rancher-turtles-airgap-resources: update to 0.13 release

Aligns with https://github.com/suse-edge/charts/pull/166

rancher-turtles-airgap-resources-chart/Chart.yaml

@@ -1,10 +1,10 @@
-#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:0.3.3
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:302.0.0_up0.13.0
-#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:0.3.3-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:302.0.0_up0.13.0
 apiVersion: v2
-appVersion: 0.11.0
+appVersion: 0.13.0
 description: Rancher Turtles utility chart for airgap scenarios
 home: https://github.com/rancher/turtles/
 icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
 name: rancher-turtles-airgap-resources
 type: application
-version: 0.3.3
+version: 302.0.0+up0.13.0

rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml

@@ -3647,7 +3647,7 @@ data:
             envFrom:
             - configMapRef:
                 name: capm3-capm3fasttrack-configmap
-            image: quay.io/metal3-io/cluster-api-provider-metal3:v1.7.1
+            image: quay.io/metal3-io/cluster-api-provider-metal3:v1.7.2
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -3731,7 +3731,7 @@ data:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
-            image: quay.io/metal3-io/ip-address-manager:v1.7.1
+            image: quay.io/metal3-io/ip-address-manager:v1.7.2
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -4384,7 +4384,7 @@ data:
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v1.7.1
+  name: v1.7.2
   namespace: capm3-system
   labels:
     provider-components: metal3

rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml

@@ -868,6 +868,11 @@ data:
                               type: string
                             type: array
                         type: object
+                      podSecurityAdmissionConfigFile:
+                        description: |-
+                          PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
+                          spec.Files field.
+                        type: string
                       protectKernelDefaults:
                         description: |-
                           ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
@@ -2050,6 +2055,11 @@ data:
                                       type: string
                                     type: array
                                 type: object
+                              podSecurityAdmissionConfigFile:
+                                description: |-
+                                  PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
+                                  spec.Files field.
+                                type: string
                               protectKernelDefaults:
                                 description: |-
                                   ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
@@ -2535,7 +2545,7 @@ data:
             - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
             command:
             - /manager
-            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.7.1
+            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.8.0
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -2742,10 +2752,13 @@ data:
       - major: 0
         minor: 7
         contract: v1beta1
+      - major: 0
+        minor: 8
+        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.7.1
+  name: v0.8.0
   namespace: rke2-bootstrap-system
   labels:
     provider-components: rke2-bootstrap

rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml

@@ -1513,6 +1513,11 @@ data:
                               type: string
                             type: array
                         type: object
+                      podSecurityAdmissionConfigFile:
+                        description: |-
+                          PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
+                          spec.Files field.
+                        type: string
                       protectKernelDefaults:
                         description: |-
                           ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
@@ -2926,6 +2931,11 @@ data:
                                       type: string
                                     type: array
                                 type: object
+                              podSecurityAdmissionConfigFile:
+                                description: |-
+                                  PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
+                                  spec.Files field.
+                                type: string
                               protectKernelDefaults:
                                 description: |-
                                   ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
@@ -4285,7 +4295,7 @@ data:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.uid
-            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.7.1
+            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.8.0
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -4499,10 +4509,13 @@ data:
       - major: 0
         minor: 7
         contract: v1beta1
+      - major: 0
+        minor: 8
+        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.7.1
+  name: v0.8.0
   namespace: rke2-control-plane-system
   labels:
     provider-components: rke2-control-plane

rancher-turtles-chart/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: cluster-api-operator
   repository: https://kubernetes-sigs.github.io/cluster-api-operator
-  version: 0.12.0
+  version: 0.14.0
-digest: sha256:c167c074ca89ef7a520ec18a5afd380b9edaee513810aa3ac0e0bda51db9c526
+digest: sha256:9e9e851dbab3212c279efec06bcf0da147228ea1590470f3a8cbbb5806a250d4
-generated: "2024-08-22T14:23:18.589443298Z"
+generated: "2024-10-28T11:44:34.392387979Z"

