The admission controller checks for the DOKS suite were returning errors for webhook configurations that were indeed correct. You can reproduce it with a cluster w/ multiple namespaces and admission webhook configs.
Turns out, it was reporting the wrong kube object metadata due to using a reference to a range loop value, which will produce weird references past the loop iteration's lifetime (in this case, it returned object data from other webhooks).
This fix clones the data before interacting with it in each loop block.
The admission controller checks for the DOKS suite were returning errors for webhook configurations that were indeed correct. You can reproduce it with a cluster w/ multiple namespaces and admission webhook configs.
Turns out, it was reporting the wrong kube object metadata due to using a reference to a range loop value, which will produce weird references past the loop iteration's lifetime (in this case, it returned object data from other webhooks).
This fix clones the data before interacting with it in each loop block.