diff --git a/build/Dockerfile b/build/Dockerfile
index 9ce19f01..91fe948d 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -20,4 +20,4 @@ ADD . /usr/src/net-attach-def-admission-controller
 RUN cd /usr/src/net-attach-def-admission-controller && \
     ./hack/build.sh
 
-CMD ["./bin/webhook"]
+CMD ["/usr/src/net-attach-def-admission-controller/bin/webhook"]
diff --git a/deployments/deployment.yaml b/deployments/deployment.yaml
index f258ad26..4c40133c 100644
--- a/deployments/deployment.yaml
+++ b/deployments/deployment.yaml
@@ -30,7 +30,7 @@ spec:
       - name: net-attach-def-admission-controller
         image: ghcr.io/k8snetworkplumbingwg/net-attach-def-admission-controller:snapshot
         command:
-        - ./bin/webhook
+        - /usr/src/net-attach-def-admission-controller/bin/webhook
         args:
         - -bind-address=0.0.0.0
         - -port=443
@@ -59,7 +59,7 @@ spec:
                 fieldPath: status.podIP
         ports:
           - containerPort: 8443
-            hostPort: 8443
+            protocol: TCP
             name: https
         resources:
           requests:
diff --git a/deployments/webhook-isolate.yaml b/deployments/webhook-isolate.yaml
new file mode 100644
index 00000000..906329b9
--- /dev/null
+++ b/deployments/webhook-isolate.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: net-attach-def-admission-controller-isolating-config
+webhooks:
+  - name: net-attach-def-admission-controller-isolating-config.k8s.io
+    clientConfig:
+      service:
+        name: net-attach-def-admission-controller-service
+        namespace: ${NAMESPACE}
+        path: "/isolate"
+      caBundle: ${CA_BUNDLE}
+    admissionReviewVersions: ['v1']
+    sideEffects: None
+    rules:
+      - operations: [ "CREATE" ]
+        apiGroups: ["apps", ""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
diff --git a/deployments/webhook.yaml b/deployments/webhook-validate.yaml
similarity index 51%
rename from deployments/webhook.yaml
rename to deployments/webhook-validate.yaml
index 929c945f..1ac42a14 100644
--- a/deployments/webhook.yaml
+++ b/deployments/webhook-validate.yaml
@@ -1,26 +1,6 @@
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
-metadata:
-  name: net-attach-def-admission-controller-isolating-config
-webhooks:
-  - name: net-attach-def-admission-controller-isolating-config.k8s.io
-    clientConfig:
-      service:
-        name: net-attach-def-admission-controller-service
-        namespace: ${NAMESPACE}
-        path: "/isolate"
-      caBundle: ${CA_BUNDLE}
-    admissionReviewVersions: ['v1']
-    sideEffects: None
-    rules:
-      - operations: [ "CREATE" ]
-        apiGroups: ["apps", ""]
-        apiVersions: ["v1"]
-        resources: ["pods"]
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
 metadata:
   name: net-attach-def-admission-controller-validating-config
 webhooks:
diff --git a/hack/delete-deployment.sh b/hack/delete-deployment.sh
index e2adc3d7..987c5de9 100755
--- a/hack/delete-deployment.sh
+++ b/hack/delete-deployment.sh
@@ -35,7 +35,12 @@ done
 
 kubectl -n ${NAMESPACE} delete -f ${BASE_DIR}/deployments/service.yaml
 
-cat ${BASE_DIR}/deployments/webhook.yaml | \
+cat ${BASE_DIR}/deployments/webhook-validate.yaml | \
+	${BASE_DIR}/hack/webhook-patch-ca-bundle.sh | \
+    sed -e "s|\${NAMESPACE}|${NAMESPACE}|g" | \
+	kubectl -n ${NAMESPACE} delete -f -
+
+cat ${BASE_DIR}/deployments/webhook-isolate.yaml | \
 	${BASE_DIR}/hack/webhook-patch-ca-bundle.sh | \
     sed -e "s|\${NAMESPACE}|${NAMESPACE}|g" | \
 	kubectl -n ${NAMESPACE} delete -f -
diff --git a/hack/webhook-deployment.sh b/hack/webhook-deployment.sh
index 7a332b8e..2dbbe9c6 100755
--- a/hack/webhook-deployment.sh
+++ b/hack/webhook-deployment.sh
@@ -9,6 +9,7 @@ NAMESPACE="kube-system"
 PROMETHEUS_NAMESPACE="monitoring"
 OPERATOR_NAMESPACE="operators"
 INSTALL_SELF_SIGNED_CERT=true
+ENABLE_ISOLATE_WEBHOOK=false
 
 # Give help text for parameters.
 function usage()
@@ -17,6 +18,7 @@ function usage()
     echo -e "\t-h --help"
     echo -e "\t--install-self-signed-cert=${INSTALL_SELF_SIGNED_CERT}"
     echo -e "\t--namespace=${NAMESPACE}"
+    echo -e "\t--enable-isolate-webhook"
 }
 # Parse parameters given as arguments to this script.
 while [ "$1" != "" ]; do
@@ -30,6 +32,9 @@ while [ "$1" != "" ]; do
         --install-self-signed-cert)
             INSTALL_SELF_SIGNED_CERT=$VALUE
             ;;
+        --enable-isolate-webhook)
+            ENABLE_ISOLATE_WEBHOOK=true
+	    ;;
         --namespace)
             NAMESPACE=$VALUE
             ;;
@@ -51,11 +56,20 @@ kubectl -n ${NAMESPACE} create -f ${BASE_DIR}/deployments/deployment.yaml
 
 kubectl -n ${NAMESPACE} create -f ${BASE_DIR}/deployments/service.yaml
 export NAMESPACE
-cat ${BASE_DIR}/deployments/webhook.yaml | \
+# install validate webhook
+cat ${BASE_DIR}/deployments/webhook-validate.yaml | \
 	${BASE_DIR}/hack/webhook-patch-ca-bundle.sh | \
 	sed -e "s|\${NAMESPACE}|${NAMESPACE}|g" | \
 	kubectl -n ${NAMESPACE} create -f -
 
+# install isolate webhook
+if [ "${ENABLE_ISOLATE_WEBHOOK}" == true ]; then
+	cat ${BASE_DIR}/deployments/webhook-isolate.yaml | \
+		${BASE_DIR}/hack/webhook-patch-ca-bundle.sh | \
+		sed -e "s|\${NAMESPACE}|${NAMESPACE}|g" | \
+		kubectl -n ${NAMESPACE} create -f -
+fi
+
 
 sleep 5
 if [[ "$(kubectl get pod -l k8s-app=prometheus-operator -n ${OPERATOR_NAMESPACE} | grep -o prometheus-operator)" == "prometheus-operator" ]]; then