You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, if the user of the chart is using certManager or some other method to manage certificates and access from the API server to the webhook, then deleting and recreating the admission webhook on every change is a bit useless, and can lead to a lot of drift for any tooling that performs differences between some configuration and the existing configuration (e.g. terraform, argocd -- if the tooling includes hooks -- among other tools).
If possible, could we remove the hook annotations under a new boolean or when cert-manager is enabled? Is there a case that I am missing as to why they should be kept?
The text was updated successfully, but these errors were encountered:
The
wiz-admission-controller
currently unconditionally installs webhooks as helm hooks which means they are deleted and recreated on every installation (see https://github.com/wiz-sec/charts/blob/master/wiz-admission-controller/templates/opawebhook.yaml#L19-L21). This can be necessary, if the user is not using a custom certificate and thecaBundle
needs to continuously change.However, if the user of the chart is using
certManager
or some other method to manage certificates and access from the API server to the webhook, then deleting and recreating the admission webhook on every change is a bit useless, and can lead to a lot of drift for any tooling that performs differences between some configuration and the existing configuration (e.g. terraform, argocd -- if the tooling includes hooks -- among other tools).If possible, could we remove the hook annotations under a new boolean or when cert-manager is enabled? Is there a case that I am missing as to why they should be kept?
The text was updated successfully, but these errors were encountered: