Allow MutatingWebhookConfiguration to be deployed separately

[howardburgess]

What would you like to be added:
Currently the webhook configuration is created/reconciled by imageswap-init from the template in the imageswap-mwc ConfigMap. It would be useful if we could deploy this resource separately to allow its lifecycle to be managed by an external tool (in our case, Pulumi).

We have imported all resources from deploy/install.yaml into Pulumi, but when we use Pulumi to undeploy ImageSwap, the MutatingWebhookConfiguration remains, meaning that pods are denied by default since the controller is not there.

It would be great if ImageSwap could detect whether there is an existing webhook configuration present (which it does already), but have some mechanism to say "use it as-is; do not reconcile it".

Why is this needed:
We are onboarding ImageSwap and this is of a particular problem in our CI clusters where we apply Pulumi from a branch and then revert to the main branch afterwards, ready for the next branch build which may not install ImageSwap. It means pods from future runs are not admitted until we manually delete the webhook configuration.

[phenixblue]

Ok, I think I understand the issue. I think we can probably add a label/annotation for the MWC that, if present, the init container will skip generation of the MWC.

[phenixblue]

Thinking I'll make this a simple ENV Var rather than a label/annotation. It fits the pattern with other similar behavior after looking back at the code. PR is WIP, but should be done soon.

I have a few more enhancements that I may wait to merge before cutting a release that includes this, but keep an eye out for v1.5.1.

[howardburgess]

Thanks @phenixblue that makes sense for consistency. Much appreciated, and although we will look forward to the release, there's no rush to cut it ASAP; wait for the right time.