From 2761fef42da81d8c37f478815e32e2b0af1fab20 Mon Sep 17 00:00:00 2001
From: Zadkiel Aharonian <hello@zadkiel.fr>
Date: Tue, 2 Apr 2024 11:31:03 +0200
Subject: [PATCH 1/4] fix: disable handling update on pods

---
 deploy/injector-mutating-webhook.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/deploy/injector-mutating-webhook.yaml b/deploy/injector-mutating-webhook.yaml
index e5de99fd..9d9b2a59 100644
--- a/deploy/injector-mutating-webhook.yaml
+++ b/deploy/injector-mutating-webhook.yaml
@@ -22,10 +22,14 @@ webhooks:
         namespace: "vault"
       caBundle: ""
     rules:
+      - operations: ["CREATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
       - operations: ["CREATE", "UPDATE"]
         apiGroups: [""]
         apiVersions: ["v1"]
-        resources: ["deployments", "jobs", "pods", "statefulsets"]
+        resources: ["deployments", "jobs", "statefulsets"]
     namespaceSelector: {}
     objectSelector:
       matchExpressions:

From 0f47c020ae22497655437855d6796539f8e90740 Mon Sep 17 00:00:00 2001
From: Zadkiel AHARONIAN <hello@zadkiel.fr>
Date: Mon, 8 Jul 2024 17:54:11 +0200
Subject: [PATCH 2/4] fix: only mutate CREATE pods events

---
 deploy/injector-mutating-webhook.yaml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/deploy/injector-mutating-webhook.yaml b/deploy/injector-mutating-webhook.yaml
index 9d9b2a59..7289e146 100644
--- a/deploy/injector-mutating-webhook.yaml
+++ b/deploy/injector-mutating-webhook.yaml
@@ -26,10 +26,6 @@ webhooks:
         apiGroups: [""]
         apiVersions: ["v1"]
         resources: ["pods"]
-      - operations: ["CREATE", "UPDATE"]
-        apiGroups: [""]
-        apiVersions: ["v1"]
-        resources: ["deployments", "jobs", "statefulsets"]
     namespaceSelector: {}
     objectSelector:
       matchExpressions:

From 26c061da849c4d9d2418f660e3973d9672ed70ac Mon Sep 17 00:00:00 2001
From: Zadkiel AHARONIAN <hello@zadkiel.fr>
Date: Sat, 13 Jul 2024 12:38:43 +0200
Subject: [PATCH 3/4] fix: add missing scope for webhook rule

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
---
 deploy/injector-mutating-webhook.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/deploy/injector-mutating-webhook.yaml b/deploy/injector-mutating-webhook.yaml
index 7289e146..2e902679 100644
--- a/deploy/injector-mutating-webhook.yaml
+++ b/deploy/injector-mutating-webhook.yaml
@@ -26,6 +26,7 @@ webhooks:
         apiGroups: [""]
         apiVersions: ["v1"]
         resources: ["pods"]
+        scope: "Namespaced"
     namespaceSelector: {}
     objectSelector:
       matchExpressions:

From 098ce506cfc87de2df69b9b3f148caaa9176717a Mon Sep 17 00:00:00 2001
From: Theron Voran <tvoran@users.noreply.github.com>
Date: Tue, 16 Jul 2024 09:48:01 -0700
Subject: [PATCH 4/4] changlog++

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 171543eb..6924b56f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
 ## Unreleased
 
+Bugs:
+* Disable handling update on pods [GH-619](https://github.com/hashicorp/vault-k8s/pull/619)
+
 ## 1.4.2 (July 3, 2024)
 
 Changes: