docs: Fixed numbering in quick_start.md (#777 )

Signed-off-by: Mark Stickley <markstickley@users.noreply.github.com>
chore: release 0.8.7 (#769 )
2025-08-07 14:10:30 -04:00 · 2025-07-28 22:55:12 +02:00 · 2025-07-14 09:14:43 -04:00 · 2025-07-14 09:14:25 -04:00 · 2025-06-26 19:45:33 +00:00 · 2025-06-13 15:23:56 -04:00
162 changed files with 14777 additions and 1738 deletions
--- a/.github/scripts/generate-helm-docs.sh
+++ b/.github/scripts/generate-helm-docs.sh
@ -9,7 +9,7 @@
 # Node >=16
 # renovate: datasource=github-releases depName=bitnami-labs/readme-generator-for-helm
-GENERATOR_VERSION="2.6.1"
+GENERATOR_VERSION="2.7.0"
 echo "Checking if readme generator is installed already..."
 if [[ $(npm list -g | grep -c "readme-generator-for-helm@${GENERATOR_VERSION}") -eq 0 ]]; then
--- a/.github/scripts/strip-kustomize-helm.sh
+++ b/.github/scripts/strip-kustomize-helm.sh
@ -1,18 +1,34 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # This script is a hack to support helm flow control in kustomize overlays, which would otherwise break them.
 # It allows us to render helm template bindings and add newlines.
 # For instance, it transforms "___{{ .Value.myValue }}___" to {{ .Value.myValue }}.
-# It also adds newlines wherever ___newline___ is found.
+# It also adds newlines wherever ___newline___ is found, and other operations. See
-
+# sed_expressions below.
 CHARTS_DIR='./chart/open-feature-operator/templates';
 echo 'Running strip-kustomize-helm.sh script'
-filenames=`find $CHARTS_DIR -name "*.yaml"`
+CHARTS_DIR='./chart/open-feature-operator/templates'
-for file in $filenames; do
+
-    sed -i "s/___newline___/\\n/g" $file
+# Careful! Ordering of these expressions matter!
-    sed -i "s/\"___//g" $file
+sed_expressions=(
-    sed -i "s/___\"//g" $file
+    "s/___newline___/\\n/g"
-    sed -i "s/___//g" $file
+    "s/___space___/ /g"
    "s/\"___//g"
    "s/___\"//g"
    "/___delete_me___/d"
    "s/___//g"
 )
 find $CHARTS_DIR -name "*.yaml" | while read file; do
    for expr in "${sed_expressions[@]}"; do
        if [[ "$OSTYPE" == "darwin"* ]]; then
            # macOS (BSD) version
            sed -i '' "$expr" "$file"
        else
            # Linux (GNU) version
            sed -i "$expr" "$file"
        fi
    done
 done
-echo 'Done running strip-kustomize-helm.sh script'
+
 echo 'Done running strip-kustomize-helm.sh script'
--- a/.github/workflows/dco-merge-group.yml
+++ b/.github/workflows/dco-merge-group.yml
@ -0,0 +1,12 @@
 name: DCO
 on:
  merge_group:
 # Workaround because the DCO app doesn't run on a merge_group trigger
 # https://github.com/dcoapp/app/pull/200
 jobs:
  DCO:
    runs-on: ubuntu-latest
    if: ${{ github.actor != 'renovate[bot]' }}
    steps:
      - run: echo "dummy DCO workflow (it won't run any check actually) to trigger by merge_group in order to enable merge queue"
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@ -6,20 +6,20 @@ on:
        description: "Tag of Kind image"
        type: "string"
 env:
-  GO_VERSION: "~1.21"
+  GO_VERSION: "~1.23"
 defaults:
  run:
    shell: bash
 jobs:
  e2e-test:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Download image
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
        with:
          name: open-feature-operator-local-${{ github.sha }}
          path: ${{ github.workspace }}
@ -36,7 +36,7 @@ jobs:
          docker load --input ${{ github.workspace }}/open-feature-operator-local.tar
      - name: Create k8s Kind Cluster
-        uses: helm/kind-action@v1.10.0
+        uses: helm/kind-action@v1.12.0
        with:
          config: ./test/e2e/kind-cluster.yml
          cluster_name: open-feature-operator-test
@ -47,7 +47,7 @@ jobs:
          kind load docker-image open-feature-operator-local:${{ github.sha }} --name open-feature-operator-test
      - name: Install Chainsaw
-        uses: kyverno/action-install-chainsaw@748066cc1580718e7924c9b689a8d366bde05100 # v0.2.0
+        uses: kyverno/action-install-chainsaw@f2b47b97dc889c12702113753d713f01ec268de5 # v0.2.12
      - name: Install OFO
        run: |
@ -64,7 +64,7 @@ jobs:
      - name: Upload cluster logs
        if: failure()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: e2e-tests
          path: .github/scripts/logs
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@ -17,19 +17,19 @@ on:
      - "!docs/**"
 env:
  # renovate: datasource=github-releases depName=golangci/golangci-lint
-  GOLANGCI_LINT_VERSION: "v1.59.0"
+  GOLANGCI_LINT_VERSION: "v1.63.4"
-  GO_VERSION: "~1.21"
+  GO_VERSION: "~1.23"
 jobs:
  golangci-lint:
    name: golangci-lint
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    strategy:
      fail-fast: false
    steps:
      - name: Check out code
        uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
        with:
          go-version: ${{ env.GO_VERSION }}
          check-latest: true
@ -38,7 +38,7 @@ jobs:
        run: make workspace-init
      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v6
        with:
          working-directory: ./
          version: ${{ env.GOLANGCI_LINT_VERSION }}
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@ -4,14 +4,14 @@ on:
  push:
    branches:
      - main
    paths-ignore:
      - '**.md'
  pull_request:
-    paths-ignore:
+    types:
-      - '**.md'
+      - opened
-env:
+      - synchronize
-  # Default minimum version of Go to support.
+      - reopened
-  DEFAULT_GO_VERSION: "~1.21"
+    branches:
      - main
  merge_group:
 permissions:
  contents: read
@ -19,12 +19,15 @@ permissions:
 jobs:
  unit-test:
    name: Unit Tests
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Install Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
        with:
-          go-version: ${{ env.DEFAULT_GO_VERSION }}
+          go-version-file: 'go.mod'
      - name: Setup Environment
        run: |
@ -39,9 +42,6 @@ jobs:
          path: ~/go/pkg/mod
          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/go.sum') }}
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Workspace Init
        run: make workspace-init
@ -49,27 +49,27 @@ jobs:
        run: make unit-test
      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
        with:
          flags: unit-tests
  docker-local:
    permissions:
      security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@master
+        uses: docker/setup-qemu-action@v3
        with:
          platforms: all
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@master
+        uses: docker/setup-buildx-action@v3
      - name: Build
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
        with:
          builder: ${{ steps.buildx.outputs.name }}
          context: .
