From 1ebe565b01268f42b831bc5d8ddc2229d476459d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Wed, 27 May 2026 15:17:33 +0200 Subject: [PATCH] eck webhook default value clarified --- .../deploy/cloud-on-k8s/configure-validating-webhook.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md b/deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md index af8e75200b..199c995c1c 100644 --- a/deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md +++ b/deploy-manage/deploy/cloud-on-k8s/configure-validating-webhook.md @@ -27,7 +27,7 @@ Validating webhooks are defined using a `ValidatingWebhookConfiguration` object ## Defaults provided by ECK [k8s-webhook-defaults] -When using the default `operator.yaml` manifest, ECK is installed with a `ValidatingWebhookConfiguration` configured as follows: +When installing ECK using the [`operator.yaml` manifest](install-using-yaml-manifest-quickstart.md) or the [Helm chart](install-using-helm-chart.md) with default settings, ECK is installed with a `ValidatingWebhookConfiguration` configured as follows: * Validate all known Elastic custom resources ({{eck_resources_list}}) on create and update. * The operator itself is the webhook server — which is exposed through a service named `elastic-webhook-server` in the `elastic-system` namespace. @@ -45,13 +45,16 @@ You can customize almost all aspects of the webhook setup by changing the [opera | Configuration option | Default value | Description | | --- | --- | --- | -| `enable-webhook` | false | This must be set to `true` to enable the webhook server. | +| `enable-webhook` | false | Set to `true` to enable the webhook server. | | `manage-webhook-certs` | true | Set to `false` to disable auto-generating the certificate for the webhook. If disabled, you must provide your own certificates using one of the methods described later in this document. | | `webhook-cert-dir` | /tmp/k8s-webhook-server/serving-certs | Path to mount the certificate. | | `webhook-name` | elastic-webhook.k8s.elastic.co | Name of the `ValidatingWebhookConfiguration` resource. | | `webhook-secret` | elastic-webhook-server-cert | Name of the secret containing the certificate for the webhook server. | | `webhook-port` | 9443 | Port to listen for incoming validation requests. | +:::::{note} +Although the `enable-webhook` flag default is `false`, the default ECK installation manifests and Helm chart set it to `true`. +::::: ### Using your own certificates [k8s-webhook-existing-certs]