Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add `webhook.create: false` warning comment (#4579)

* Duplicated `crds.conversion.enabled: false` comment stating
  that `webhook.create` should be set to `false`.
* This coupling is easy missable when creating an override `values.yaml`
  file.

Signed-off-by: Aaron Hastings <aaron@aaronhastings.me>
Aaron Hastings 1 year ago
parent
7470307f53
commit
7b9fa17765
2 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 1 1
      deploy/charts/external-secrets/README.md
  2. 1 1
      deploy/charts/external-secrets/values.yaml

+ 1 - 1
deploy/charts/external-secrets/README.md
View File 

@@ -179,7 +179,7 @@ The command removes all the Kubernetes components associated with the chart and
 
 | webhook.certManager.cert.renewBefore | string | `""` | How long before the currently issued certificate’s expiry cert-manager should renew the certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec Note that renewBefore should be greater than .webhook.lookaheadInterval since the webhook will check this far in advance that the certificate is valid. |
 
 | webhook.certManager.cert.revisionHistoryLimit | int | `0` | Set the revisionHistoryLimit on the Certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec Defaults to 0 (ignored). |
 
 | webhook.certManager.enabled | bool | `false` | Enabling cert-manager support will disable the built in secret and switch to using cert-manager (installed separately) to automatically issue and renew the webhook certificate. This chart does not install cert-manager for you, See https://cert-manager.io/docs/ |
 
-| webhook.create | bool | `true` | Specifies whether a webhook deployment be created. |
 
+| webhook.create | bool | `true` | Specifies whether a webhook deployment be created. If set to false, crds.conversion.enabled should also be set to false otherwise the kubeapi will be hammered because the conversion is looking for a webhook endpoint. |
 
 | webhook.deploymentAnnotations | object | `{}` | Annotations to add to Deployment |
 
 | webhook.extraArgs | object | `{}` |  |
 
 | webhook.extraEnv | list | `[]` |  |

+ 1 - 1
deploy/charts/external-secrets/values.yaml
View File 

@@ -250,7 +250,7 @@ podDisruptionBudget:
 
 hostNetwork: false
 
 
 webhook:
 
-  # -- Specifies whether a webhook deployment be created.
 
+  # -- Specifies whether a webhook deployment be created. If set to false, crds.conversion.enabled should also be set to false otherwise the kubeapi will be hammered because the conversion is looking for a webhook endpoint.
 
   create: true
 
   # -- Specifices the time to check if the cert is valid
 
   certCheckInterval: "5m"