@ -78,19 +78,21 @@ jobs:
          cache-from: type=gha,scope=${{ github.ref_name }}-ofo
          cache-to: type=gha,scope=${{ github.ref_name }}-ofo
      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.29.0
        with:
-          input: /github/workspace/open-feature-operator-local.tar
+          input: ${{ github.workspace }}/open-feature-operator-local.tar
-          format: "template"
+          format: "sarif"
          template: "@/contrib/sarif.tpl"
          output: "trivy-results.sarif"
          severity: "CRITICAL,HIGH"
        env:
          # use an alternative trivvy db to avoid rate limits
          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: "trivy-results.sarif"
      - name: Upload image as artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: open-feature-operator-local-${{ github.sha }}
          path: ${{ github.workspace }}/open-feature-operator-local.tar
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@ -18,9 +18,10 @@ jobs:
      pull-requests: write
      statuses: write  # for amannn/action-semantic-pull-request to mark status of analyzed PR
    name: Validate PR title
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    steps:
      - uses: amannn/action-semantic-pull-request@v5
        id: lint_pr_title
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@ -7,7 +7,7 @@ on:
 env:
  # Default minimum version of Go to support.
-  DEFAULT_GO_VERSION: "~1.21"
+  DEFAULT_GO_VERSION: "~1.23"
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}
  GITHUB_PAGES_BRANCH: gh-pages
@ -24,7 +24,7 @@ jobs:
    permissions:
      contents: write  # for google-github-actions/release-please-action to create release commit
      pull-requests: write  # for google-github-actions/release-please-action to create release PR
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    # Release-please creates a PR that tracks all changes
    steps:
@ -32,8 +32,9 @@ jobs:
        id: release
        with:
          command: manifest
-          token: ${{secrets.GITHUB_TOKEN}}
+          token: ${{secrets.RELEASE_PLEASE_ACTION_TOKEN}}
          default-branch: main
          signoff: "OpenFeature Bot <109696520+openfeaturebot@users.noreply.github.com>"
    outputs:
      release_created: ${{ steps.release.outputs.release_created }}
@ -43,7 +44,7 @@ jobs:
    needs: release-please
    permissions:
      packages: write # to push the container image
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    if: ${{ needs.release-please.outputs.release_created }}
    steps:
      - name: Checkout
@ -52,7 +53,7 @@ jobs:
          ref: ${{ needs.release-please.outputs.release_tag_name }}
      - name: Log in to the Container registry
-        uses: docker/login-action@a9794064588be971151ec5e7144cb535bcb56e36
+        uses: docker/login-action@327cd5a69de6c009b9ce71bce8395f28e651bf99
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
@ -60,7 +61,7 @@ jobs:
      - name: Extract metadata (tags, labels) for Docker
        id: meta
-        uses: docker/metadata-action@f7b4ed12385588c3f9bc252f0a2b520d83b52d48
+        uses: docker/metadata-action@60a0d343a0d8a18aedee9d34e62251f752153bdb
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
@ -74,7 +75,7 @@ jobs:
        uses: docker/setup-buildx-action@master
      - name: Build
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
        with:
          builder: ${{ steps.buildx.outputs.name }}
          context: .
@ -109,7 +110,7 @@ jobs:
    needs: release-please
    permissions:
      contents: write  # for softprops/action-gh-release to create GitHub release
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    if: ${{ needs.release-please.outputs.release_created }}
    steps:
        - name: Checkout
@ -118,7 +119,7 @@ jobs:
            ref: ${{ needs.release-please.outputs.release_tag_name }}
        - name: Setup go
-          uses: actions/setup-go@v4
+          uses: actions/setup-go@v5
          with:
            go-version: ${{ env.DEFAULT_GO_VERSION }}
        - run: |
@ -145,7 +146,7 @@ jobs:
    needs: release-please
    permissions:
      contents: write
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    if: ${{ needs.release-please.outputs.release_created }}
    steps:
      - name: Checkout
@ -155,7 +156,7 @@ jobs:
          ref: ${{ env.GITHUB_PAGES_BRANCH }}
      - name: Setup go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
        with:
          go-version: ${{ env.DEFAULT_GO_VERSION }}
--- a/.github/workflows/validate-crd-docs.yml
+++ b/.github/workflows/validate-crd-docs.yml
@ -9,7 +9,7 @@ defaults:
 jobs:
  check-helm-docs:
    name: Check crd documentation values
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    steps:
      - name: Check out code
        uses: actions/checkout@v4
--- a/.github/workflows/validate-helm-docs.yml
+++ b/.github/workflows/validate-helm-docs.yml
@ -11,13 +11,13 @@ defaults:
 jobs:
  check-helm-docs:
    name: Check helm documentation values
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    steps:
      - name: Check out code
        uses: actions/checkout@v4
      - name: Set up Node
-        uses: actions/setup-node@v3.8.2
+        uses: actions/setup-node@v4.4.0
        with:
          node-version: 16
--- a/.gitignore
+++ b/.gitignore
@ -34,3 +34,5 @@ testbin/*
 go.work
 go.work.sum
 dist
--- a/.golangci.yml
+++ b/.golangci.yml
@ -1,6 +1,6 @@
 run:
  timeout: 5m
-  go: '1.20'
+  go: '1.23'
 linters:
  enable:
    - gofmt         # Gofmt checks whether code was gofmt-ed. By default, this tool runs with -s option to check for code simplification
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@ -1,4 +1,4 @@
 {
-  ".": "0.6.0",
+  ".": "0.8.7",
-  "apis": "0.2.43"
+  "apis": "0.2.45"
 }
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,215 @@
 # Changelog
 ## [0.8.7](https://github.com/open-feature/open-feature-operator/compare/v0.8.6...v0.8.7) (2025-07-14)
 ### 🐛 Bug Fixes
 * API server warning for empty imagePullSecrets ([#774](https://github.com/open-feature/open-feature-operator/issues/774)) ([6f7152c](https://github.com/open-feature/open-feature-operator/commit/6f7152cffc75b1b00a4f941afc9e8ee2593151d7))
