External Secrets Operator not configured properly by default

I attempt to create a secret store with only Istio + ESO installed and receive this error.

❯ k apply -f iam-role/secret-store.yaml Error from server (InternalError): error when creating "iam-role/secret-store.yaml": Internal error occurred: failed calling webhook "validate.secretstore.external-secrets.io": failed to call webhook: Post "https://external-secrets-external-secrets-webhook.external-secrets.svc:443/validate-external-secrets-io-v1beta1-secretstore?timeout=5s": proxy error from 127.0.0.1:6443 while dialing 10.42.2.6:10250, code 502: 502 Bad Gateway

The error indicates that the Kubernetes API server is unable to communicate with the webhook service provided by the External Secrets Operator.

Thinking network policies need whitelisting for ESO webhook service to connect to the API server.