NOTE: this feature is experimental and not highly tested
Controller classes are a property set during the deployment that allows multiple controllers to work in a group of workload. It works by separating which secretStores are going to be attributed to which controller. For the behavior of a single controller, no extra configuration is needed.
Setting up Controller Class
In order to deploy the controller with a specific class, install the helm charts specifying the controller class, and create a
SecretStore with the appropriate
helm install custom-external-secrets external-secrets/external-secrets --set controllerClass=custom
apiVersion: external-secrets.io/v1beta1 kind: SecretStore metadata: name: controller-custom-example spec: #define the controller label to the matching value of the deployment controller: custom #configure provider the same way provider: vault: server: "http://vault.default:8200" path: "secret" version: "v2" auth: kubernetes: mountPath: "kubernetes" role: "demo-role"
ExternalSecret bound to this secret store will be evaluated by the operator with the controllerClass custom.
Note: Any SecretStore without
spec.controllerset will be considered as valid by any operator, regardless of their respective controllerClasses.