rancher-turtles-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:0.3.3
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:302.0.0_up0.13.0
-#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:0.3.3-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:302.0.0_up0.13.0-%RELEASE%
 annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -12,12 +12,12 @@ annotations:
   catalog.cattle.io/scope: management
   catalog.cattle.io/type: cluster-tool
 apiVersion: v2
-appVersion: 0.11.0
+appVersion: 0.13.0
 dependencies:
 - condition: cluster-api-operator.enabled
   name: cluster-api-operator
   repository: file://./charts/cluster-api-operator
-  version: 0.12.0
+  version: 0.14.0
 description: Rancher Turtles is an extension to Rancher that brings full Cluster API
   integration to Rancher.
 home: https://github.com/rancher/turtles/
@@ -29,4 +29,4 @@ keywords:
 - provisioning
 name: rancher-turtles
 type: application
-version: 0.3.3+up0.11.0
+version: 302.0.0+up0.13.0

rancher-turtles-chart/RELEASE_NOTES.md

@@ -1,6 +1,4 @@
-## Changes since test/v0.11.0
+gh: To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable. Example:
----
+  env:
-## :chart_with_upwards_trend: Overview
+    GH_TOKEN: ${{ github.token }}
-
+: exit status 4
-
-_Thanks to all our contributors!_ 😊

rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 0.12.0
+appVersion: 0.14.0
 description: Cluster API Operator
 name: cluster-api-operator
 type: application
-version: 0.12.0
+version: 0.14.0

rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml

@@ -26,7 +26,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
     "argocd.argoproj.io/sync-wave": "1"
   name: {{ $addonNamespace }}
@@ -37,7 +37,7 @@ metadata:
   name: {{ $addonName }}
   namespace: {{ $addonNamespace }}
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
     "argocd.argoproj.io/sync-wave": "2"
 {{- if or $addonVersion $.Values.secretName }}

rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml

@@ -26,7 +26,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
   name: {{ $bootstrapNamespace }}
 ---
@@ -36,7 +36,7 @@ metadata:
   name: {{ $bootstrapName }}
   namespace: {{ $bootstrapNamespace }}
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
 {{- if or $bootstrapVersion $.Values.configSecret.name }}
 spec:

rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml

@@ -26,7 +26,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
   name: {{ $controlPlaneNamespace }}
 ---
@@ -36,7 +36,7 @@ metadata:
   name: {{ $controlPlaneName }}
   namespace: {{ $controlPlaneNamespace }}
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
 {{- if or $controlPlaneVersion $.Values.configSecret.name }}
 spec:

rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml

@@ -6,7 +6,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
   name: capi-system
 ---
@@ -16,7 +16,7 @@ metadata:
   name: cluster-api
   namespace: capi-system
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
 {{- with .Values.configSecret }}
 spec:

rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml

@@ -25,7 +25,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
   name: {{ $coreNamespace }}
 ---
@@ -35,7 +35,7 @@ metadata:
   name: {{ $coreName }}
   namespace: {{ $coreNamespace }}
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
     "argocd.argoproj.io/sync-wave": "2"
 {{- if or $coreVersion $.Values.configSecret.name }}

rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml

@@ -74,6 +74,9 @@ spec:
         {{- if .Values.insecureDiagnostics }}
         - --insecure-diagnostics={{ .Values.insecureDiagnostics }}
         {{- end }}
+        {{- if .Values.watchConfigSecret }}
+        - --watch-configsecret
+        {{- end }}
         {{- with .Values.leaderElection }}
         - --leader-elect={{ .enabled }}
         {{- if .leaseDuration }}

rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml

@@ -7,7 +7,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
     "argocd.argoproj.io/sync-wave": "1"
   name: capi-kubeadm-bootstrap-system
@@ -18,7 +18,7 @@ metadata:
   name: kubeadm
   namespace: capi-kubeadm-bootstrap-system
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
     "argocd.argoproj.io/sync-wave": "2"
 {{- with .Values.configSecret }}
@@ -37,7 +37,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
     "argocd.argoproj.io/sync-wave": "1"
   name: capi-kubeadm-control-plane-system
@@ -48,7 +48,7 @@ metadata:
   name: kubeadm
   namespace: capi-kubeadm-control-plane-system
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
     "argocd.argoproj.io/sync-wave": "2"
 {{- with .Values.configSecret }}

rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml

@@ -1,13 +1,3 @@
-{{- define "recursivePrinter" }}
-{{- range $key, $value := . }}
-{{- if kindIs "map" $value }}
-  {{ $key }}:
-  {{- include "recursivePrinter" $value | indent 2 }}
-{{- else }}
-  {{ $key }}: {{ $value }}
-{{- end }}
-{{- end }}
-{{- end }}
 # Infrastructure providers
 {{- if .Values.infrastructure }}
 {{- $infrastructures := split ";" .Values.infrastructure }}
@@ -36,7 +26,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
     "argocd.argoproj.io/sync-wave": "1"
   name: {{ $infrastructureNamespace }}
@@ -47,7 +37,7 @@ metadata:
   name: {{ $infrastructureName }}
   namespace: {{ $infrastructureNamespace }}
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
     "argocd.argoproj.io/sync-wave": "2"
 {{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
@@ -77,8 +67,7 @@ spec:
     {{- end }}
 {{- end }}
 {{- if $.Values.additionalDeployments }}
-  additionalDeployments:
+  additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }}
-  {{- include "recursivePrinter" $.Values.additionalDeployments | indent 2 }}
 {{- end }}
 {{- end }}
 {{- end }}

rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml

@@ -13,7 +13,6 @@ spec:
     strategy: Webhook
     webhook:
       clientConfig:
-        caBundle: Cg==
         service:
           name: capi-operator-webhook-service
           namespace: '{{ .Release.Namespace }}'
@@ -3023,7 +3022,6 @@ spec:
     strategy: Webhook
     webhook:
       clientConfig:
-        caBundle: Cg==
         service:
           name: capi-operator-webhook-service
           namespace: '{{ .Release.Namespace }}'
@@ -7618,7 +7616,6 @@ spec:
     strategy: Webhook
     webhook:
       clientConfig:
-        caBundle: Cg==
         service:
           name: capi-operator-webhook-service
           namespace: '{{ .Release.Namespace }}'
@@ -12216,7 +12213,6 @@ spec:
     strategy: Webhook
     webhook:
       clientConfig:
-        caBundle: Cg==
         service:
           name: capi-operator-webhook-service
           namespace: '{{ .Release.Namespace }}'
@@ -16811,7 +16807,6 @@ spec:
     strategy: Webhook
     webhook:
       clientConfig:
-        caBundle: Cg==
         service:
           name: capi-operator-webhook-service
           namespace: '{{ .Release.Namespace }}'
@@ -21409,7 +21404,6 @@ spec:
     strategy: Webhook
     webhook:
       clientConfig:
-        caBundle: Cg==
         service:
           name: capi-operator-webhook-service
           namespace: '{{ .Release.Namespace }}'
@@ -24419,7 +24413,6 @@ spec:
     strategy: Webhook
     webhook:
       clientConfig:
-        caBundle: Cg==
         service:
           name: capi-operator-webhook-service
           namespace: '{{ .Release.Namespace }}'

rancher-turtles-chart/charts/cluster-api-operator/values.yaml

@@ -19,7 +19,7 @@ leaderElection:
 image:
   manager:
     repository: registry.k8s.io/capi-operator/cluster-api-operator
-    tag: v0.12.0
+    tag: v0.14.0
     pullPolicy: IfNotPresent
 env:
   manager: []
@@ -27,6 +27,7 @@ healthAddr: ":8081"
 metricsBindAddr: "127.0.0.1:8080"
 diagnosticsAddress: "8443"
 insecureDiagnostics: false
+watchConfigSecret: false
 imagePullSecrets: {}
 resources:
   manager:

rancher-turtles-chart/templates/clusterctl-cm-cleanup-job.yaml

@@ -0,0 +1,66 @@
+{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: pre-upgrade-job
+  namespace: '{{ .Values.rancherTurtles.namespace }}'
+  annotations:
+    "helm.sh/hook": "post-delete, pre-upgrade"
+    "helm.sh/hook-weight": "-2"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: pre-upgrade-job-delete-clusterctl-configmap
+  annotations:
+    "helm.sh/hook": "post-delete, pre-upgrade"
+    "helm.sh/hook-weight": "-2"
+rules:
+- apiGroups: [""]
+  resources:
+  - configmaps
+  verbs:
+  - list
+  - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: pre-upgrade-job-clusterctl-configmap-cleanup
+  annotations:
+    "helm.sh/hook": "post-delete, pre-upgrade"
+    "helm.sh/hook-weight": "-2"
+subjects:
+  - kind: ServiceAccount
+    name: pre-upgrade-job
+    namespace: '{{ .Values.rancherTurtles.namespace }}'
+roleRef:
+  kind: ClusterRole
+  name: pre-upgrade-job-delete-clusterctl-configmap
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: rancher-clusterctl-configmap-cleanup
+  namespace: '{{ .Values.rancherTurtles.namespace }}'
+  annotations:
+    "helm.sh/hook": "post-delete, pre-upgrade"
+    "helm.sh/hook-weight": "-1"
+spec:
+  ttlSecondsAfterFinished: 300
+  template:
+    spec:
+      serviceAccountName: pre-upgrade-job
+      containers:
+        - name: rancher-clusterctl-configmap-cleanup
+          image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
+          args:
+          - delete
+          - configmap
+          - --namespace={{ .Values.rancherTurtles.namespace }}
+          - clusterctl-config
+          - --ignore-not-found=true
+      restartPolicy: Never
+{{- end }}

