Describe the bug
The mutating webhook configuration is removed when .Values.webhook.pvcMutatingWebhook.enabled is set false. However, the certificate volume sourced from a the tls type secret is still required.
This appears to be a fault in the source, where the webhook server itself is not optional. See:
This renders a deploy without the mutating webhook configuration, and the secret used for certs
Pods fail with a ContainerConfig error
Expected behavior
When .Values.webhook.pvcMutatingWebhook.enabled is set, neither the cert manager or generated certificate should be rendered.
The deployment should not mount the certificate secret.
The application should be able to start fine without the cert directory.
Additional context
Add any other context about the problem here.
Describe the bug The mutating webhook configuration is removed when
.Values.webhook.pvcMutatingWebhook.enabled
is set false. However, the certificate volume sourced from a the tls type secret is still required. This appears to be a fault in the source, where the webhook server itself is not optional. See:It would be great to make this optional. Specifically with the generated webhook cert, we found that it resulted in a container config error due to the self signed cert created during the helm install was not provisioned at allwhen .Values.webhook.pvcMutatingWebhook.enabled was set false.
Environments
To Reproduce Steps to reproduce the behavior:
Expected behavior When
.Values.webhook.pvcMutatingWebhook.enabled
is set, neither the cert manager or generated certificate should be rendered. The deployment should not mount the certificate secret. The application should be able to start fine without the cert directory.Additional context Add any other context about the problem here.