diff --git a/go.mod b/go.mod
index cc569b4c9..6e1b635f7 100644
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/onsi/gomega v1.10.5
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.7.1
-	github.com/qinqon/kube-admission-webhook v0.17.0
+	github.com/qinqon/kube-admission-webhook v0.18.0
 	gomodules.xyz/jsonpatch/v2 v2.1.0
 	k8s.io/api v0.20.2
 	k8s.io/apimachinery v0.20.2
diff --git a/go.sum b/go.sum
index 534e3837b..e6d6df297 100644
--- a/go.sum
+++ b/go.sum
@@ -688,8 +688,8 @@ github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O
 github.com/prometheus/prometheus v2.3.2+incompatible/go.mod h1:oAIUtOny2rjMX0OWN5vPR5/q/twIROJvdqnQKDdil/s=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/prometheus/tsdb v0.8.0/go.mod h1:fSI0j+IUQrDd7+ZtR9WKIGtoYAYAJUKcKhYLG25tN4g=
-github.com/qinqon/kube-admission-webhook v0.17.0 h1:JeJ3mlFLoSdjT6NfNc8bLp4xDiBEgg51vgmyz0PSq/M=
-github.com/qinqon/kube-admission-webhook v0.17.0/go.mod h1:eYJw+S+JSprEMLzGNmE0GFIlSrBQw0lAVES/ZjgM2FI=
+github.com/qinqon/kube-admission-webhook v0.18.0 h1:gv2OGWN8OPYjBAFOH0FGzUnhIgXG5+p4chBI/yDKOAw=
+github.com/qinqon/kube-admission-webhook v0.18.0/go.mod h1:eYJw+S+JSprEMLzGNmE0GFIlSrBQw0lAVES/ZjgM2FI=
 github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
 github.com/robfig/cron v1.2.0/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
diff --git a/vendor/github.com/qinqon/kube-admission-webhook/pkg/certificate/controller.go b/vendor/github.com/qinqon/kube-admission-webhook/pkg/certificate/controller.go
index 9f7d92568..218a66630 100644
--- a/vendor/github.com/qinqon/kube-admission-webhook/pkg/certificate/controller.go
+++ b/vendor/github.com/qinqon/kube-admission-webhook/pkg/certificate/controller.go
@@ -43,19 +43,48 @@ func (m *Manager) add(mgr manager.Manager, r reconcile.Reconciler) error {
 		return object.GetName() == m.webhookName
 	}
 
+	isCASecret := func(object client.Object) bool {
+		return object.GetName() == m.caSecretKey().Name
+	}
+
+	isServiceSecret := func(object client.Object) bool {
+		webhookConf, err := m.readyWebhookConfiguration()
+		if err != nil {
+			m.log.Info(fmt.Sprintf("failed checking if it's a generated secret: failed getting webhook configuration: %v", err))
+			return false
+		}
+
+		services, err := m.getServicesFromConfiguration(webhookConf)
+		if err != nil {
+			m.log.Info(fmt.Sprintf("failed checking if it's a generated secret: failed getting webhook configuration services: %v", err))
+			return false
+		}
+
+		for service, _ := range services {
+			if object.GetName() == service.Name {
+				return true
+			}
+		}
+		return false
+	}
+
+	isGeneratedSecret := func(object client.Object) bool {
+		return isCASecret(object) || isServiceSecret(object)
+	}
+
 	// Watch only events for selected m.webhookName
 	onEventForThisWebhook := predicate.Funcs{
 		CreateFunc: func(createEvent event.CreateEvent) bool {
-			return isWebhookConfig(createEvent.Object) || isAnnotatedResource(createEvent.Object)
+			return isWebhookConfig(createEvent.Object) || (isAnnotatedResource(createEvent.Object) && isGeneratedSecret(createEvent.Object))
 		},
 		DeleteFunc: func(deleteEvent event.DeleteEvent) bool {
-			return isAnnotatedResource(deleteEvent.Object)
+			return isAnnotatedResource(deleteEvent.Object) && isGeneratedSecret(deleteEvent.Object)
 		},
 		UpdateFunc: func(updateEvent event.UpdateEvent) bool {
-			return isWebhookConfig(updateEvent.ObjectOld) || isAnnotatedResource(updateEvent.ObjectOld)
+			return isWebhookConfig(updateEvent.ObjectOld) || (isAnnotatedResource(updateEvent.ObjectOld) && isGeneratedSecret(updateEvent.ObjectOld))
 		},
 		GenericFunc: func(genericEvent event.GenericEvent) bool {
-			return isWebhookConfig(genericEvent.Object) || isAnnotatedResource(genericEvent.Object)
+			return isWebhookConfig(genericEvent.Object) || (isAnnotatedResource(genericEvent.Object) && isGeneratedSecret(genericEvent.Object))
 		},
 	}
 
diff --git a/vendor/modules.txt b/vendor/modules.txt
index b6024fd28..28e808165 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -162,7 +162,7 @@ github.com/prometheus/common/model
 github.com/prometheus/procfs
 github.com/prometheus/procfs/internal/fs
 github.com/prometheus/procfs/internal/util
-# github.com/qinqon/kube-admission-webhook v0.17.0
+# github.com/qinqon/kube-admission-webhook v0.18.0
 ## explicit
 github.com/qinqon/kube-admission-webhook/pkg/certificate
 github.com/qinqon/kube-admission-webhook/pkg/certificate/triple