Skip to content

Support referencing existing webhook TLS Secret by name #4464

New issue
New issue
Open
Open
Support referencing existing webhook TLS Secret by name#4464
Labels
kind/featureCategorizes issue or PR as related to a new feature.
@alita1991

Description

@alita1991
alita1991
opened on Nov 24, 2025

Describe the feature you are requesting

Allow the AWS Load Balancer Controller webhook to consume an existing Kubernetes TLS Secret by name directly, without requiring to read or embed the certificate contents (ca.crt, tls.crt, tls.key) from values or via template lookups.

Motivation

  • The current approach works only when Helm has direct access to the cluster during render time.
  • In GitOps-managed environments (e.g., ArgoCD), the lookup function fails silently because ArgoCD does not execute live cluster lookups.
  • This prevents the webhook from mounting or referencing an existing TLS secret, breaking automated and declarative deployments.
webhookTLS:
  caCert:
  cert:
  key:

Describe the proposed solution you'd like

webhookTLS:
  existingSecretName: my-webhook-tls

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/featureCategorizes issue or PR as related to a new feature.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions