Exposing Webhook does not work without further adjustments

[GerDner]

Describe the bug
The documentation for exposing the ArgoCD Image Updater webhook does not mention that a NetworkPolicy is created by default which restricts ingress traffic to port 8443 and only from namespaces with the label metrics=enabled. This causes attempts to reach the webhook on the service port (e.g., 8080) to timeout, even when the Service and Ingress are correctly configured.

To Reproduce
Steps to reproduce the behavior:

1. Install ArgoCD Image Updater in a Kubernetes cluster.
2. Expose the webhook using the default Service.
3. Attempt to reach the webhook via the ClusterIP service on port 8080 (e.g., curl http://<service-ip>:8080/webhook) or via Ingress.
4. Observe that the request times out.

Expected behavior
The documentation should mention that a NetworkPolicy exists and that it may need to be modified to allow ingress on the webhook port (8080) from the desired sources. Users should be able to access the webhook service without unexpected timeouts.

Additional context
The NetworkPolicy that causes this is:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-metrics-traffic
  namespace: argocd
spec:
  podSelector:
    matchLabels:
      control-plane: argocd-image-updater-controller
  policyTypes:
    - Ingress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              metrics: enabled
      ports:
        - port: 8443
          protocol: TCP

This policy blocks access to port 8080, which is used by the webhook.

I'm not a pro in NetworkPolicies but after adjusting the rules it startet working. Without only Port-Forwarding works. Ingress does not.