[VPA] Admission cert reloader use a hardcoded MutatingWebhookConfiguration name #8248
Description
Which component are you using?:
VPA admission controller
/area vertical-pod-autoscaler
What version of the component are you using?:
Component version: v1.4.1
What k8s version are you using (kubectl version)?:
kubectl version Output
$ kubectl version Client Version: v1.33.1 Kustomize Version: v5.6.0 Server Version: v1.32.3-eks-4096722
What environment is this in?:
AWS EKS
with the following flag:
- --register-webhook=false
- --reload-cert=true
What did you expect to happen?:
The controller should not try to update the MutatingWebhookConfiguration because --register-webhook=false.
What happened instead?:
The controller try to get the vpa-webhook-config MutatingWebhookConfiguration which doesn't exists in our environment (it is named differently).
However, the certificates should be reloaded successfully.
How to reproduce it (as minimally and precisely as possible):
Run the admision controller with --register-webhook=false & --reload-cert=true and without a vpa-webhook-config MutatingWebhookConfiguration in the cluster.
Modify the cert CA to trigger a reload.
Anything else we need to know?:
We use cert-manager to create the certificates and update the MutatingWebhookConfiguration, so there is no need for the admission controller to update it.