lir1ka

@sozercan, hello! I Understood, that it is expected behavior (in situation with inability to create namespace). But still i dont understand why i can create pod

> The situation you are facing is caused by, `check-ignore-label.gatekeeper.sh` webhook (used only for namespace admission events)- https://github.com/open-policy-agent/gatekeeper/blob/master/deploy/gatekeeper.yaml#L5251 with default `failurePolicy` set to `Fail`. You can use `validatingWebhookCheckIgnoreFailurePolicy` helm variable...

> Note that the identity of the source traffic is `remote-node`. That means you will need to grant ingress access to the entity `remote-node` in addition to the `kube-apiserver` entity...