diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go
index c54a1480b1..20d4491021 100755
--- a/cmd/kyverno/main.go
+++ b/cmd/kyverno/main.go
@@ -148,8 +148,7 @@ func main() {
 		debug,
 		log.Log)
 
-	// Resource Mutating Webhook Watcher
-	webhookMonitor := webhookconfig.NewMonitor(rCache, log.Log.WithName("WebhookMonitor"))
+	webhookMonitor := webhookconfig.NewMonitor(kubeInformer.Core().V1().Secrets(), log.Log.WithName("WebhookMonitor"))
 
 	// KYVERNO CRD INFORMER
 	// watches CRD resources:
diff --git a/pkg/resourcecache/main.go b/pkg/resourcecache/main.go
index f8cc3c5f1b..d4879e8298 100644
--- a/pkg/resourcecache/main.go
+++ b/pkg/resourcecache/main.go
@@ -33,7 +33,7 @@ type resourceCache struct {
 	log logr.Logger
 }
 
-var KyvernoDefaultInformer = []string{"ConfigMap", "Secret", "Deployment", "MutatingWebhookConfiguration", "ValidatingWebhookConfiguration"}
+var KyvernoDefaultInformer = []string{"ConfigMap", "Deployment", "MutatingWebhookConfiguration", "ValidatingWebhookConfiguration"}
 
 // NewResourceCache - initializes the ResourceCache
 func NewResourceCache(dclient *dclient.Client, dInformer dynamicinformer.DynamicSharedInformerFactory, logger logr.Logger) (ResourceCache, error) {
diff --git a/pkg/tls/certRenewer.go b/pkg/tls/certRenewer.go
index f4cb20581c..28ef0aca16 100644
--- a/pkg/tls/certRenewer.go
+++ b/pkg/tls/certRenewer.go
@@ -65,7 +65,7 @@ func (c *CertRenewer) InitTLSPemPair(serverIP string) (*PemPair, error) {
 			logger.Info("using existing TLS key/certificate pair")
 			return tlsPair, nil
 		}
-	} else {
+	} else if err != nil {
 		logger.V(3).Info("unable to find TLS pair", "reason", err.Error())
 	}
 
diff --git a/pkg/tls/reader.go b/pkg/tls/reader.go
index 4ddebc9a29..05ddeccc85 100644
--- a/pkg/tls/reader.go
+++ b/pkg/tls/reader.go
@@ -13,6 +13,8 @@ import (
 	"k8s.io/client-go/rest"
 )
 
+var ErrorsNotFound = "root CA certificate not found"
+
 // ReadRootCASecret returns the RootCA from the pre-defined secret
 func ReadRootCASecret(restConfig *rest.Config, client *client.Client) (result []byte, err error) {
 	certProps, err := GetTLSCertProps(restConfig)
@@ -33,7 +35,7 @@ func ReadRootCASecret(restConfig *rest.Config, client *client.Client) (result []
 
 	result = tlsca.Data[RootCAKey]
 	if len(result) == 0 {
-		return nil, errors.Errorf("root CA certificate not found in secret %s/%s", certProps.Namespace, tlsca.Name)
+		return nil, errors.Errorf("%s in secret %s/%s", ErrorsNotFound, certProps.Namespace, tlsca.Name)
 	}
 
 	return result, nil
diff --git a/pkg/webhookconfig/monitor.go b/pkg/webhookconfig/monitor.go
index b39ecbe963..203683c1d1 100644
--- a/pkg/webhookconfig/monitor.go
+++ b/pkg/webhookconfig/monitor.go
@@ -4,15 +4,16 @@ import (
 	"fmt"
 	"os"
 	"reflect"
+	"strings"
 	"sync"
 	"time"
 
 	"github.com/go-logr/logr"
 	"github.com/kyverno/kyverno/pkg/config"
 	"github.com/kyverno/kyverno/pkg/event"
-	"github.com/kyverno/kyverno/pkg/resourcecache"
 	"github.com/kyverno/kyverno/pkg/tls"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	v1 "k8s.io/api/core/v1"
+	informerv1 "k8s.io/client-go/informers/core/v1"
 	"k8s.io/client-go/tools/cache"
 )
 
@@ -41,22 +42,14 @@ type Monitor struct {
 }
 
 //NewMonitor returns a new instance of webhook monitor
-func NewMonitor(resCache resourcecache.ResourceCache, log logr.Logger) *Monitor {
+func NewMonitor(nsInformer informerv1.SecretInformer, log logr.Logger) *Monitor {
 	monitor := &Monitor{
 		t:           time.Now(),
 		secretQueue: make(chan bool, 1),
 		log:         log,
 	}
 
-	var err error
-	secretCache, ok := resCache.GetGVRCache("Secret")
-	if !ok {
-		if secretCache, err = resCache.CreateGVKInformer("Secret"); err != nil {
-			log.Error(err, "unable to start Secret's informer")
-		}
-	}
-
-	secretCache.GetInformer().AddEventHandler(cache.ResourceEventHandlerFuncs{
+	nsInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
 		AddFunc:    monitor.addSecretFunc,
 		UpdateFunc: monitor.updateSecretFunc,
 	})
@@ -80,7 +73,7 @@ func (t *Monitor) SetTime(tm time.Time) {
 }
 
 func (t *Monitor) addSecretFunc(obj interface{}) {
-	secret := obj.(*unstructured.Unstructured)
+	secret := obj.(*v1.Secret)
 	if secret.GetNamespace() != config.KyvernoNamespace {
 		return
 	}
@@ -94,8 +87,8 @@ func (t *Monitor) addSecretFunc(obj interface{}) {
 }
 
 func (t *Monitor) updateSecretFunc(oldObj interface{}, newObj interface{}) {
-	old := oldObj.(*unstructured.Unstructured)
-	new := newObj.(*unstructured.Unstructured)
+	old := oldObj.(*v1.Secret)
+	new := newObj.(*v1.Secret)
 	if new.GetNamespace() != config.KyvernoNamespace {
 		return
 	}
@@ -105,7 +98,7 @@ func (t *Monitor) updateSecretFunc(oldObj interface{}, newObj interface{}) {
 		return
 	}
 
-	if reflect.DeepEqual(old.UnstructuredContent()["data"], new.UnstructuredContent()["data"]) {
+	if reflect.DeepEqual(old.DeepCopy().Data, new.DeepCopy().Data) {
 		return
 	}
 
@@ -182,7 +175,10 @@ func (t *Monitor) Run(register *Register, certRenewer *tls.CertRenewer, eventGen
 			valid, err := certRenewer.ValidCert()
 			if err != nil {
 				logger.Error(err, "failed to validate cert")
-				continue
+
+				if !strings.Contains(err.Error(), tls.ErrorsNotFound) {
+					continue
+				}
 			}
 
 			if valid {
@@ -199,7 +195,10 @@ func (t *Monitor) Run(register *Register, certRenewer *tls.CertRenewer, eventGen
 			valid, err := certRenewer.ValidCert()
 			if err != nil {
 				logger.Error(err, "failed to validate cert")
-				continue
+
+				if !strings.Contains(err.Error(), tls.ErrorsNotFound) {
+					continue
+				}
 			}
 
 			if valid {