helm-external-secrets/deploy/charts/external-secrets/templates/webhook-service.yaml

{{- if and .Values.webhook.create .Values.webhook.service.enabled }}
{{- $shouldRenderStr := include "external-secrets.shouldRenderServiceMonitor" . | trim }}
apiVersion: v1
kind: Service
metadata:
  name: {{ include "external-secrets.fullname" . }}-webhook
  namespace: {{ template "external-secrets.namespace" . }}
  labels:
    {{- include "external-secrets-webhook.labels" . | nindent 4 }}
    external-secrets.io/component: webhook
  {{- include "external-secrets-webhook.annotations" . | nindent 2 }}
spec:
  type: {{ .Values.webhook.service.type }}
  {{- if .Values.service.ipFamilyPolicy }}
  ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }}
  {{- end }}
  {{- if .Values.service.ipFamilies }}
  ipFamilies: {{ .Values.service.ipFamilies | toYaml | nindent 2 }}
  {{- end }}
  {{- with .Values.webhook.service.loadBalancerIP }}
  loadBalancerIP: {{ . }}
  {{- end }}
  ports:
  - port: 443
    targetPort: webhook
    protocol: TCP
    name: webhook
{{- if or .Values.webhook.metrics.service.enabled 
         (and .Values.serviceMonitor.enabled 
              (eq $shouldRenderStr "true")) }}
  - port: {{ .Values.webhook.metrics.service.port }}
    protocol: TCP
    targetPort: metrics
    name: metrics
{{- end }}
  selector:
    {{- include "external-secrets-webhook.selectorLabels" . | nindent 4 }}
{{- end }}