rancher · rancher-pr-and-push-webhook · Sep 4, 2025 · Sep 4, 2025 · Sep 4, 2025 · Sep 4, 2025
diff --git a/assets/logos/rancher-turtles.svg b/assets/logos/rancher-turtles.svg
diff --git a/assets/rancher-turtles/rancher-turtles-106.0.0+up0.0.0.tgz b/assets/rancher-turtles/rancher-turtles-106.0.0+up0.0.0.tgz
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/.helmignore b/charts/rancher-turtles/106.0.0+up0.0.0/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/Chart.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/Chart.yaml
@@ -0,0 +1,25 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
+  catalog.cattle.io/kube-version: '>= 1.23.0-0'
+  catalog.cattle.io/namespace: rancher-turtles-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux
+  catalog.cattle.io/rancher-version: '>= 2.11.0-1'
+  catalog.cattle.io/release-name: rancher-turtles
+  catalog.cattle.io/scope: management
+  catalog.cattle.io/type: cluster-tool
+apiVersion: v2
+appVersion: 0.0.0
+description: Rancher Turtles is an extension to Rancher that brings full Cluster API
+  integration to Rancher.
+home: https://github.com/rancher/turtles/
+icon: file://assets/logos/rancher-turtles.svg
+keywords:
+- rancher
+- cluster-api
+- capi
+- provisioning
+name: rancher-turtles
+type: application
+version: 106.0.0+up0.0.0
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/README.md b/charts/rancher-turtles/106.0.0+up0.0.0/README.md
@@ -0,0 +1,5 @@
+# Rancher Turtles Chart
+
+This chart installs Rancher Turtles using Helm.
+
+Checkout the [documentation](https://turtles.docs.rancher.com) for further information.
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/app-readme.md b/charts/rancher-turtles/106.0.0+up0.0.0/app-readme.md
@@ -0,0 +1,5 @@
+# Rancher Turtles - The Cluster API Extension for Rancher
+
+Rancher Turtles brings enhanced integration of Cluster API with Rancher.
+
+For more information, including a getting started guide, see the [official documentation](https://turtles.docs.rancher.com).
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/questions.yml b/charts/rancher-turtles/106.0.0+up0.0.0/questions.yml
@@ -0,0 +1,49 @@
+namespace: rancher-turtles-system
+questions:
+  - variable: rancherTurtles.features.default
+    default: "false"
+    description: "Customize install settings"
+    label: Customize install settings
+    type: boolean
+    show_subquestion_if: true
+    group: "Rancher Turtles Extra Settings"
+    subquestions:
+      - variable: turtlesUI.enabled
+        default: false
+        type: boolean
+        description: "Flag to enable or disable installation of CAPI UI extension. If set to false then you will need to install CAPI UI extension manually."
+        label: "Install CAPI UI (Experimental)"
+      - variable: rancherTurtles.cluster-api-operator.cleanup
+        default: true
+        description: "Specify that the CAPI Operator post-delete cleanup job will be performed."
+        type: boolean
+        label: Cleanup CAPI Operator installation
+        group: "CAPI Operator cleanup settings"
+      - variable: cluster-api-operator.cluster-api.rke2.enabled
+        default: "true"
+        description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
+        label: "Enable RKE2 Provider"
+        type: boolean
+      - variable: rancherTurtles.features.agent-tls-mode.enabled
+        default: false
+        description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters."
+        type: boolean
+        label: Enable Agent TLS Mode
+        group: "Rancher Turtles Features Settings"
+      - variable: rancherTurtles.kubectlImage
+        default: "registry.k8s.io/kubernetes/kubectl:v1.30.0"
+        description: "Specify the image to use when running kubectl in jobs."
+        type: string
+        label: Kubectl Image
+        group: "Rancher Turtles Features Settings"
+      - variable: rancherTurtles.features.day2operations.enabled
+        label: "Enable Day 2 Operations functionality in Rancher Turtles"
+        description: "Use this setting to configure Day 2 Operations functionality in Rancher Turtles, such as enabling ETCD Backup and Restore."
