Update main.go

Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com>
Signed-off-by: Max Smythe <max.smythe@gmail.com>

main.go

@@ -117,7 +117,7 @@ var (
 	disabledBuiltins                     = util.NewFlagSet()
 	enableK8sCel                         = flag.Bool("experimental-enable-k8s-native-validation", false, "PROTOTYPE (not stable): enable the validating admission policy driver")
 	externaldataProviderResponseCacheTTL = flag.Duration("external-data-provider-response-cache-ttl", 3*time.Minute, "TTL for the external data provider response cache. Specify the duration in 'h', 'm', or 's' for hours, minutes, or seconds respectively. Defaults to 3 minutes if unspecified. Setting the TTL to 0 disables the cache.")
-	deferToVAP                           = flag.Bool("defer-to-vap", false, "When set, the validation webhook will not evaluate a policy it expects K8s' Validating Admission Policy to enforce. May improve resource usage at the cost of race conditions detecting whether VAP enforcement is in effect.")
+	deferAdmissionToVAP                           = flag.Bool("defer-admission-to-vap", false, "When set to false, Gatekeeper webhook can act as a fallback in case K8s' Validating Admission Policy fails.  When set to true, Gatekeeper validating webhook will not evaluate a policy for an admission request it expects vap to enforce. May improve resource usage at the cost of race conditions detecting whether VAP enforcement is in effect. This does not impact audit results.")
 )
 
 func init() {
@@ -416,7 +416,7 @@ func setupControllers(ctx context.Context, mgr ctrl.Manager, sw *watch.Controlle
 	if *enableK8sCel {
 		// initialize K8sValidation
 		var k8scelArgs []k8scel.Arg
-		if *deferToVAP && constraint.VapEnforcement != constraint.VapFlagNone {
+		if *deferAdmissionToVAP && constraint.VapEnforcement != constraint.VapFlagNone {
 			switch constraint.VapEnforcement {
 			case constraint.VapFlagGatekeeperDefault:
 				k8scelArgs = append(k8scelArgs, k8scel.VAPGenerationDefault(k8scel.VAPDefaultNo))