rancher-turtles-chart/templates/deployment.yaml

@@ -26,7 +26,7 @@ spec:
       containers:
       - args:
         - --leader-elect
-        - --feature-gates=etcd-snapshot-restore={{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "enabled"}},propagate-labels={{ index .Values "rancherTurtles" "features" "propagate-labels" "enabled"}},managementv3-cluster={{ index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled"}},rancher-kube-secret-patch={{ index .Values "rancherTurtles" "features" "rancher-kubeconfigs" "label"}}
+        - --feature-gates=propagate-labels={{ index .Values "rancherTurtles" "features" "propagate-labels" "enabled"}},managementv3-cluster={{ index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled"}},rancher-kube-secret-patch={{ index .Values "rancherTurtles" "features" "rancher-kubeconfigs" "label"}}
         {{- range .Values.rancherTurtles.managerArguments }}
         - {{ . }}
         {{- end }}  

rancher-turtles-chart/templates/metal3-infrastructure.yaml

@@ -2,6 +2,17 @@
 {{- $namespace := index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }}
 {{- if not (lookup "v1" "Namespace" "" $namespace) }}
 ---
+apiVersion: turtles-capi.cattle.io/v1alpha1
+kind: ClusterctlConfig
+metadata:
+  name: clusterctl-config
+  namespace: rancher-turtles-system
+spec:
+  providers:
+  - name: metal3
+    url: "https://github.com/metal3-io/cluster-api-provider-metal3/releases/v1.7.2/infrastructure-components.yaml"
+    type: InfrastructureProvider
+---
 apiVersion: v1
 kind: Namespace
 metadata:

rancher-turtles-chart/templates/pre-install-job.yaml

@@ -1,4 +1,5 @@
 {{- if index .Values "rancherTurtles" "features" "embedded-capi" "disabled" }}
+{{- if index .Values "rancherTurtles" "rancherInstalled"}}
 ---
 apiVersion: management.cattle.io/v3
 kind: Feature
@@ -10,6 +11,7 @@ metadata:
 spec:
   value: false
 {{- end }}
+{{- end }}
 {{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
 ---
 apiVersion: v1

rancher-turtles-chart/templates/rancher-turtles-components.yaml

@@ -18,7 +18,7 @@ spec:
     - jsonPath: .spec.type
       name: Type
       type: string
-    - jsonPath: .spec.name
+    - jsonPath: .status.name
       name: ProviderName
       type: string
     - jsonPath: .status.installedVersion
@@ -2979,15 +2979,7 @@ spec:
                 type: string
               type:
                 description: Type is the type of the provider to enable
-                enum:
+                example: InfrastructureProvider
-                - infrastructure
-                - core
-                - controlPlane
-                - bootstrap
-                - addon
-                - runtimeextension
-                - ipam
-                example: infrastructure
                 type: string
               variables:
                 additionalProperties:
@@ -3073,6 +3065,10 @@ spec:
                 description: InstalledVersion is the version of the provider that
                   is installed.
                 type: string
+              name:
+                description: Name reflects actual provider name, which will be visible
+                  to users in 'kubectl get capiproviders -A -o wide'
+                type: string
               observedGeneration:
                 description: ObservedGeneration is the latest generation observed
                   by the controller.
@@ -3102,6 +3098,104 @@ spec:
     subresources:
       status: {}
 ---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+    helm.sh/resource-policy: keep
+  name: clusterctlconfigs.turtles-capi.cattle.io
+spec:
+  group: turtles-capi.cattle.io
+  names:
+    kind: ClusterctlConfig
+    listKind: ClusterctlConfigList
+    plural: clusterctlconfigs
+    singular: clusterctlconfig
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ClusterctlConfig is the Schema for the CAPI Clusterctl config
+          API.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ClusterctlConfigSpec defines the user overrides for images
+              and known providers with sources
+            properties:
+              images:
+                description: Images is a list of image overrided for specified providers
+                items:
+                  description: Image allows to define transformations to apply to
+                    the image contained in the YAML manifests.
+                  properties:
+                    name:
+                      description: Name of the provider image override
+                      example: all
+                      type: string
+                    repository:
+                      description: Repository sets the container registry override
+                        to pull images from.
+                      example: my-registry/my-org
+                      type: string
+                    tag:
+                      description: Tag allows to specify a tag for the images.
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              providers:
+                description: Provider overrides
+                items:
+                  description: Provider allows to define providers with known URLs
+                    to pull the components.
+                  properties:
+                    name:
+                      description: Name of the provider
+                      type: string
+                    type:
+                      description: Type is the type of the provider
+                      example: InfrastructureProvider
+                      type: string
+                    url:
+                      description: URL of the provider components. Will be used unless
+                        and override is specified
+                      type: string
+                  required:
+                  - name
+                  - type
+                  - url
+                  type: object
+                type: array
+            type: object
+        type: object
+        x-kubernetes-validations:
+        - message: Clusterctl Config should be named clusterctl-config.
+          rule: self.metadata.name == 'clusterctl-config'
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -3277,6 +3371,8 @@ rules:
   resources:
   - capiproviders
   - capiproviders/status
+  - clusterctlconfigs
+  - clusterctlconfigs/status
   verbs:
   - get
   - list

rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml

@@ -3,13 +3,16 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
+    cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
     controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    turtles-capi.cattle.io: etcd-restore
   name: etcdmachinesnapshots.turtles-capi.cattle.io
 spec:
   group: turtles-capi.cattle.io
   names:
-    kind: EtcdMachineSnapshot
+    kind: ETCDMachineSnapshot
-    listKind: EtcdMachineSnapshotList
+    listKind: ETCDMachineSnapshotList
     plural: etcdmachinesnapshots
     singular: etcdmachinesnapshot
   scope: Namespaced
@@ -17,7 +20,7 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: EtcdMachineSnapshot is the Schema for the EtcdMachineSnapshot
+        description: ETCDMachineSnapshot is the Schema for the ETCDMachineSnapshot
           API.
         properties:
           apiVersion:
@@ -38,21 +41,81 @@ spec:
           metadata:
             type: object
           spec:
-            description: EtcdMachineSnapshotSpec defines the desired state of EtcdMachineSnapshot.
+            description: ETCDMachineSnapshotSpec defines the desired state of EtcdMachineSnapshot
             properties:
-              foo:
+              clusterName:
+                type: string
+              configRef:
+                type: string
+              location:
+                type: string
+              machineName:
                 type: string
             required:
-            - foo
+            - clusterName
+            - configRef
+            - location
+            - machineName
             type: object
+            x-kubernetes-validations:
+            - message: ETCD snapshot location can't be empty.
+              rule: size(self.location)>0
           status:
             default: {}
-            description: EtcdMachineSnapshotStatus defines observed state of EtcdMachineSnapshot.
+            description: EtcdSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore
             properties:
-              bar:
+              conditions:
+                description: Conditions provide observations of the operational state
+                  of a Cluster API resource.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        Last time the condition transitioned from one status to another.
+                        This should be when the underlying condition changed. If that is not known, then using the time when
+                        the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A human readable message indicating details about the transition.
+                        This field may be empty.
+                      type: string
+                    reason:
+                      description: |-
+                        The reason for the condition's last transition in CamelCase.
+                        The specific API may choose whether or not this field is considered a guaranteed API.
+                        This field may not be empty.
+                      type: string
+                    severity:
+                      description: |-
+                        Severity provides an explicit classification of Reason code, so the users or machines can immediately
+                        understand the current situation and act accordingly.
+                        The Severity field MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: |-
+                        Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+                        can be useful (see .node.status.conditions), the ability to deconflict is important.
                       type: string
                   required:
-            - bar
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              manual:
+                type: boolean
+              phase:
+                description: ETCDSnapshotPhase is a string representation of the phase
+                  of the etcd snapshot
+                type: string
             type: object
         type: object
     served: true
@@ -64,13 +127,16 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
+    cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
     controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    turtles-capi.cattle.io: etcd-restore
   name: etcdsnapshotrestores.turtles-capi.cattle.io
 spec:
   group: turtles-capi.cattle.io
   names:
-    kind: EtcdSnapshotRestore
+    kind: ETCDSnapshotRestore
-    listKind: EtcdSnapshotRestoreList
+    listKind: ETCDSnapshotRestoreList
     plural: etcdsnapshotrestores
     singular: etcdsnapshotrestore
   scope: Namespaced
@@ -78,7 +144,7 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: EtcdSnapshotRestore is the schema for the EtcdSnapshotRestore
+        description: ETCDSnapshotRestore is the schema for the ETCDSnapshotRestore
           API.
         properties:
           apiVersion:
@@ -99,25 +165,673 @@ spec:
           metadata:
             type: object
           spec:
-            description: EtcdSnapshotRestoreSpec defines the desired state of EtcdSnapshotRestore.
+            description: ETCDSnapshotRestoreSpec defines the desired state of EtcdSnapshotRestore.
             properties:
-              foo:
+              clusterName:
+                type: string
+              etcdMachineSnapshotName:
                 type: string
             required:
-            - foo
+            - clusterName
+            - etcdMachineSnapshotName
             type: object
+            x-kubernetes-validations:
+            - message: Cluster Name can't be empty.
+              rule: size(self.clusterName)>0
+            - message: ETCD machine snapshot name can't be empty.
+              rule: size(self.etcdMachineSnapshotName)>0
           status:
             default: {}
-            description: EtcdSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore.
+            description: ETCDSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore.
             properties:
-              bar:
+              conditions:
+                description: Conditions provide observations of the operational state
