2 MutatingWebhookConfiguration have the same name (helm-chart)

[Anna-Katona]

Describe the bug <A clear and concise description of what the bug is.> Both MutatingWebhookConfiguration seem to have the same name ({{ .Chart.Name }}-webhook) https://github.com/sse-secure-systems/connaisseur/blob/master/helm/templates/certificate_webhook-conf.yaml

Expected behavior <A clear and concise description of what you expected to happen.> Different names for https://github.com/sse-secure-systems/connaisseur/blob/master/helm/templates/certificate_webhook-conf.yaml#L20 and https://github.com/sse-secure-systems/connaisseur/blob/master/helm/templates/certificate_webhook-conf.yaml#L51 or only one definition for MutatingWebhookConfiguration

[xopham]

@Anna-Katona is that related to an actual problem or bug? How does it affect usage of Connaisseur? Is there a way in which this causes an error?

The MutatingWebhookConfiguration you are pointing to specifies to hooks that are needed for installation order reasons and were introduced in ADR-5. Please check there for more information on the section. The earlier approach was described in ADR-1. I am not certain we could name the hooks differently as one has to superseed the other to allow proper installation. Should be easy enough to test though...

[phbelitz]

This is expected behavior. The webhooks need to be installed after the Connaisseur deployment, otherwise they may block Connaisseur itself. This only works with helm hooks, but using them the resources using the hooks are no longer part of the regular chart and thus are not deleted when using helm uninstall. Thus the trick is to have an additional webhook with the same name, that overwrites the other one, which has a hook-delete-policy set, so it gets deleted.