diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml
index b38001b..6b08a68 100644
--- a/.github/workflows/helm.yaml
+++ b/.github/workflows/helm.yaml
@@ -48,8 +48,8 @@ jobs:
         uses: helm/kind-action@v1.2.0
         if: steps.list-changed.outputs.changed == 'true'
 
-      - name: Apply cert-manager CRDs
-        run: kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.crds.yaml
+      - name: Apply cert-manager
+        run: kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.yaml
 
       - name: Run chart-testing (install)
         run: ct install --config ct.yaml
diff --git a/charts/accurate/Chart.lock b/charts/accurate/Chart.lock
deleted file mode 100644
index 2460222..0000000
--- a/charts/accurate/Chart.lock
+++ /dev/null
@@ -1,6 +0,0 @@
-dependencies:
-- name: cert-manager
-  repository: https://charts.jetstack.io
-  version: v1.5.1
-digest: sha256:d00aee7a3873a9ced5b1212b4a904c54629112b1fdc59baab00899d39a885593
-generated: "2021-08-18T12:07:14.637063+09:00"
diff --git a/charts/accurate/Chart.yaml b/charts/accurate/Chart.yaml
index 134d4a2..f726041 100644
--- a/charts/accurate/Chart.yaml
+++ b/charts/accurate/Chart.yaml
@@ -22,9 +22,3 @@ version: 0.1.0
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: 0.1.0
-
-dependencies:
-  - name: cert-manager
-    repository: https://charts.jetstack.io
-    version: 1.5.1
-    condition: cert-manager.enabled
diff --git a/charts/accurate/README.md b/charts/accurate/README.md
index 5365b49..4bb6d15 100644
--- a/charts/accurate/README.md
+++ b/charts/accurate/README.md
@@ -55,11 +55,11 @@ helm install --create-namespace --namespace accurate accurate accurate/accurate
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| cert-manager.enabled | bool | `false` | Install cert-manager together. |
 | controller.additionalRBAC.rules | list | `[]` | Specify the RBAC rules to be added to the controller. ClusterRole and ClusterRoleBinding are created with the names `{{ release name }}-additional-resources`. The rules defined here will be used for the ClusterRole rules. |
 | controller.config.annotationKeys | list | `[]` | Annotations to be propagated to sub-namespaces. It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func. |
 | controller.config.labelKeys | list | `[]` | Labels to be propagated to sub-namespaces. It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func. |
 | controller.config.watches | list | `[{"group":"rbac.authorization.k8s.io","kind":"Role","version":"v1"},{"group":"rbac.authorization.k8s.io","kind":"RoleBinding","version":"v1"},{"kind":"Secret","version":"v1"}]` | List of GVK for namespace-scoped resources that can be propagated. Any namespace-scoped resource is allowed. |
+| controller.extraArgs | list | `[]` | Optional additional arguments. |
 | controller.replicas | int | `2` | Specify the number of replicas of the controller Pod. |
 | controller.resources | object | `{"requests":{"cpu":"100m","memory":"20Mi"}}` | Specify resources. |
 | controller.terminationGracePeriodSeconds | int | `10` | Specify terminationGracePeriodSeconds. |
diff --git a/charts/accurate/ci/enable-certmanager-values.yaml b/charts/accurate/ci/enable-certmanager-values.yaml
deleted file mode 100644
index 364f96d..0000000
--- a/charts/accurate/ci/enable-certmanager-values.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
-cert-manager:
-  enabled: true
diff --git a/charts/accurate/templates/deployment.yaml b/charts/accurate/templates/deployment.yaml
index ed9b4fd..0357401 100644
--- a/charts/accurate/templates/deployment.yaml
+++ b/charts/accurate/templates/deployment.yaml
@@ -26,6 +26,9 @@ spec:
           {{- with .Values.image.pullPolicy }}
           imagePullPolicy: {{ . }}
           {{- end }}
+          {{- with .Values.controller.extraArgs }}
+          args: {{ . }}
+          {{- end }}
           ports:
             - containerPort: 9443
               name: webhook-server
diff --git a/charts/accurate/values.yaml b/charts/accurate/values.yaml
index 521dec3..5972cf2 100644
--- a/charts/accurate/values.yaml
+++ b/charts/accurate/values.yaml
@@ -22,6 +22,9 @@ controller:
   # controller.terminationGracePeriodSeconds -- Specify terminationGracePeriodSeconds.
   terminationGracePeriodSeconds: 10
 
