diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md b/deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md index af8e75200b..199c995c1c 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md @@ -27,7 +27,7 @@ Validating webhooks are defined using a `ValidatingWebhookConfiguration` object ## Defaults provided by ECK [k8s-webhook-defaults] -When using the default `operator.yaml` manifest, ECK is installed with a `ValidatingWebhookConfiguration` configured as follows: +When installing ECK using the [`operator.yaml` manifest](install-using-yaml-manifest-quickstart.md) or the [Helm chart](install-using-helm-chart.md) with default settings, ECK is installed with a `ValidatingWebhookConfiguration` configured as follows: * Validate all known Elastic custom resources ({{eck_resources_list}}) on create and update. * The operator itself is the webhook server — which is exposed through a service named `elastic-webhook-server` in the `elastic-system` namespace. @@ -45,13 +45,16 @@ You can customize almost all aspects of the webhook setup by changing the [opera | Configuration option | Default value | Description | | --- | --- | --- | -| `enable-webhook` | false | This must be set to `true` to enable the webhook server. | +| `enable-webhook` | false | Set to `true` to enable the webhook server. | | `manage-webhook-certs` | true | Set to `false` to disable auto-generating the certificate for the webhook. If disabled, you must provide your own certificates using one of the methods described later in this document. | | `webhook-cert-dir` | /tmp/k8s-webhook-server/serving-certs | Path to mount the certificate. | | `webhook-name` | elastic-webhook.k8s.elastic.co | Name of the `ValidatingWebhookConfiguration` resource. | | `webhook-secret` | elastic-webhook-server-cert | Name of the secret containing the certificate for the webhook server. | | `webhook-port` | 9443 | Port to listen for incoming validation requests. | +:::::{note} +Although the `enable-webhook` flag default is `false`, the default ECK installation manifests and Helm chart set it to `true`. +::::: ### Using your own certificates [k8s-webhook-existing-certs]