a sidecar container is a container that you deploy alongside your application containers to assist the application in some way
The webhook is exactly what is sounds like: an HTTP endpoint that implements an API defined by Kubernetes
- The deployment.yaml runs our container which serves the hook API via https and returns the JSON Patch to mutate the object
- The service.yaml gives our container an endpoint: webhook-service.default.svc
- The hook.yaml tells the API server where to find us https://webhook-service.default.svc/mutate