4Mx9g(I>T9r1jk|YnsdjFkR1!3eU=y#$->kYi25A2hC%9gJC*$Zzs2WMs79{
z*N>A1-Mpq~ugL7w8t@gCX&(sfLO0KCu;00*s5Z^aZsJRaZuZie<9|Dp$^&uiivN4v
zO8mdq9d^A#{O>thUW^65{x%r;&>qz8EB_^j?twUVe*dq=|9jox$wB^~rS1JvIQZ4c
ze5(7q<=Ito8}5f|DCB}|cXr(GR=1a4`fs8&%YPh9_wnH`Z9C+@H}q=x|J{?pLH?hk
z6~F&ARcKZ|1ZG9So4x?*6QMvBpa23F@80e_5H5&($NeNiRyjl2c#l^*>y@CJqu#cf
z)D2O~Ekm}2FLw~zEkqaoMp>!GpU;{rV0WBZO4pgx4<gOVZ~F--OOkdATGcIIuDJnv
zbt@8yr6SnEX4{?7TSR4c;pCn+VcXn_)HDSrGZ?$V5aoi|#)%W~6RCJqUIByYaT9Is
zS1vN{?R!aj`&^PrnXzGk(&|tN32XRBw!a1Pw)L!DY5Iu8EHA=SIIOrWFR1^U?SGp4
zzb7AHm;XOFuHOG};+-7wf1afk?SEDURI&NRLa=Ac{K?Z%)>T4vakCfNZ%L%FgZG|C
hb1&iy=$GE!Lp!uXJG71Me**vj|NrO+_0Rxr00212NB#f+

literal 0
HcmV?d00001

diff --git a/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/_helpers.tpl b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/_helpers.tpl
new file mode 100644
index 0000000000..c37a65c6f3
--- /dev/null
+++ b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "rancher-webhook.labels" -}}
+app: rancher-webhook
+{{- end }}
+
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/deployment.yaml b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/deployment.yaml
new file mode 100644
index 0000000000..b8a7201dac
--- /dev/null
+++ b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/deployment.yaml
@@ -0,0 +1,82 @@
+{{- $auth := .Values.auth | default dict }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rancher-webhook
+spec:
+  selector:
+    matchLabels:
+      app: rancher-webhook
+  template:
+    metadata:
+      labels:
+        app: rancher-webhook
+    spec:
+      {{- if $auth.clientCA }}
+      volumes:
+      - name: client-ca
+        secret:
+          secretName: client-ca
+      {{- end }}
+      {{- if .Values.global.hostNetwork }}
+      hostNetwork: true
+      {{- end }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+      {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
+      {{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 6 }}
+      {{- end }}
+      containers:
+      - env:
+        - name: STAMP
+          value: "{{.Values.stamp}}"
+        - name: ENABLE_MCM
+          value: "{{.Values.mcm.enabled}}"
+        - name: CATTLE_PORT
+          value: {{.Values.port | default 9443 | quote}}
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        {{- if $auth.allowedCNs }}
+        - name: ALLOWED_CNS
+          value: '{{ join "," $auth.allowedCNs }}'
+        {{- end }}
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: rancher-webhook
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+        ports:
+        - name: https
+          containerPort: {{ .Values.port | default 9443 }}
+        startupProbe:
+          httpGet:
+            path: "/healthz"
+            port: "https"
+            scheme: "HTTPS"
+          failureThreshold: 60
+          periodSeconds: 5
+        livenessProbe:
+          httpGet:
+            path: "/healthz"
+            port: "https"
+            scheme: "HTTPS"
+          periodSeconds: 5
+        {{- if $auth.clientCA }}
+        volumeMounts:
+        - name: client-ca
+          mountPath: /tmp/k8s-webhook-server/client-ca
+          readOnly: true
+        {{- end }}
+        {{- if .Values.capNetBindService }}
+        securityContext:
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+        {{- end }}
+      serviceAccountName: rancher-webhook
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{.Values.priorityClassName}}"
+      {{- end }}
diff --git a/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/rbac.yaml b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/rbac.yaml
new file mode 100644
index 0000000000..f4364995c0
--- /dev/null
+++ b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/rbac.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-webhook