+                  of a Cluster API resource.
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        Last time the condition transitioned from one status to another.
+                        This should be when the underlying condition changed. If that is not known, then using the time when
+                        the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A human readable message indicating details about the transition.
+                        This field may be empty.
+                      type: string
+                    reason:
+                      description: |-
+                        The reason for the condition's last transition in CamelCase.
+                        The specific API may choose whether or not this field is considered a guaranteed API.
+                        This field may not be empty.
+                      type: string
+                    severity:
+                      description: |-
+                        Severity provides an explicit classification of Reason code, so the users or machines can immediately
+                        understand the current situation and act accordingly.
+                        The Severity field MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: |-
+                        Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+                        can be useful (see .node.status.conditions), the ability to deconflict is important.
                       type: string
                   required:
-            - bar
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              phase:
+                default: Pending
+                description: ETCDSnapshotPhase is a string representation of the phase
+                  of the etcd snapshot
+                type: string
             type: object
         type: object
     served: true
     storage: true
     subresources:
       status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
+    controller-gen.kubebuilder.io/version: v0.14.0
+  labels:
+    turtles-capi.cattle.io: etcd-restore
+  name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io
+spec:
+  group: turtles-capi.cattle.io
+  names:
+    kind: RKE2EtcdMachineSnapshotConfig
+    listKind: RKE2EtcdMachineSnapshotConfigList
+    plural: rke2etcdmachinesnapshotconfigs
+    singular: rke2etcdmachinesnapshotconfig
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: RKE2EtcdMachineSnapshotConfig is the config for the RKE2EtcdMachineSnapshotConfig
+          API
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: RKE2EtcdMachineSnapshotConfigSpec defines the desired state
+              of RKE2EtcdMachineSnapshotConfig
+            properties:
+              local:
+                properties:
+                  dataDir:
+                    type: string
+                required:
+                - dataDir
+                type: object
+              s3:
+                properties:
+                  bucket:
+                    type: string
+                  endpoint:
+                    type: string
+                  endpointCAsecret:
+                    type: string
+                  folder:
+                    type: string
+                  insecure:
+                    type: boolean
+                  location:
+                    type: string
+                  region:
+                    type: string
+                  s3CredentialSecret:
+                    type: string
+                  skipSSLVerify:
+                    type: boolean
+                type: object
+            required:
+            - local
+            - s3
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: rancher-turtles
+    app.kubernetes.io/instance: controller-manager-sa
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: serviceaccount
+    app.kubernetes.io/part-of: rancher-turtles
+    turtles-capi.cattle.io: etcd-restore
+  name: rancher-turtles-etcdsnapshotrestore-manager
+  namespace: rancher-turtles-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: rancher-turtles
+    app.kubernetes.io/instance: leader-election-role
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: role
+    app.kubernetes.io/part-of: rancher-turtles
+    turtles-capi.cattle.io: etcd-restore
+  name: rancher-turtles-etcdsnapshotrestore-leader-election-role
+  namespace: rancher-turtles-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+---
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      rancher-turtles-exp/aggregate-to-manager: "true"
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    turtles-capi.cattle.io: etcd-restore
+  name: rancher-turtles-etcdsnapshotrestore-aggregated-manager-role
+rules: []
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    rancher-turtles-exp/aggregate-to-manager: "true"
+    rancher-turtles/aggregate-to-manager: "true"
+    turtles-capi.cattle.io: etcd-restore
+  name: rancher-turtles-etcdsnapshotrestore-manager-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - events
+  - secrets
+  - serviceaccounts
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+  - get
+- apiGroups:
+  - bootstrap.cluster.x-k8s.io
+  resources:
+  - rke2configs
+  - rke2configs/finalizers
+  - rke2configs/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - clusters
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - clusters/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machines
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - management.cattle.io
+  resources:
+  - '*'
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  - roles
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - turtles-capi.cattle.io
+  resources:
+  - etcdmachinesnapshots
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - turtles-capi.cattle.io
+  resources:
+  - etcdmachinesnapshots/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - turtles-capi.cattle.io
+  resources:
+  - etcdmachinesnapshots/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - turtles-capi.cattle.io
+  resources:
+  - etcdsnapshotrestores