 * end-to-end.yaml ([#771](https://github.com/open-feature/open-feature-operator/issues/771)) ([4b76e47](https://github.com/open-feature/open-feature-operator/commit/4b76e479c44c3dd90ab237ac7ba319617b61f6b9))
 * Ingress annotations not reconciling ([#773](https://github.com/open-feature/open-feature-operator/issues/773)) ([6cbc0fa](https://github.com/open-feature/open-feature-operator/commit/6cbc0fa1a19ef89660b0816b0e92425d1e414d96))
 ### 🧹 Chore
 * **deps:** update actions/setup-node action to v4.4.0 ([#767](https://github.com/open-feature/open-feature-operator/issues/767)) ([1e5af9d](https://github.com/open-feature/open-feature-operator/commit/1e5af9d5f0933d93fb55c8df0c6e2b463fae4b4c))
 ## [0.8.6](https://github.com/open-feature/open-feature-operator/compare/v0.8.5...v0.8.6) (2025-06-03)
 ### ✨ New Features
 * **flagd:** add support for GCS ([#765](https://github.com/open-feature/open-feature-operator/issues/765)) ([349c176](https://github.com/open-feature/open-feature-operator/commit/349c176ee5eb9f2738f1354c8987760620363aa6))
 ### 🐛 Bug Fixes
 * **deps:** update kubernetes packages to v0.32.3 ([#756](https://github.com/open-feature/open-feature-operator/issues/756)) ([a4b4216](https://github.com/open-feature/open-feature-operator/commit/a4b4216d2009a5703214cfb9efacea60d9e1f8d0))
 * **deps:** update open-feature/flagd ([#755](https://github.com/open-feature/open-feature-operator/issues/755)) ([20f6f40](https://github.com/open-feature/open-feature-operator/commit/20f6f4095669e4b0b0f895da683a2fe9e580ee5e))
 * namespace for ca injection for mutatingwebhook solving [#759](https://github.com/open-feature/open-feature-operator/issues/759) ([#763](https://github.com/open-feature/open-feature-operator/issues/763)) ([d39973b](https://github.com/open-feature/open-feature-operator/commit/d39973b0ea9801829d146ad7649a2b25985fb7af))
 ### 🧹 Chore
 * **deps:** update dependency ubuntu to v24 ([#748](https://github.com/open-feature/open-feature-operator/issues/748)) ([3014013](https://github.com/open-feature/open-feature-operator/commit/301401391ec352a4e23ba96a479aad0a42ddb07f))
 * **deps:** update helm/kind-action action to v1.12.0 ([#744](https://github.com/open-feature/open-feature-operator/issues/744)) ([3fc56cd](https://github.com/open-feature/open-feature-operator/commit/3fc56cd89d3f220f8131184fbe4e9245f554c680))
 ### 📚 Documentation
 * Replace the old events calendar by the OpenFeature community Page link ([#751](https://github.com/open-feature/open-feature-operator/issues/751)) ([c4c0c59](https://github.com/open-feature/open-feature-operator/commit/c4c0c59f7f522c8c2f4d3f7fed57dd1cda4e92bb))
 ## [0.8.5](https://github.com/open-feature/open-feature-operator/compare/v0.8.4...v0.8.5) (2025-01-31)
 ### 🐛 Bug Fixes
 * **deps:** update open-feature/flagd ([#736](https://github.com/open-feature/open-feature-operator/issues/736)) ([9eb1ca8](https://github.com/open-feature/open-feature-operator/commit/9eb1ca8bebe6cfc5d33a905e610ea8a908381740))
 ### 🧹 Chore
 * **deps:** update actions/setup-node action to v4.2.0 ([#737](https://github.com/open-feature/open-feature-operator/issues/737)) ([15d55c5](https://github.com/open-feature/open-feature-operator/commit/15d55c587d6edee562bd86564fa60bb559eed132))
 * **deps:** update aquasecurity/trivy-action action to v0.29.0 ([#738](https://github.com/open-feature/open-feature-operator/issues/738)) ([8ac429b](https://github.com/open-feature/open-feature-operator/commit/8ac429beeced6d06883fa66de0e9a50819986f69))
 * **deps:** update busybox docker tag to v1.37.0 ([#739](https://github.com/open-feature/open-feature-operator/issues/739)) ([740205f](https://github.com/open-feature/open-feature-operator/commit/740205fc2a6a89dcf2572d9f604f7ba69afc6573))
 * **deps:** update curlimages/curl docker tag to v8.11.1 ([#703](https://github.com/open-feature/open-feature-operator/issues/703)) ([383c116](https://github.com/open-feature/open-feature-operator/commit/383c1168d4640d2fe57782982829f68d349b1828))
 * **deps:** update dependency bitnami-labs/readme-generator-for-helm to v2.7.0 ([#741](https://github.com/open-feature/open-feature-operator/issues/741)) ([963d155](https://github.com/open-feature/open-feature-operator/commit/963d155d0a847718a9bde15b6e90e56b09812ebb))
 * **deps:** update docker/build-push-action action to v6 ([#694](https://github.com/open-feature/open-feature-operator/issues/694)) ([3d2ddfe](https://github.com/open-feature/open-feature-operator/commit/3d2ddfe8d6b2b9b31ba6100f008d079b5e42d19c))
 * **deps:** update docker/login-action digest to 327cd5a ([#728](https://github.com/open-feature/open-feature-operator/issues/728)) ([0038e45](https://github.com/open-feature/open-feature-operator/commit/0038e45a72f088976378d647d2ccf721182e0318))
 * **deps:** update golang docker tag to v1.23.5 ([#481](https://github.com/open-feature/open-feature-operator/issues/481)) ([06f43a9](https://github.com/open-feature/open-feature-operator/commit/06f43a9241fda9700ef6d6361a65dc50fac7ecb3))
 * remove rbac-proxy values and doc ([#742](https://github.com/open-feature/open-feature-operator/issues/742)) ([def1434](https://github.com/open-feature/open-feature-operator/commit/def14340603c2c9976e3a6142ab494764933f682))
 * replace deprecated gcr.io/kubebuilder/kube-rbac-proxy ([#733](https://github.com/open-feature/open-feature-operator/issues/733)) ([5358d1e](https://github.com/open-feature/open-feature-operator/commit/5358d1eacfd44cf01016c4bc6f68c496e757354f))
 ## [0.8.4](https://github.com/open-feature/open-feature-operator/compare/v0.8.3...v0.8.4) (2025-01-13)
 ### 🧹 Chore
 * release apis 0.2.45 ([#727](https://github.com/open-feature/open-feature-operator/issues/727)) ([dbe1222](https://github.com/open-feature/open-feature-operator/commit/dbe12227bc551dcda472b6c1afedb57321852e33))