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: rancher-webhook
+  namespace: {{.Release.Namespace}}
\ No newline at end of file
diff --git a/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/secret.yaml b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/secret.yaml
new file mode 100644
index 0000000000..9fd331dc1e
--- /dev/null
+++ b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/secret.yaml
@@ -0,0 +1,11 @@
+{{- $auth := .Values.auth | default dict }}
+{{- if $auth.clientCA }}
+apiVersion: v1
+data:
+  ca.crt: {{ $auth.clientCA }}
+kind: Secret
+metadata:
+  name: client-ca
+  namespace: cattle-system
+type: Opaque
+{{- end }}
diff --git a/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/service.yaml b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/service.yaml
new file mode 100644
index 0000000000..220afebeae
--- /dev/null
+++ b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/service.yaml
@@ -0,0 +1,13 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: rancher-webhook
+  namespace: cattle-system
+spec:
+  ports:
+  - port: 443
+    targetPort: {{ .Values.port | default 9443 }}
+    protocol: TCP
+    name: https
+  selector:
+    app: rancher-webhook
diff --git a/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/serviceaccount.yaml b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..9e7ad7e1fe
--- /dev/null
+++ b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/serviceaccount.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-webhook-sudo
+  annotations:
+    cattle.io/description: "SA which can be impersonated to bypass rancher-webhook validation"
\ No newline at end of file
diff --git a/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/webhook.yaml b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/webhook.yaml
new file mode 100644
index 0000000000..53a0687b6f
--- /dev/null
+++ b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/templates/webhook.yaml
@@ -0,0 +1,9 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: rancher.cattle.io
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: rancher.cattle.io
diff --git a/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/tests/README.md b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/tests/README.md
new file mode 100644
index 0000000000..6d3059a005
--- /dev/null
+++ b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/tests/README.md
@@ -0,0 +1,16 @@
+
+## local dev testing instructions
+
+Option 1: Full chart CI run with a live cluster
+
+```bash
+./scripts/charts/ci 
+```
+
+Option 2: Test runs against the chart only 
+
+```bash
+# install the helm plugin first - helm plugin install https://github.com/helm-unittest/helm-unittest.git
+bash dev-scripts/helm-unittest.sh
+```
+
diff --git a/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/tests/deployment_test.yaml b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/tests/deployment_test.yaml
new file mode 100644
index 0000000000..bbd6e30444
--- /dev/null
+++ b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/tests/deployment_test.yaml
@@ -0,0 +1,73 @@
+suite: Test Deployment
+templates:
+  - deployment.yaml
+
+tests:
+  - it: should set webhook default port values
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].containerPort
+          value: 9443
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: CATTLE_PORT
+            value: "9443"
+
+  - it: should set updated webhook port
+    set:
+      port: 2319
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].containerPort
+          value: 2319
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: CATTLE_PORT
+            value: "2319"
+
+  - it: should not set capabilities by default.
+    asserts:
+      - isNull:
+          path: spec.template.spec.containers[0].securityContext
+
+  - it: should set net capabilities when capNetBindService is true.