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - turtles-capi.cattle.io
+  resources:
+  - etcdsnapshotrestores/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - turtles-capi.cattle.io
+  resources:
+  - etcdsnapshotrestores/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - turtles-capi.cattle.io
+  resources:
+  - rke2etcdmachinesnapshotconfigs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - turtles-capi.cattle.io
+  resources:
+  - rke2etcdmachinesnapshotconfigs/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - turtles-capi.cattle.io
+  resources:
+  - rke2etcdmachinesnapshotconfigs/status
+  verbs:
+  - get
+  - patch
+  - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: rancher-turtles
+    app.kubernetes.io/instance: leader-election-rolebinding
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: rolebinding
+    app.kubernetes.io/part-of: rancher-turtles
+    turtles-capi.cattle.io: etcd-restore
+  name: rancher-turtles-etcdsnapshotrestore-leader-election-rolebinding
+  namespace: rancher-turtles-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: rancher-turtles-etcdsnapshotrestore-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: rancher-turtles-etcdsnapshotrestore-manager
+  namespace: rancher-turtles-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: rancher-turtles
+    app.kubernetes.io/instance: manager-rolebinding
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: clusterrolebinding
+    app.kubernetes.io/part-of: rancher-turtles
+    turtles-capi.cattle.io: etcd-restore
+  name: rancher-turtles-etcdsnapshotrestore-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rancher-turtles-etcdsnapshotrestore-aggregated-manager-role
+subjects:
+- kind: ServiceAccount
+  name: rancher-turtles-etcdsnapshotrestore-manager
+  namespace: rancher-turtles-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    turtles-capi.cattle.io: etcd-restore
+  name: rancher-turtles-etcdsnapshotrestore-webhook-service
+  namespace: rancher-turtles-system
+spec:
+  ports:
+  - port: 443
+    targetPort: webhook-server
+  selector:
+    turtles-capi.cattle.io: etcd-restore
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    control-plane: controller-manager
+    turtles-capi.cattle.io: etcd-restore
+  name: rancher-turtles-etcdsnapshotrestore-controller-manager
+  namespace: rancher-turtles-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      control-plane: controller-manager
+      turtles-capi.cattle.io: etcd-restore
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+      labels:
+        control-plane: controller-manager
+        turtles-capi.cattle.io: etcd-restore
+    spec:
+      containers:
+      - args:
+        - --leader-elect
+        command:
+        - /manager
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_UID
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.uid
+        image: ghcr.io/rancher/turtles-etcd-snapshot-restore:dev
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 9440
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        name: manager
+        ports:
+        - containerPort: 9443
+          name: webhook-server
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 9440
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 10m
+            memory: 64Mi
+        volumeMounts:
+        - mountPath: /tmp/k8s-webhook-server/serving-certs
+          name: cert
+          readOnly: true
+      serviceAccountName: rancher-turtles-etcdsnapshotrestore-manager
+      terminationGracePeriodSeconds: 10
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/control-plane
+      volumes:
+      - name: cert
+        secret:
+          secretName: rancher-turtles-etcdsnapshotrestore-webhook-service-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  labels:
+    turtles-capi.cattle.io: etcd-restore
+  name: rancher-turtles-etcdsnapshotrestore-serving-cert
+  namespace: rancher-turtles-system
+spec:
+  dnsNames:
+  - rancher-turtles-etcdsnapshotrestore-webhook-service.rancher-turtles-system.svc
+  - rancher-turtles-etcdsnapshotrestore-webhook-service.rancher-turtles-system.svc.cluster.local
+  issuerRef:
+    kind: Issuer
+    name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer
+  secretName: rancher-turtles-etcdsnapshotrestore-webhook-service-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  labels:
+    turtles-capi.cattle.io: etcd-restore
+  name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer
+  namespace: rancher-turtles-system
+spec:
+  selfSigned: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
+  labels:
+    turtles-capi.cattle.io: etcd-restore
+  name: rancher-turtles-etcdsnapshotrestore-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: rancher-turtles-etcdsnapshotrestore-webhook-service
+      namespace: rancher-turtles-system
+      path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config
+  failurePolicy: Fail
+  name: systemagentrke2config.kb.io
+  rules:
+  - apiGroups:
+    - bootstrap.cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - rke2configs
+  sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
+  labels:
+    turtles-capi.cattle.io: etcd-restore
+  name: rancher-turtles-etcdsnapshotrestore-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: rancher-turtles-etcdsnapshotrestore-webhook-service
+      namespace: rancher-turtles-system
+      path: /validate-turtles-capi-cattle-io-v1alpha1-etcdmachinesnapshot
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: etcdmachinesnapshot.kb.io
+  rules:
+  - apiGroups:
+    - turtles-capi.cattle.io
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - etcdmachinesnapshots
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: rancher-turtles-etcdsnapshotrestore-webhook-service
+      namespace: rancher-turtles-system
+      path: /validate-turtles-capi-cattle-io-v1alpha1-etcdsnapshotrestore
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: etcdsnapshotrestore.kb.io
+  rules:
+  - apiGroups:
+    - turtles-capi.cattle.io
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - etcdsnapshotrestores
+  sideEffects: None
 {{- end }}