 ## [0.8.3](https://github.com/open-feature/open-feature-operator/compare/v0.8.2...v0.8.3) (2025-01-13)
 ### 🐛 Bug Fixes
 * Add --port argument in flagd pods for set flagd service port ([#710](https://github.com/open-feature/open-feature-operator/issues/710)) ([674dd16](https://github.com/open-feature/open-feature-operator/commit/674dd16ac4dca94f04160247c55121e266979e25))
 * flagd environment variables missing prefix ([#730](https://github.com/open-feature/open-feature-operator/issues/730)) ([0aa61ec](https://github.com/open-feature/open-feature-operator/commit/0aa61ec1419ec1d99f3c875dd6526ec8ca8e6014))
 ## [0.8.2](https://github.com/open-feature/open-feature-operator/compare/v0.8.1...v0.8.2) (2025-01-13)
 ### ✨ New Features
 * add gateway api support ([#725](https://github.com/open-feature/open-feature-operator/issues/725)) ([b393a26](https://github.com/open-feature/open-feature-operator/commit/b393a2669c05d58afe453867401f8d697464b145))
 * allow setting mutating webhook failurepolicy and objectSelector via helm ([#715](https://github.com/open-feature/open-feature-operator/issues/715)) ([e3f1e24](https://github.com/open-feature/open-feature-operator/commit/e3f1e2471f2f2bd1a29539c57aa8161dc9fdd570))
 ### 🐛 Bug Fixes
 * Add missing poddisruptionbudget update verb ([#722](https://github.com/open-feature/open-feature-operator/issues/722)) ([9b8e8c3](https://github.com/open-feature/open-feature-operator/commit/9b8e8c322ecc07d4d7f85d491a5cae0187b2db92))
 ## [0.8.1](https://github.com/open-feature/open-feature-operator/compare/v0.8.0...v0.8.1) (2024-10-30)
 ### 🐛 Bug Fixes
 * Add missing poddisruption budget permissions in manager cluster role ([#718](https://github.com/open-feature/open-feature-operator/issues/718)) ([69efcf0](https://github.com/open-feature/open-feature-operator/commit/69efcf021dfa4915bba9c943d0b8a8d137bfb2b2))
 * make flagd replica count configureable in helm chart ([#716](https://github.com/open-feature/open-feature-operator/issues/716)) ([8ae6ee8](https://github.com/open-feature/open-feature-operator/commit/8ae6ee81ac48589d01fd6e75f9c16bcd62c336b0))
 ### 🧹 Chore
 * **deps:** update docker/login-action digest to 0689575 ([#714](https://github.com/open-feature/open-feature-operator/issues/714)) ([20e4045](https://github.com/open-feature/open-feature-operator/commit/20e4045d1ad45a5047f4f81a544b96643528dda7))
 ## [0.8.0](https://github.com/open-feature/open-feature-operator/compare/v0.7.2...v0.8.0) (2024-10-22)
 ### ⚠ BREAKING CHANGES
 * Fix typo flagsValidatonEnabled into flagsValidationEnabled ([#707](https://github.com/open-feature/open-feature-operator/issues/707))
 ### ✨ New Features
 * add flagd-proxy HA configuration ([#712](https://github.com/open-feature/open-feature-operator/issues/712)) ([e115159](https://github.com/open-feature/open-feature-operator/commit/e115159936773e11353912bb11739a51108eb297))
 ### 🐛 Bug Fixes
 * Fix typo flagsValidatonEnabled into flagsValidationEnabled ([#707](https://github.com/open-feature/open-feature-operator/issues/707)) ([64cdc25](https://github.com/open-feature/open-feature-operator/commit/64cdc25a031cd6991cca9425ec3052fc892ce720))
 ### 🧹 Chore
 * **deps:** update golangci/golangci-lint-action action to v6 ([#704](https://github.com/open-feature/open-feature-operator/issues/704)) ([696e2ed](https://github.com/open-feature/open-feature-operator/commit/696e2edf83a6ba358bf6e19337e69c7b70162d37))
 ## [0.7.2](https://github.com/open-feature/open-feature-operator/compare/v0.7.1...v0.7.2) (2024-08-02)
 ### ✨ New Features
 * Custom labels and annotations for namespace. ([#702](https://github.com/open-feature/open-feature-operator/issues/702)) ([a21f278](https://github.com/open-feature/open-feature-operator/commit/a21f278c2ee994223eb715796c963d109237dff5))
 ### 🐛 Bug Fixes
 * Case-align FROM and AS in Dockerfile ([#699](https://github.com/open-feature/open-feature-operator/issues/699)) ([4a43871](https://github.com/open-feature/open-feature-operator/commit/4a43871bfacbd9b38a0225b50520daa37bef97c9))
 * Fix Kustomize installation ([#700](https://github.com/open-feature/open-feature-operator/issues/700)) ([b5ad594](https://github.com/open-feature/open-feature-operator/commit/b5ad5943cc0edf4298efa571a50482f8991314e9))
 ### 🧹 Chore
 * **deps:** update codecov/codecov-action action to v4 ([#693](https://github.com/open-feature/open-feature-operator/issues/693)) ([1588ef8](https://github.com/open-feature/open-feature-operator/commit/1588ef85202c14fb2bcf47925f99bb2ab5dd1ac3))
 ## [0.7.1](https://github.com/open-feature/open-feature-operator/compare/v0.7.0...v0.7.1) (2024-07-23)
 ### ✨ New Features
 * Add labels and annotations to pods. ([#681](https://github.com/open-feature/open-feature-operator/issues/681)) ([7ec44a6](https://github.com/open-feature/open-feature-operator/commit/7ec44a6a06ce570bf80d2cf6d78632f61a73fe89))
 ### 🐛 Bug Fixes
 * **deps:** update golang.org/x/exp digest to 8a7402a ([#691](https://github.com/open-feature/open-feature-operator/issues/691)) ([db53303](https://github.com/open-feature/open-feature-operator/commit/db53303d14ca0fada38db97981dd5ed95d95f7ad))
 * **deps:** update module github.com/stretchr/testify to v1.9.0 ([#671](https://github.com/open-feature/open-feature-operator/issues/671)) ([1d2713d](https://github.com/open-feature/open-feature-operator/commit/1d2713dad6381e56aa3b552c33e1cb3513574a6e))
 ### 🧹 Chore
 * **deps:** update actions/setup-go action to v5 ([#673](https://github.com/open-feature/open-feature-operator/issues/673)) ([b27a9eb](https://github.com/open-feature/open-feature-operator/commit/b27a9eb7163b23c4febec9721126639297a41217))
 * **deps:** update actions/setup-node action to v4 ([#675](https://github.com/open-feature/open-feature-operator/issues/675)) ([6f77899](https://github.com/open-feature/open-feature-operator/commit/6f77899bdefefdf43f4cee02c6f1def3ccaf758a))
 * **deps:** update docker/login-action digest to 9780b0c ([#605](https://github.com/open-feature/open-feature-operator/issues/605)) ([486a4fd](https://github.com/open-feature/open-feature-operator/commit/486a4fd8b2d647d1666f745ed07a601fcc8b7af8))
