diff --git a/pkg/auth/cli/webhookcli.go b/pkg/auth/cli/webhookcli.go
index 32e5190..e3d9c4d 100644
--- a/pkg/auth/cli/webhookcli.go
+++ b/pkg/auth/cli/webhookcli.go
@@ -1,6 +1,7 @@
 package cli
 
 import (
+	"k8s.io/client-go/tools/clientcmd"
 	"os"
 	"time"
 
@@ -38,7 +39,12 @@ func (w *WebhookConfig) WebhookMiddleware() (auth.Middleware, error) {
 		config = tempFile
 	}
 
-	return auth.NewWebhookMiddleware(time.Duration(w.CacheTTLSeconds)*time.Second, config)
+	kubeConfig, err := clientcmd.BuildConfigFromFlags("", config)
+	if err != nil {
+		return nil, err
+	}
+
+	return auth.NewWebhookMiddleware(time.Duration(w.CacheTTLSeconds)*time.Second, kubeConfig)
 }
 
 func Flags(config *WebhookConfig) []cli.Flag {
diff --git a/pkg/auth/filter.go b/pkg/auth/filter.go
index bc4cfae..d60ed23 100644
--- a/pkg/auth/filter.go
+++ b/pkg/auth/filter.go
@@ -2,6 +2,7 @@ package auth
 
 import (
 	"io/ioutil"
+	"k8s.io/client-go/rest"
 	"net/http"
 	"strings"
 	"time"
@@ -82,8 +83,8 @@ func WebhookConfigForURL(url string) (string, error) {
 	return tmpFile.Name(), clientcmd.WriteToFile(config, tmpFile.Name())
 }
 
-func NewWebhookAuthenticator(cacheTTL time.Duration, kubeConfigFile string) (Authenticator, error) {
-	wh, err := webhook.New(kubeConfigFile, "v1", nil, WebhookBackoff, nil)
+func NewWebhookAuthenticator(cacheTTL time.Duration, kubeConfig *rest.Config) (Authenticator, error) {
+	wh, err := webhook.New(kubeConfig, "v1", nil, WebhookBackoff)
 	if err != nil {
 		return nil, err
 	}
@@ -99,8 +100,8 @@ func NewWebhookAuthenticator(cacheTTL time.Duration, kubeConfigFile string) (Aut
 	}, nil
 }
 
-func NewWebhookMiddleware(cacheTTL time.Duration, kubeConfigFile string) (Middleware, error) {
-	auth, err := NewWebhookAuthenticator(cacheTTL, kubeConfigFile)
+func NewWebhookMiddleware(cacheTTL time.Duration, kubeConfig *rest.Config) (Middleware, error) {
+	auth, err := NewWebhookAuthenticator(cacheTTL, kubeConfig)
 	if err != nil {
 		return nil, err
 	}