diff --git a/.github/ci/ct.yaml b/.github/ci/ct.yaml
new file mode 100644
index 000000000..e5206d409
--- /dev/null
+++ b/.github/ci/ct.yaml
@@ -0,0 +1,5 @@
+chart-dirs:
+  - deploy/charts
+helm-extra-args: "--timeout=5m"
+check-version-increment: false
+target-branch: main
diff --git a/.github/workflows/all.yml b/.github/workflows/all.yml
index c09d531ca..67bb8cd97 100644
--- a/.github/workflows/all.yml
+++ b/.github/workflows/all.yml
@@ -7,8 +7,12 @@ on:
       - '*/*'       # matches every branch containing a single '/'
       - '**'        # matches every branch
       - '!main'     # excludes main
+    paths-ignore:
+      - 'deploy/**'
   pull_request:
     branches: [ '!main' ]
+    paths-ignore:
+      - 'deploy/**'
 
 env:
   KUBEBUILDER_VERSION: 2.3.1
diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml
new file mode 100644
index 000000000..d50b78414
--- /dev/null
+++ b/.github/workflows/helm.yml
@@ -0,0 +1,55 @@
+name: Helm
+
+on:
+  push:
+    tags:
+      - '*'
+    paths:
+      - 'deploy/charts/**'
+  pull_request:
+    branches: main
+    paths:
+      - 'deploy/charts/**'
+
+jobs:
+  lint-and-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Generate chart
+        run: |
+          make crds-to-chart
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.4.2
+
+      - uses: actions/setup-python@v2
+        with:
+          python-version: 3.7
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.0.1
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --config=.github/ci/ct.yaml)
+          if [[ -n "$changed" ]]; then
+            echo "::set-output name=changed::true"
+          fi
+
+      - name: Run chart-testing (lint)
+        run: ct lint --config=.github/ci/ct.yaml
+
+      - name: Create kind cluster
+        uses: helm/kind-action@v1.1.0
+        if: steps.list-changed.outputs.changed == 'true'
+
+      - name: Run chart-testing (install)
+        run: ct install --config=.github/ci/ct.yaml
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 41fac71ca..2df33648b 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -5,8 +5,12 @@ on:
     branches: [ main ]
     tags:
       - '*'
+    paths-ignore:
+      - 'deploy/**'
   pull_request:
     branches: [ main ]
+    paths-ignore:
+      - 'deploy/**'
 
 env:
   KUBEBUILDER_VERSION: 2.3.1
diff --git a/.gitignore b/.gitignore
index eb7ef50af..d967a5893 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,3 +24,5 @@ bin
 
 # Code test output
 cover.out
+
+deploy/charts/external-secrets/templates/crds/*.yaml
diff --git a/Makefile b/Makefile
index 403b86e98..d4c554cff 100644
--- a/Makefile
+++ b/Makefile
@@ -7,6 +7,8 @@ SHELL         := /bin/bash
 IMG ?= controller:latest
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
 CRD_OPTIONS ?= "crd:trivialVersions=true"
+HELM_DIR    ?= deploy/charts/external-secrets
+CRD_DIR     ?= config/crd/bases
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -43,7 +45,13 @@ deploy: manifests ## Deploy controller in the Kubernetes cluster of current cont
 	kustomize build config/default | kubectl apply -f -
 
 manifests: controller-gen ## Generate manifests e.g. CRD, RBAC etc.
-	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=$(CRD_DIR)
+# Remove extra header lines in generated CRDs
+	@for i in $(CRD_DIR)/*.yaml; do \
+  		tail -n +3 <"$$i" >"$$i.bkp" && \
+  		cp "$$i.bkp" "$$i" && \
+  		rm "$$i.bkp"; \
+  	done
 
 lint/check: # Check install of golanci-lint
 	@if ! golangci-lint --version > /dev/null 2>&1; then \
@@ -77,6 +85,22 @@ docker-build: test ## Build the docker image
 docker-push: ## Push the docker image
 	docker push ${IMG}
 
+helm-docs: ## Generate helm docs
+	cd $(HELM_DIR); \
+	docker run --rm -v $(shell pwd)/$(HELM_DIR):/helm-docs -u $(shell id -u) jnorwood/helm-docs:latest
+
+crds-to-chart: # Copy crds to helm chart directory
+	cp $(CRD_DIR)/*.yaml $(HELM_DIR)/templates/crds/
+# Add helm chart if statement for installing CRDs
+	@for i in $(HELM_DIR)/templates/crds/*.yaml; do \
+		cp "$$i" "$$i.bkp" && \
+		echo "{{- if .Values.installCRDs }}" > "$$i" && \
+		cat "$$i.bkp" >> "$$i" && \
+		echo "{{- end }}" >> "$$i" && \
+		rm "$$i.bkp"; \
+	done
+
+
 # find or download controller-gen
 # download controller-gen if necessary
 controller-gen:
diff --git a/main.go b/main.go
index f52a49e2e..8a5b97a14 100644
--- a/main.go
+++ b/main.go
@@ -25,8 +25,9 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
 	// +kubebuilder:scaffold:imports
-	externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
-	"github.com/external-secrets/external-secrets/controllers"
+	esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
+	"github.com/external-secrets/external-secrets/pkg/controllers/externalsecret"
+	"github.com/external-secrets/external-secrets/pkg/controllers/secretstore"
 )
 
 var (
@@ -37,7 +38,7 @@ var (
 func init() {
 	_ = clientgoscheme.AddToScheme(scheme)
 
-	_ = externalsecretsv1alpha1.AddToScheme(scheme)
+	_ = esv1alpha1.AddToScheme(scheme)
 	// +kubebuilder:scaffold:scheme
 }
 
@@ -57,14 +58,14 @@ func main() {
 		MetricsBindAddress: metricsAddr,
 		Port:               9443,
 		LeaderElection:     enableLeaderElection,
-		LeaderElectionID:   "1fc40399.io",
+		LeaderElectionID:   "external-secrets-controller",
 	})
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")
 		os.Exit(1)
 	}
 
-	if err = (&controllers.SecretStoreReconciler{
+	if err = (&secretstore.Reconciler{
 		Client: mgr.GetClient(),
 		Log:    ctrl.Log.WithName("controllers").WithName("SecretStore"),
 		Scheme: mgr.GetScheme(),
@@ -72,7 +73,7 @@ func main() {
 		setupLog.Error(err, "unable to create controller", "controller", "SecretStore")
 		os.Exit(1)
 	}
-	if err = (&controllers.ExternalSecretReconciler{
+	if err = (&externalsecret.Reconciler{
 		Client: mgr.GetClient(),
 		Log:    ctrl.Log.WithName("controllers").WithName("ExternalSecret"),
 		Scheme: mgr.GetScheme(),
diff --git a/pkg/controllers/externalsecret/externalsecret_controller.go b/pkg/controllers/externalsecret/externalsecret_controller.go
index 9c2dc2ad6..5bc5fcfc1 100644
--- a/pkg/controllers/externalsecret/externalsecret_controller.go
+++ b/pkg/controllers/externalsecret/externalsecret_controller.go
@@ -30,7 +30,7 @@ import (
 
 	esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
 	"github.com/external-secrets/external-secrets/pkg/provider"
-	utils "github.com/external-secrets/external-secrets/pkg/utils"
+	"github.com/external-secrets/external-secrets/pkg/utils"
 
 	// Loading registered providers.
 	_ "github.com/external-secrets/external-secrets/pkg/provider/register"