# Headless service for Vault server DNS entries. This service should only
# point to Vault servers. For access to an agent, one should assume that
# the agent is installed locally on the node and the NODE_IP should be used.
# If the node can't run a Vault agent, then this service can be used to
# communicate directly to a server agent.
{{- if eq (.Values.ui.enabled | toString) "true" }}
apiVersion: v1
kind: Service
metadata:
  name: {{ template "vault.fullname" . }}-ui
  labels:
    helm.sh/chart: {{ include "vault.chart" . }}
    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    app.kubernetes.io/version: {{ .Chart.Version | quote }}
spec:
  selector:
    app: {{ template "vault.name" . }}
    release: "{{ .Release.Name }}"
    component: server
  ports:
    - name: http
      port: 80
      targetPort: 8200
  type: {{ .Values.ui.serviceType | default "ClusterIP" }}
{{- end -}}