# Enable Admission Webhook The Admission Webhook can perform before applying the change a validation to see if the secret would get created correct without an exception that the secret is not accessible by Vault-CRD: ``` $ kubectl apply -f dockercfg-error.yml Error from server: error when creating "dockercfg-error.yml": admission webhook "validate.vault.koudingspawn.de" denied the request: Couldn't load secret from vault path blub/docker-hub ``` ### Configure Admission Webhook The Admission Webhook can be applied by editing the deploy/rbac.yaml file. There are multiple lines commented out that configure the server to serve traffic on HTTPS. The initContainer in this block simply converts the tls.crt and tls.key into a keystore. As Vault-CRD is written in Java it has to deal with keystores. The initContainer simply takes over this task to convert the pem encoded cert and key into a valid p12-Format. Additionally there is a Secret called vault-crd-tls, this is an example secret that contains a tls.crt and a tls.key, these are the secrets used for serving HTTPS and receive Admission Webhook Requests form the APIServer. You can simply replace them with self signed certificates. The certificates must be valid for the service defined in "deploy/admission-webhook.yaml". By default this is vault-crd, so it should be valid for: * vault-crd.vault-crd * vault-crd.vault-crd.svc In case you have another name for the service you should name it with \.\ and \.\.svc. Afterwards please manipulate also the deploy/admission-webhook.yaml file. There replace the caBundle with the ca certificate to allow the APIServer to validate if the certificate is valid. In case you don't have a certificate chain you can also set here the certificate file as caBundle value. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://vault.koudingspawn.de/install-vault-crd/enable-admission-webhook.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.