+    set:
+      capNetBindService: true
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].securityContext.capabilities.add
+          content: NET_BIND_SERVICE
+
+  - it: should not set volumes or volumeMounts by default
+    asserts:
+      - isNull:
+          path: spec.template.spec.volumes
+      - isNull:
+          path: spec.template.spec.volumeMounts
+
+  - it: should set CA fields when CA options are set
+    set:
+      auth.clientCA: base64-encoded-cert
+      auth.allowedCNs:
+        - kube-apiserver
+        - joe
+    asserts:
+      - contains:
+          path: spec.template.spec.volumes
+          content:
+            name: client-ca
+            secret:
+              secretName: client-ca
+      - contains:
+          path: spec.template.spec.containers[0].volumeMounts
+          content:
+            name: client-ca
+            mountPath: /tmp/k8s-webhook-server/client-ca
+            readOnly: true
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ALLOWED_CNS
+            value: kube-apiserver,joe
diff --git a/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/tests/service_test.yaml b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/tests/service_test.yaml
new file mode 100644
index 0000000000..03172ad033
--- /dev/null
+++ b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/tests/service_test.yaml
@@ -0,0 +1,18 @@
+suite: Test Service
+templates:
+  - service.yaml
+
+tests:
+  - it: should set webhook default port values
+    asserts:
+      - equal:
+          path: spec.ports[0].targetPort
+          value: 9443
+
+  - it: should set updated target port
+    set:
+      port: 2319
+    asserts:
+      - equal:
+          path: spec.ports[0].targetPort
+          value: 2319
diff --git a/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/values.yaml b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/values.yaml
new file mode 100644
index 0000000000..5803b11d00
--- /dev/null
+++ b/charts/rancher-webhook/106.0.10+up0.7.10-rc.3/values.yaml
@@ -0,0 +1,30 @@
+image:
+  repository: rancher/rancher-webhook
+  tag: v0.7.10-rc.3
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  hostNetwork: false
+
+mcm:
+  enabled: true
+
+# tolerations for the webhook deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more info
+tolerations: []
+nodeSelector: {}
+
+## PriorityClassName assigned to deployment.
+priorityClassName: ""
+
+# port assigns which port to use when running rancher-webhook
+port: 9443
+
+# Parameters for authenticating the kube-apiserver.
+auth:
+  # CA for authenticating kube-apiserver client certs. If empty, client connections will not be authenticated.
+  # Must be base64-encoded.
+  clientCA: ""
+  # Allowlist of CNs for kube-apiserver client certs. If empty, any cert signed by the CA provided in clientCA will be accepted.
+  allowedCNs: []
diff --git a/index.yaml b/index.yaml
index 6a26256f8e..4dd5a185a1 100755
--- a/index.yaml
+++ b/index.yaml
@@ -37761,6 +37761,25 @@ entries:
     - assets/rancher-vsphere-csi/rancher-vsphere-csi-101.0.0+up2.5.1-rancher1.tgz
     version: 101.0.0+up2.5.1-rancher1
   rancher-webhook:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/kube-version: < 1.33.0-0
+      catalog.cattle.io/managed: "true"
+      catalog.cattle.io/namespace: cattle-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/rancher-version: '>= 2.11.0-0 < 2.12.0-0'
+      catalog.cattle.io/release-name: rancher-webhook
+    apiVersion: v2
+    appVersion: 0.7.10-rc.3
+    created: "2026-06-03T15:44:17.421891568Z"
+    description: ValidatingAdmissionWebhook for Rancher types
+    digest: c8d95671248ae1e8f96cc4dd0d1c2f148757f08dd78a7e0a5b444c3f9d82138a
+    name: rancher-webhook
+    urls:
+    - assets/rancher-webhook/rancher-webhook-106.0.10+up0.7.10-rc.3.tgz
+    version: 106.0.10+up0.7.10-rc.3
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"

From 3cecf0d6109366637c0ffe05439e332e156283f1 Mon Sep 17 00:00:00 2001
From: "rancher-pr-and-push-webhook[bot]"
 <181785884+rancher-pr-and-push-webhook[bot]@users.noreply.github.com>
Date: Wed, 3 Jun 2026 15:44:18 +0000
Subject: [PATCH 3/3] Add rancher-webhook 106.0.10+up0.7.10-rc.3 to
 release.yaml

---
 release.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/release.yaml b/release.yaml
index 726f4a1d30..4354fa8193 100644
--- a/release.yaml
+++ b/release.yaml
@@ -78,6 +78,7 @@ neuvector:
 neuvector-crd:
   - 106.0.9+up2.10.2
 rancher-webhook:
+  - 106.0.10+up0.7.10-rc.3
   - 106.0.10+up0.7.10-rc.1
   - 106.0.9+up0.7.9-rc.1
   - 106.0.0+up0.7.0-rc.9