 * **deps:** update docker/metadata-action digest to 60a0d34 ([#690](https://github.com/open-feature/open-feature-operator/issues/690)) ([473929c](https://github.com/open-feature/open-feature-operator/commit/473929c3d80f1abe9a9dd92e5a4db542c8b32da8))
 * **deps:** update module golang.org/x/net to v0.27.0 ([#669](https://github.com/open-feature/open-feature-operator/issues/669)) ([0fdd6db](https://github.com/open-feature/open-feature-operator/commit/0fdd6db6e1809f3e94fe68ca6d3094725ce51b4c))
 * **deps:** update open-feature/flagd ([#689](https://github.com/open-feature/open-feature-operator/issues/689)) ([0d331a9](https://github.com/open-feature/open-feature-operator/commit/0d331a9bc5db752cb3aa49f7ce5afc0830f115fe))
 * release apis 0.2.44 ([#688](https://github.com/open-feature/open-feature-operator/issues/688)) ([9997ea4](https://github.com/open-feature/open-feature-operator/commit/9997ea443ecc025afd7aff2e33e92fb05acb3b1a))
 ## [0.7.0](https://github.com/open-feature/open-feature-operator/compare/v0.6.1...v0.7.0) (2024-07-04)
 ### ⚠ BREAKING CHANGES
 * split bind address to manage host and port separately ([#679](https://github.com/open-feature/open-feature-operator/issues/679))
 ### ✨ New Features
 * Add hostNetwork flag. ([#680](https://github.com/open-feature/open-feature-operator/issues/680)) ([8e00a35](https://github.com/open-feature/open-feature-operator/commit/8e00a35c89732a1b76ab07a923ae7aee13028615))
 * split bind address to manage host and port separately ([#679](https://github.com/open-feature/open-feature-operator/issues/679)) ([31cddba](https://github.com/open-feature/open-feature-operator/commit/31cddbaf95649701a5c981e8fd0c1f0a5461e980))
 ### 🐛 Bug Fixes
 * remove duplicated port in helm ([#686](https://github.com/open-feature/open-feature-operator/issues/686)) ([65c3c26](https://github.com/open-feature/open-feature-operator/commit/65c3c262110cca3b1d913b680e4b49973ce1a09a))
 ## [0.6.1](https://github.com/open-feature/open-feature-operator/compare/v0.6.0...v0.6.1) (2024-06-06)
 ### ✨ New Features
 * add image pull secrets ([#655](https://github.com/open-feature/open-feature-operator/issues/655)) ([2d7b30c](https://github.com/open-feature/open-feature-operator/commit/2d7b30c407f5c4d83cdf5bb08ff9de52bcc841a2))
 ### 🐛 Bug Fixes
 * **deps:** update module github.com/go-logr/logr to v1.4.2 ([#601](https://github.com/open-feature/open-feature-operator/issues/601)) ([f245658](https://github.com/open-feature/open-feature-operator/commit/f245658ffbc33db5814798182a1e7d9a538ba4e8))
 * **deps:** update module go.uber.org/zap to v1.27.0 ([#614](https://github.com/open-feature/open-feature-operator/issues/614)) ([3746216](https://github.com/open-feature/open-feature-operator/commit/3746216b6e3c7b20dff2788954eb11e94e8a4a34))
 * flagd path defaults ([#658](https://github.com/open-feature/open-feature-operator/issues/658)) ([aef1010](https://github.com/open-feature/open-feature-operator/commit/aef1010dff162e8d232942e642c68e3e9ba3f35f))
 * handle multiple imagePullSecrets ([#666](https://github.com/open-feature/open-feature-operator/issues/666)) ([df3d6d9](https://github.com/open-feature/open-feature-operator/commit/df3d6d922a262ccfe3082a972a8f3fe495a7d4ca))
 ### 🧹 Chore
 * add rule for env cfg tags ([#674](https://github.com/open-feature/open-feature-operator/issues/674)) ([499661e](https://github.com/open-feature/open-feature-operator/commit/499661e53318f7476e9cb4c9a551eb0c3a626090))
 * **deps:** update actions/setup-node action to v3.8.2 ([#580](https://github.com/open-feature/open-feature-operator/issues/580)) ([e43ce5f](https://github.com/open-feature/open-feature-operator/commit/e43ce5f0a6e207b3f03262d29b1ab0a5e6baa817))
 * **deps:** update curlimages/curl docker tag to v8.8.0 ([#616](https://github.com/open-feature/open-feature-operator/issues/616)) ([ab7cfde](https://github.com/open-feature/open-feature-operator/commit/ab7cfde2b8bc284f7d67fdc69ff5a7bad6665790))
 * **deps:** update dependency bitnami-labs/readme-generator-for-helm to v2.6.1 ([#662](https://github.com/open-feature/open-feature-operator/issues/662)) ([fdce5f9](https://github.com/open-feature/open-feature-operator/commit/fdce5f9a4a4faa5618ffa1bed7f7058d0354e7ad))
 * **deps:** update dependency golangci/golangci-lint to v1.59.0 ([#606](https://github.com/open-feature/open-feature-operator/issues/606)) ([692a325](https://github.com/open-feature/open-feature-operator/commit/692a325f70bb902a1b51e44efd5ce004bb832c05))
 * **deps:** update dependency kubernetes-sigs/controller-tools to v0.15.0 ([#667](https://github.com/open-feature/open-feature-operator/issues/667)) ([60f528f](https://github.com/open-feature/open-feature-operator/commit/60f528f464141a3c93f15684ca5f7c37213a2b6f))
 * **deps:** update docker/metadata-action digest to f7b4ed1 ([#598](https://github.com/open-feature/open-feature-operator/issues/598)) ([28700ce](https://github.com/open-feature/open-feature-operator/commit/28700ce600c74bae921d88ede113313fe9924efb))
 * **deps:** update helm/kind-action action to v1.10.0 ([#668](https://github.com/open-feature/open-feature-operator/issues/668)) ([e0b1748](https://github.com/open-feature/open-feature-operator/commit/e0b1748a265a741a17317730dfbb6270f7c43f31))
 * **deps:** update open-feature/flagd ([#670](https://github.com/open-feature/open-feature-operator/issues/670)) ([1174a1b](https://github.com/open-feature/open-feature-operator/commit/1174a1b277c1f335b5f73ee76e0c111fd16ace4b))
 * release apis 0.2.43 ([#660](https://github.com/open-feature/open-feature-operator/issues/660)) ([aed8ba1](https://github.com/open-feature/open-feature-operator/commit/aed8ba19ffd00f202cdfa980ef063bae49468faa))
 ## [0.6.0](https://github.com/open-feature/open-feature-operator/compare/v0.5.7...v0.6.0) (2024-05-29)
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -36,6 +36,9 @@ and deploying to your cluster. Please be aware that it is using the cluster your
 Some part of the project docs may be autogenerated and require running a script.
