Exernal Secrets comes with three components:
This is due to the need to implement conversion webhooks in order to convert custom resources between api versions and
to provide a ValidatingWebhook for the
These features are optional but highly recommended. You can disable them with helm chart values
Cert-controller is responsible for (1) generating TLS credentials which will be used by the webhook component and (2) injecting the certificate as
Kind=CustomResourceDefinition for conversion webhooks and
Kind=ValidatingWebhookConfiguration for validating admission webhook. The TLS credentials are stored in a
Kind=Secret which is consumed by the webhook.