rancher-turtles-chart/values.yaml

@@ -1,10 +1,11 @@
 rancherTurtles:
   image: registry.rancher.com/rancher/rancher/turtles
-  imageVersion: v0.11.0
+  imageVersion: v0.13.0
   imagePullPolicy: IfNotPresent
   namespace: rancher-turtles-system
   managerArguments: []
   imagePullSecrets: []
+  rancherInstalled: true
   features:
     cluster-api-operator:
       cleanup: true
@@ -30,10 +31,6 @@ cluster-api-operator:
   enabled: true
   cert-manager:
     enabled: false
-  image:
-    manager:
-      repository: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-operator"
-      tag: 0.12.0
   volumes:
     - name: cert
       secret:
@@ -42,6 +39,9 @@ cluster-api-operator:
     - name: clusterctl-config
       configMap:
         name: clusterctl-config
+  image:
+    manager:
+      repository: registry.rancher.com/rancher/cluster-api-operator
   volumeMounts:
     manager:
       - mountPath: /tmp/k8s-webhook-server/serving-certs
@@ -57,7 +57,7 @@ cluster-api-operator:
       defaultName: capi-env-variables
     core:
       namespace: capi-system
-      imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-controller:1.7.5"
+      imageUrl: ""
       fetchConfig:
         url: ""
         selector: ""
@@ -66,13 +66,13 @@ cluster-api-operator:
       version: ""
       bootstrap:
         namespace: rke2-bootstrap-system
-        imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:0.7.1"
+        imageUrl: "registry.rancher.com/rancher/cluster-api-provider-rke2-bootstrap:v0.8.0"
         fetchConfig:
           url: ""
           selector: ""
       controlPlane:
         namespace: rke2-control-plane-system
-        imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:0.7.1"
+        imageUrl: "registry.rancher.com/rancher/cluster-api-provider-rke2-controlplane:v0.8.0"
         fetchConfig:
           url: ""
           selector: ""
@@ -81,10 +81,10 @@ cluster-api-operator:
       version: ""
       infrastructure:
         namespace: capm3-system
-        imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-metal3:1.7.1"
+        imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-metal3:1.7.2"
         fetchConfig:
           url: ""
           selector: ""
       ipam:
         namespace: capm3-system
-        imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%ip-address-manager:1.7.1"
+        imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%images/ip-address-manager:1.7.2"