+        type: boolean
+        group: "Rancher Turtles Features Settings"
+      - variable: rancherTurtles.features.day2operations.etcdBackupRestore.enabled
+        label: "Enable ETCD Backup and Restore"
+        description: "[ALPHA] Enable ETCD Backup and Restore functionality in Rancher Turtles."
+        type: boolean
+        group: "ETCD Backup and Restore Settings"
+        show_if: "rancherTurtles.features.day2operations.enabled"
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/addon-provider-fleet.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/addon-provider-fleet.yaml
@@ -0,0 +1,76 @@
+apiVersion: turtles-capi.cattle.io/v1alpha1
+kind: CAPIProvider
+metadata:
+  name: fleet
+  namespace: '{{ .Values.rancherTurtles.namespace }}'
+  annotations:
+    "helm.sh/hook": "post-install, post-upgrade"
+    "helm.sh/hook-weight": "2"
+spec:
+  enableAutomaticUpdate: true
+  type: addon
+  additionalManifests:
+    name: fleet-addon-config
+    namespace: '{{ .Values.rancherTurtles.namespace }}'
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fleet-addon-config
+  namespace: '{{ .Values.rancherTurtles.namespace }}'
+  annotations:
+    "helm.sh/hook": "post-install, post-upgrade"
+    "helm.sh/hook-weight": "2"
+data:
+  manifests: |-
+    apiVersion: addons.cluster.x-k8s.io/v1alpha1
+    kind: FleetAddonConfig
+    metadata:
+      name: fleet-addon-config
+    spec:
+      config:
+        featureGates:
+        {{- if index .Values "rancherTurtles" "rancherInstalled" }}
+          configMap:
+            ref:
+              kind: ConfigMap
+              apiVersion: v1
+              name: rancher-config
+              namespace: cattle-system
+        {{- end }}
+          experimentalOciStorage: true
+          experimentalHelmOps: true
+      clusterClass:
+        patchResource: true
+        setOwnerReferences: true
+      cluster:
+        agentNamespace: cattle-fleet-system
+        applyClassGroup: true
+        patchResource: true
+        setOwnerReferences: true
+        hostNetwork: true
+        selector:
+          matchLabels:
+            cluster-api.cattle.io/rancher-auto-import: "true"
+          matchExpressions:
+            - key: cluster-api.cattle.io/disable-fleet-auto-import
+              operator: DoesNotExist
+        namespaceSelector:
+          matchLabels:
+            cluster-api.cattle.io/rancher-auto-import: "true"
+          matchExpressions:
+            - key: cluster-api.cattle.io/disable-fleet-auto-import
+              operator: DoesNotExist
+    ---
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    metadata:
+      name: cappf-controller-psa
+    roleRef:
+      apiGroup: rbac.authorization.k8s.io
+      kind: ClusterRole
+      name: fleet-controller-psa
+    subjects:
+    - kind: ServiceAccount
+      name: caapf-controller-manager
+      namespace: {{ .Values.rancherTurtles.namespace }}
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/azure-rbac.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/azure-rbac.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: caprke2-azure-aggregated-role
+  labels:
+    cluster.x-k8s.io/aggregate-to-capz-manager: "true"
+rules:
+- apiGroups:
+  - bootstrap.cluster.x-k8s.io
+  resources:
+  - rke2configs
+  verbs:
+  - create
+  - update
+  - delete
+  - get
+  - list
+  - patch
+  - watch
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/clusterctl-cm-cleanup-job.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/clusterctl-cm-cleanup-job.yaml
@@ -0,0 +1,66 @@
+{{- if index .Values "rancherTurtles" "rancherInstalled" }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: pre-upgrade-job
+  namespace: '{{ .Values.rancherTurtles.namespace }}'
+  annotations:
+    "helm.sh/hook": "post-delete, pre-upgrade"
+    "helm.sh/hook-weight": "-2"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: pre-upgrade-job-delete-clusterctl-configmap
+  annotations:
+    "helm.sh/hook": "post-delete, pre-upgrade"
+    "helm.sh/hook-weight": "-2"
+rules:
+- apiGroups: [""]
+  resources:
+  - configmaps
+  verbs:
+  - list
+  - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: pre-upgrade-job-clusterctl-configmap-cleanup
+  annotations:
+    "helm.sh/hook": "post-delete, pre-upgrade"
+    "helm.sh/hook-weight": "-2"
+subjects:
+  - kind: ServiceAccount
+    name: pre-upgrade-job
+    namespace: '{{ .Values.rancherTurtles.namespace }}'
+roleRef:
+  kind: ClusterRole
+  name: pre-upgrade-job-delete-clusterctl-configmap
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: rancher-clusterctl-configmap-cleanup
+  namespace: '{{ .Values.rancherTurtles.namespace }}'
+  annotations:
+    "helm.sh/hook": "post-delete, pre-upgrade"
+    "helm.sh/hook-weight": "-1"
+spec:
+  ttlSecondsAfterFinished: 300
+  template:
+    spec:
+      serviceAccountName: pre-upgrade-job
+      containers:
+        - name: rancher-clusterctl-configmap-cleanup
+          image: {{ index .Values "rancherTurtles" "kubectlImage" }}
+          args:
+          - delete
+          - configmap
+          - --namespace={{ .Values.rancherTurtles.namespace }}
+          - clusterctl-config
+          - --ignore-not-found=true
+      restartPolicy: Never
+{{- end }}
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/clusterctl-config.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/clusterctl-config.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: clusterctl-config
+  namespace: '{{ .Values.rancherTurtles.namespace }}'
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/core-provider.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/core-provider.yaml
@@ -0,0 +1,85 @@
+{{- if index .Values "cluster-api-operator" "cluster-api" "enabled" }}
+{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+{{- if not (lookup "v1" "Namespace" "" $namespace) }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    "helm.sh/hook": "post-install, post-upgrade"
+    "helm.sh/hook-weight": "1"
+  name: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+{{- end }}
+---
+apiVersion: turtles-capi.cattle.io/v1alpha1
+kind: CAPIProvider
+metadata:
+  name: cluster-api
+  namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+  annotations:
+    "helm.sh/hook": "post-install, post-upgrade"
+    "helm.sh/hook-weight": "2"
+spec:
+  name: cluster-api
+  type: core
+  enableAutomaticUpdate: {{ index .Values "cluster-api-operator" "cluster-api" "core" "enableAutomaticUpdate" }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "core" "version" }}
+  version: {{ index .Values "cluster-api-operator" "cluster-api" "core" "version" }}
+{{- end }}
+  additionalManifests:
+    name: capi-additional-rbac-roles
+    namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+  configSecret:
+{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+    name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+{{ else }}
+    name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }}
+{{- end }}
+{{- if or (index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector") }}
+  fetchConfig:
+    {{- if index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url" }}
+    url: {{ index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url" }}
+    {{- end }}
+    {{- if index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector" }}
+    selector: {{ index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector" }}
+    {{- end }}
+{{- end }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "core" "imageUrl" }}
+  deployment:
+    containers:
+      - name: manager
+        imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "core" "imageUrl" }}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: capi-additional-rbac-roles
+  namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+  annotations:
+    "helm.sh/hook": "post-install, post-upgrade"
+    "helm.sh/hook-weight": "2"
+data: 
+  manifests: |-
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+      name: provisioning-rke-cattle-io
+      labels:
+        cluster.x-k8s.io/aggregate-to-manager: "true"
+    rules:
+      - apiGroups: ["rke.cattle.io"]
+        resources: ["*"]
+        verbs: ["*"]
+    ---
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+      name: provisioning-rke-machine-cattle-io
+      labels:
+        cluster.x-k8s.io/aggregate-to-manager: "true"
+    rules:
+      - apiGroups: ["rke-machine.cattle.io"]
+        resources: ["*"]
+        verbs: ["*"]
+{{- end }}