webhook references an incorrect annotation

[weishiuchang]

While troubleshooting why my pods were not being modified by the sriov-network-operator webhooks, I noticed my mutatingwebhookconfiguration "network-resource-injector-config" does not actually have a caBundle injected by the cert-manager.

I am running an on-prem kubernetes cluster deployed via kubeadm and installing the sriov-network-operator/deployment/ helm chart with enableAdmissionController=true and cert-manager installed.

Following the Quick Start instructions to create self-signed certificates, I notice that line 97 https://github.com/k8snetworkplumbingwg/sriov-network-operator/blob/c400742d910d731dfda9e81475d3b8047f051485/doc/quickstart.md?plain=1#L97 creates "network-resource-injector-service" Certificate CRD, whereas the operator is asking for "network-resource-injector-secret" https://github.com/k8snetworkplumbingwg/sriov-network-operator/blob/c400742d910d731dfda9e81475d3b8047f051485/bindata/manifests/webhook/003-webhook.yaml#L10

According to cert-manager documentation, if the SRIOV Operator really wanted the Secret, then it should be using "inject-ca-from-secret:

annotations:
  cert-manager.io/inject-ca-from-secret: {{.Namespace}}/network-resources-injector-secret

Otherwise the current annotation key of "cert-manager.io/inject-ca-from" should use the CRD name instead:

annotations:
  cert-manager.io/inject-ca-from: {{.Namespace}}/network-resources-injector-service

Ref: https://cert-manager.io/docs/concepts/ca-injector/#injecting-ca-data-from-a-certificate-resource