 #### Re-generating helm docs after modifying the chart
 ` ./.github/scripts/generate-helm-docs.sh`
 #### CRDs Docs
 If you modified or added crds to the project, then you should recreate the crds.md file. To do so run: 
--- a/20
+++ b/20
@ -1,5 +1,5 @@
 # Build the manager binary
-FROM --platform=$BUILDPLATFORM golang:1.20.3-alpine3.16 AS builder
+FROM --platform=$BUILDPLATFORM golang:1.23.5-alpine3.20 AS builder
 WORKDIR /workspace
 # Copy the Go Modules manifests
@ -7,25 +7,27 @@ COPY go.mod go.mod
 COPY go.sum go.sum
 # Copy the go source
-COPY main.go main.go
+COPY cmd/ cmd/
-COPY apis/ apis/
+COPY api/ api/
-COPY webhooks/ webhooks/
+COPY internal/ internal/
 COPY controllers/ controllers/
 COPY common/ common/
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
-RUN go work init . ./apis && go mod download
+RUN go work init . ./api && go mod download
 ARG TARGETOS
 ARG TARGETARCH
 # Build
-RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -a -o manager main.go
+# the GOARCH has not a default value to allow the binary be built according to the host where the command
 # was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
 # the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
 # by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
 RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot as production
+FROM gcr.io/distroless/static:nonroot AS production
 WORKDIR /
 COPY --from=builder /workspace/manager .
 USER 65532:65532
--- a/21
+++ b/21
@ -6,7 +6,7 @@ ARCH?=amd64
 IMG?=$(RELEASE_REGISTRY)/$(RELEASE_IMAGE)
 # customize overlay to be used in the build, DEFAULT or HELM
 KUSTOMIZE_OVERLAY ?= DEFAULT
-CHART_VERSION=v0.6.0# x-release-please-version
+CHART_VERSION=v0.8.7# x-release-please-version
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.26.1
 WAIT_TIMEOUT_SECONDS?=60
@ -65,8 +65,8 @@ vet: ## Run go vet against code.
 	go vet ./...
 .PHONY: unit-test
-unit-test: manifests fmt vet generate envtest ## Run tests.
+unit-test: manifests generate envtest fmt vet ## Run tests.
-	cd apis && go test ./... -v -coverprofile ../cover-apis.out cover-main.out cover-pkg.out 
+	cd api && go test ./... -v -coverprofile ../cover-apis.out cover-main.out cover-pkg.out
 	go test ./... -v -coverprofile cover-operator.out
 	sed -i '/mode: set/d' "cover-operator.out"
 	sed -i '/mode: set/d' "cover-apis.out"
@ -98,7 +98,7 @@ e2e-test-validate-local:
 .PHONY: lint
 lint:
 	go install -v github.com/golangci/golangci-lint/cmd/golangci-lint@latest
-	${GOPATH}/bin/golangci-lint run --deadline=3m --timeout=3m --config=./.golangci.yml -v ./... # Run linters
+	${GOPATH}/bin/golangci-lint run --timeout=3m --config=./.golangci.yml -v ./... # Run linters
 .PHONY: generate-crdocs
 generate-crdocs: kustomize crdocs
@ -112,12 +112,12 @@ generate-crdocs: kustomize crdocs
 ##@ Build
 .PHONY: build
-build: generate fmt vet ## Build manager binary.
+build: manifests generate fmt vet ## Build manager binary.
-	go build -o bin/manager main.go
+	go build -o bin/manager cmd/main.go
 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.
-	go run ./main.go
+	go run ./cmd/main.go
 .PHONY: docker-build
 docker-build: clean  ## Build docker image with the manager.
@ -211,15 +211,14 @@ CRDOC ?= $(LOCALBIN)/crdoc
 # renovate: datasource=github-tags depName=kubernetes-sigs/kustomize
 KUSTOMIZE_VERSION ?= v5.4.1
 # renovate: datasource=github-releases depName=kubernetes-sigs/controller-tools
-CONTROLLER_TOOLS_VERSION ?= v0.15.0
+CONTROLLER_TOOLS_VERSION ?= v0.16.5
 CRDOC_VERSION ?= v0.6.2
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
 $(KUSTOMIZE): $(LOCALBIN)
 	[ -e "$(KUSTOMIZE)" ] && rm -rf "$(KUSTOMIZE)" || true
-	curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN)
+	test -s ${LOCALBIN}/kustomize || GOBIN=${LOCALBIN} GO111MODULE=on go install sigs.k8s.io/kustomize/kustomize/v5@$(KUSTOMIZE_VERSION)
 .PHONY: controller-gen
 controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary.
@ -252,7 +251,7 @@ set-helm-overlay:
 helm-package: set-helm-overlay generate release-manifests helm
 	mkdir -p chart/open-feature-operator/templates/crds
 	mv chart/open-feature-operator/templates/*customresourcedefinition* chart/open-feature-operator/templates/crds
-	sh .github/scripts/strip-kustomize-helm.sh
+	.github/scripts/strip-kustomize-helm.sh
 	$(HELM) package --version $(CHART_VERSION) chart/open-feature-operator
 	mkdir -p charts && mv open-feature-operator-*.tgz charts
 	$(HELM) repo index --url https://open-feature.github.io/open-feature-operator/charts charts
--- a/4
+++ b/4
@ -4,8 +4,10 @@
 # More info: https://book.kubebuilder.io/reference/project-config.html
 domain: openfeature.dev
 layout:
- go.kubebuilder.io/v3
+- go.kubebuilder.io/v4
 multigroup: true
 plugins:
  helm.kubebuilder.io/v1-alpha: {}
 projectName: open-feature-operator
 repo: github.com/open-feature/open-feature-operator
 resources:
--- a/README.md
+++ b/README.md
@ -33,7 +33,8 @@ See [CHANGELOG.md](https://github.com/open-feature/open-feature-operator/blob/ma
 See [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to contribute to the OpenFeature project.
-Our community meetings are held regularly and open to everyone. Check the [OpenFeature community calendar](https://calendar.google.com/calendar/u/0?cid=MHVhN2kxaGl2NWRoMThiMjd0b2FoNjM2NDRAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ) for specific dates and for the Zoom meeting links.
+Our community meetings are held regularly and open to everyone, as well as other community channels.
 Check the [OpenFeature community page]https://openfeature.dev/community/) for the links and participation guidelines.
 Thanks so much to our contributors.
