helm-external-secrets/deploy/charts/external-secrets/templates/validatingwebhook.yaml

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: secretstore-validate
  labels:
    external-secrets.io/component: webhook
webhooks:
- name: "validate.secretstore.external-secrets.io"
  rules:
  - apiGroups:   ["external-secrets.io"]
    apiVersions: ["v1beta1"]
    operations:  ["CREATE", "UPDATE", "DELETE"]
    resources:   ["secretstores"]
    scope:       "Namespaced"
  clientConfig:
    service:
      namespace: {{ .Release.Namespace | quote }}
      name: {{ include "external-secrets.fullname" . }}-webhook
      path: /validate-external-secrets-io-v1beta1-secretstore
    # will be set by controller
    caBundle: Cg==
  admissionReviewVersions: ["v1", "v1beta1"]
  sideEffects: None
  timeoutSeconds: 5

- name: "validate.clustersecretstore.external-secrets.io"
  rules:
  - apiGroups:   ["external-secrets.io"]
    apiVersions: ["v1beta1"]
    operations:  ["CREATE", "UPDATE", "DELETE"]
    resources:   ["clustersecretstores"]
    scope:       "Cluster"
  clientConfig:
    service:
      namespace: {{ .Release.Namespace | quote }}
      name: {{ include "external-secrets.fullname" . }}-webhook
      path: /validate-external-secrets-io-v1beta1-clustersecretstore
    caBundle: Cg== # will be set by controller
  admissionReviewVersions: ["v1", "v1beta1"]
  sideEffects: None
  timeoutSeconds: 5