+  # controller.extraArgs -- Optional additional arguments.
+  extraArgs: []
+
   config:
     # controller.config.labelKeys -- Labels to be propagated to sub-namespaces.
     # It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func.
@@ -66,8 +69,3 @@ controller:
     #     - update
     #     - patch
     #     - delete
-
-cert-manager:
-  # cert-manager.enabled -- Install cert-manager together.
-  ## ref: https://cert-manager.io/docs/installation/kubernetes/#installing-with-helm
-  enabled: false
diff --git a/ct.yaml b/ct.yaml
index c98d199..9e35d69 100644
--- a/ct.yaml
+++ b/ct.yaml
@@ -2,5 +2,3 @@
 target-branch: main
 validate-maintainers: false
 check-version-increment: true
-chart-repos:
-  - jetstack=https://charts.jetstack.io
diff --git a/e2e/Makefile b/e2e/Makefile
index c0635e4..a290213 100644
--- a/e2e/Makefile
+++ b/e2e/Makefile
@@ -29,14 +29,10 @@ start: $(KIND) $(KUBECTL) $(HELM) $(KUBESEAL) $(KUBECTL_ACCURATE)
 	$(KIND) load docker-image accurate:dev --name=accurate
 	$(KUBECTL) apply -f https://github.com/jetstack/cert-manager/releases/download/v$(CERT_MANAGER_VERSION)/cert-manager.yaml
 	$(KUBECTL) -n cert-manager wait --for=condition=available --timeout=180s --all deployments
-	$(HELM) repo add jetstack https://charts.jetstack.io
-	$(HELM) repo update
-	$(HELM) dependency build ../charts/accurate/
 	$(HELM) install --create-namespace --namespace accurate accurate ../charts/accurate -f values.yaml
 	$(KUBECTL) -n accurate wait --for=condition=available --timeout=180s --all deployments
 	$(KUBECTL) apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v$(SEALED_SECRET_VERSION)/controller.yaml
 	$(KUBECTL) -n kube-system wait --for=condition=available --timeout=180s --all deployments
-	$(KUBECTL) apply -f clusterrole_for_sealedsecrets.yaml
 	rm -f sealed.json
 	$(KUBECTL) -n root2 create secret generic mysecret --dry-run=client --from-literal=foo=bar -o json | \
 		$(KUBESEAL) | jq '. * {metadata: {annotations: {"accurate.cybozu.com/propagate-generated": "create"}}}' > sealed.json
diff --git a/e2e/manager_patch.yaml b/e2e/manager_patch.yaml
deleted file mode 100644
index c284b03..0000000
--- a/e2e/manager_patch.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: accurate-controller-manager
-  namespace: accurate
-spec:
-  template:
-    spec:
-      containers:
-      - name: manager
-        args:
-        - --zap-log-level=5
diff --git a/e2e/values.yaml b/e2e/values.yaml
index 61a247a..67dae91 100644
--- a/e2e/values.yaml
+++ b/e2e/values.yaml
@@ -4,6 +4,9 @@ image:
   pullPolicy: Never
 
 controller:
+  extraArgs:
+    - --zap-log-level=5
+
   config:
     labelKeys:
       - team
@@ -20,3 +23,14 @@ controller:
         kind: RoleBinding
       - version: v1
         kind: Secret
+
+  additionalRBAC:
+    rules:
+      - apiGroups:
+          - bitnami.com
+        resources:
+          - sealedsecrets
+        verbs:
+          - get
+          - list
+          - watch