--- a/apis/CHANGELOG.md
+++ b/apis/CHANGELOG.md
@ -1,5 +1,29 @@
 # Changelog
 ## [0.2.45](https://github.com/open-feature/open-feature-operator/compare/apis/v0.2.44...apis/v0.2.45) (2025-01-13)
 ### ✨ New Features
 * add gateway api support ([#725](https://github.com/open-feature/open-feature-operator/issues/725)) ([b393a26](https://github.com/open-feature/open-feature-operator/commit/b393a2669c05d58afe453867401f8d697464b145))
 ### 🐛 Bug Fixes
 * flagd environment variables missing prefix ([#730](https://github.com/open-feature/open-feature-operator/issues/730)) ([0aa61ec](https://github.com/open-feature/open-feature-operator/commit/0aa61ec1419ec1d99f3c875dd6526ec8ca8e6014))
 ## [0.2.44](https://github.com/open-feature/open-feature-operator/compare/apis/v0.2.43...apis/v0.2.44) (2024-07-23)
 ### 🐛 Bug Fixes
 * **deps:** update module github.com/stretchr/testify to v1.9.0 ([#671](https://github.com/open-feature/open-feature-operator/issues/671)) ([1d2713d](https://github.com/open-feature/open-feature-operator/commit/1d2713dad6381e56aa3b552c33e1cb3513574a6e))
 ### 🧹 Chore
 * **deps:** update open-feature/flagd ([#689](https://github.com/open-feature/open-feature-operator/issues/689)) ([0d331a9](https://github.com/open-feature/open-feature-operator/commit/0d331a9bc5db752cb3aa49f7ce5afc0830f115fe))
 ## [0.2.43](https://github.com/open-feature/open-feature-operator/compare/apis/v0.2.42...apis/v0.2.43) (2024-06-06)
--- a/apis/core/v1alpha1/featureflagconfiguration_types.go
+++ b/apis/core/v1alpha1/featureflagconfiguration_types.go
--- a/apis/core/v1alpha1/flagsourceconfiguration_types.go
+++ b/apis/core/v1alpha1/flagsourceconfiguration_types.go
--- a/apis/core/v1alpha1/groupversion_info.go
+++ b/apis/core/v1alpha1/groupversion_info.go
--- a/apis/core/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/core/v1alpha1/zz_generated.deepcopy.go
--- a/apis/core/v1alpha2/featureflagconfiguration_types.go
+++ b/apis/core/v1alpha2/featureflagconfiguration_types.go
--- a/apis/core/v1alpha2/flagsourceconfiguration_types.go
+++ b/apis/core/v1alpha2/flagsourceconfiguration_types.go
--- a/apis/core/v1alpha2/groupversion_info.go
+++ b/apis/core/v1alpha2/groupversion_info.go
--- a/apis/core/v1alpha2/zz_generated.deepcopy.go
+++ b/apis/core/v1alpha2/zz_generated.deepcopy.go
--- a/apis/core/v1alpha3/flagsourceconfiguration_types.go
+++ b/apis/core/v1alpha3/flagsourceconfiguration_types.go
--- a/apis/core/v1alpha3/groupversion_info.go
+++ b/apis/core/v1alpha3/groupversion_info.go
--- a/apis/core/v1alpha3/zz_generated.deepcopy.go
+++ b/apis/core/v1alpha3/zz_generated.deepcopy.go
--- a/apis/core/v1beta1/common/common.go
+++ b/apis/core/v1beta1/common/common.go
@ -11,6 +11,7 @@ type SyncProviderType string
 const (
 	SyncProviderKubernetes SyncProviderType = "kubernetes"
 	SyncProviderFilepath   SyncProviderType = "file"
 	SyncProviderGcs        SyncProviderType = "gcs"
 	SyncProviderHttp       SyncProviderType = "http"
 	SyncProviderGrpc       SyncProviderType = "grpc"
 	SyncProviderFlagdProxy SyncProviderType = "flagd-proxy"
@ -57,6 +58,10 @@ func (s SyncProviderType) IsHttp() bool {
 	return s == SyncProviderHttp
 }
 func (s SyncProviderType) IsGcs() bool {
 	return s == SyncProviderGcs
 }
 func (s SyncProviderType) IsFilepath() bool {
 	return s == SyncProviderFilepath
 }
--- a/apis/core/v1beta1/common/common_test.go
+++ b/apis/core/v1beta1/common/common_test.go
@ -12,16 +12,19 @@ func Test_FeatureFlagSource_SyncProvider(t *testing.T) {
 	f := SyncProviderFilepath
 	h := SyncProviderHttp
 	g := SyncProviderGrpc
 	gcs := SyncProviderGcs
 	require.True(t, k.IsKubernetes())
 	require.True(t, f.IsFilepath())
 	require.True(t, h.IsHttp())
 	require.True(t, g.IsGrpc())
 	require.True(t, gcs.IsGcs())
 	require.False(t, f.IsKubernetes())
 	require.False(t, h.IsFilepath())
 	require.False(t, k.IsGrpc())
 	require.False(t, g.IsHttp())
 	require.False(t, g.IsGcs())
 }
 func Test_FLagSourceConfiguration_EnvVarKey(t *testing.T) {
--- a/apis/core/v1beta1/featureflag_types.go
+++ b/apis/core/v1beta1/featureflag_types.go
--- a/apis/core/v1beta1/featureflag_types_test.go
+++ b/apis/core/v1beta1/featureflag_types_test.go
--- a/apis/core/v1beta1/featureflagsource_types.go
+++ b/apis/core/v1beta1/featureflagsource_types.go
@ -28,10 +28,12 @@ import (
 type FeatureFlagSourceSpec struct {
 	// ManagemetPort defines the port to serve management on, defaults to 8014
 	// +optional
 	// +kubebuilder:default:=8014
 	ManagementPort int32 `json:"managementPort"`
 	// Port defines the port to listen on, defaults to 8013
 	// +optional
 	// +kubebuilder:default:=8013
 	Port int32 `json:"port"`
 	// SocketPath defines the unix socket path to listen on
@ -40,6 +42,7 @@ type FeatureFlagSourceSpec struct {
 	// Evaluator sets an evaluator, defaults to 'json'
 	// +optional
 	// +kubebuilder:default:="json"
 	Evaluator string `json:"evaluator"`
 	// SyncProviders define the syncProviders and associated configuration to be applied to the sidecar
@ -61,10 +64,12 @@ type FeatureFlagSourceSpec struct {
 	// LogFormat allows for the sidecar log format to be overridden, defaults to 'json'
 	// +optional
 	// +kubebuilder:default:="json"
 	LogFormat string `json:"logFormat"`
 	// EnvVarPrefix defines the prefix to be applied to all environment variables applied to the sidecar, default FLAGD
 	// +optional
 	// +kubebuilder:default:="FLAGD"
 	EnvVarPrefix string `json:"envVarPrefix"`
 	// RolloutOnChange dictates whether annotated deployments will be restarted when configuration changes are
--- a/apis/core/v1beta1/featureflagsource_types_test.go
+++ b/apis/core/v1beta1/featureflagsource_types_test.go
--- a/apis/core/v1beta1/flagd_types.go
+++ b/apis/core/v1beta1/flagd_types.go
@ -20,6 +20,7 @@ import (
 	v1 "k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	gatewayApiv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 // FlagdSpec defines the desired state of Flagd
@ -49,6 +50,10 @@ type FlagdSpec struct {
 	// Ingress
 	// +optional
 	Ingress IngressSpec `json:"ingress"`
 	// GatewayApiRoutes
 	// +optional
 	GatewayApiRoutes GatewayApiSpec `json:"gatewayApiRoutes"`
 }
 // IngressSpec defines the options to be used when deploying the ingress for flagd
@ -91,6 +96,25 @@ type IngressSpec struct {
 	SyncPath string `json:"syncPath,omitempty"`
 }
 // GatewayApiSpec defines the options to be used when deploying Gateway API routes for flagd
 type GatewayApiSpec struct {
 	// Enabled enables/disables the Gateway API routes for flagd
 	Enabled bool `json:"enabled,omitempty"`
 	// Annotations to be added to the Gateway API routes
 	// +optional
 	Annotations map[string]string `json:"annotations,omitempty"`
 	// Hosts list of hosts to be added to the ingress.
 	// Empty string corresponds to rule with no host.
 	// +optional
 	Hosts []string `json:"hosts,omitempty"`
 	// ParentRefs references the resources (usually Gateways) that the Routes should
 	// be attached to.
 	ParentRefs []gatewayApiv1.ParentReference `json:"parentRefs"`
 }
 // FlagdStatus defines the observed state of Flagd
 type FlagdStatus struct {
 }
--- a/apis/core/v1beta1/groupversion_info.go
+++ b/apis/core/v1beta1/groupversion_info.go
--- a/apis/core/v1beta1/inprocessconfiguration_types.go
+++ b/apis/core/v1beta1/inprocessconfiguration_types.go
--- a/apis/core/v1beta1/inprocessconfiguration_types_test.go
+++ b/apis/core/v1beta1/inprocessconfiguration_types_test.go
--- a/apis/core/v1beta1/zz_generated.deepcopy.go
+++ b/apis/core/v1beta1/zz_generated.deepcopy.go
@ -24,7 +24,8 @@ import (
 	"encoding/json"
 	"k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
-	"k8s.io/apimachinery/pkg/runtime"
+	runtime "k8s.io/apimachinery/pkg/runtime"
 	apisv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@ -353,6 +354,7 @@ func (in *FlagdSpec) DeepCopyInto(out *FlagdSpec) {
 		**out = **in
 	}
 	in.Ingress.DeepCopyInto(&out.Ingress)
 	in.GatewayApiRoutes.DeepCopyInto(&out.GatewayApiRoutes)
 }
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlagdSpec.
@ -402,6 +404,40 @@ func (in *Flags) DeepCopy() *Flags {
 	return out
 }
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *GatewayApiSpec) DeepCopyInto(out *GatewayApiSpec) {
 	*out = *in
 	if in.Annotations != nil {
 		in, out := &in.Annotations, &out.Annotations
 		*out = make(map[string]string, len(*in))
 		for key, val := range *in {
 			(*out)[key] = val
 		}
 	}
 	if in.Hosts != nil {
 		in, out := &in.Hosts, &out.Hosts
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
 	if in.ParentRefs != nil {
 		in, out := &in.ParentRefs, &out.ParentRefs
 		*out = make([]apisv1.ParentReference, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
 }
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayApiSpec.
 func (in *GatewayApiSpec) DeepCopy() *GatewayApiSpec {
 	if in == nil {
 		return nil
 	}
 	out := new(GatewayApiSpec)
 	in.DeepCopyInto(out)
 	return out
 }
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *InProcessConfiguration) DeepCopyInto(out *InProcessConfiguration) {
 	*out = *in
--- a/api/go.mod
+++ b/api/go.mod
@ -0,0 +1,75 @@
 module github.com/open-feature/open-feature-operator/apis
 go 1.23.0
 toolchain go1.23.3
 require (
 	github.com/open-feature/flagd-schemas v0.2.9-0.20250529171004-2852d7772e6b
 	github.com/stretchr/testify v1.10.0
 	github.com/xeipuuv/gojsonschema v1.2.0
 	k8s.io/api v0.32.3
 	k8s.io/apimachinery v0.32.3
 	sigs.k8s.io/controller-runtime v0.20.1
 	sigs.k8s.io/gateway-api v1.2.1
 )
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/fsnotify/fsnotify v1.8.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.1.3 // indirect
 	github.com/google/gnostic-models v0.6.9 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/pprof v0.0.0-20250125003558-7fdb3d7e6fa0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.17.11 // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_golang v1.20.5 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.62.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	golang.org/x/net v0.34.0 // indirect
 	golang.org/x/oauth2 v0.25.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/sys v0.29.0 // indirect
 	golang.org/x/term v0.28.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
 	golang.org/x/time v0.9.0 // indirect
 	golang.org/x/tools v0.29.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/protobuf v1.36.4 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiextensions-apiserver v0.32.1 // indirect
 	k8s.io/client-go v0.32.1 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
 	k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
--- a/api/go.sum
+++ b/api/go.sum
@ -0,0 +1,198 @@
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
 github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
 github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
 github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
 github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
 github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
 github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
 github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
 github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
 github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
 github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
 github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
 github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
 github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
 github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
 github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/pprof v0.0.0-20250125003558-7fdb3d7e6fa0 h1:my2ucqBZmv+cWHIhZNSIYKzgN8EBGyHdC7zD5sASRAg=
 github.com/google/pprof v0.0.0-20250125003558-7fdb3d7e6fa0/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
 github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
 github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
 github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
 github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
 github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
 github.com/open-feature/flagd-schemas v0.2.9-0.20240708163558-2aa89b314322 h1:5zbNHqcZAc9jlhSrC0onuVL2RPpvYcDaNvW2wOZBfUY=
 github.com/open-feature/flagd-schemas v0.2.9-0.20240708163558-2aa89b314322/go.mod h1:WKtwo1eW9/K6D+4HfgTXWBqCDzpvMhDa5eRxW7R5B2U=
 github.com/open-feature/flagd-schemas v0.2.9-0.20250127221449-bb763438abc5/go.mod h1:WKtwo1eW9/K6D+4HfgTXWBqCDzpvMhDa5eRxW7R5B2U=
 github.com/open-feature/flagd-schemas v0.2.9-0.20250529171004-2852d7772e6b/go.mod h1:WKtwo1eW9/K6D+4HfgTXWBqCDzpvMhDa5eRxW7R5B2U=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
 github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
 github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
 github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
 github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
 github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
 golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
 golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70=
 golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
 golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
 golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
 golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE=
 golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
 google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM=
 google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
 gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc=
 k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k=
 k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls=
 k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k=
 k8s.io/apiextensions-apiserver v0.32.1 h1:hjkALhRUeCariC8DiVmb5jj0VjIc1N0DREP32+6UXZw=
 k8s.io/apiextensions-apiserver v0.32.1/go.mod h1:sxWIGuGiYov7Io1fAS2X06NjMIk5CbRHc2StSmbaQto=
 k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs=
 k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
 k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
 k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
 k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU=
 k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg=
 k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas=
 k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
 k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/controller-runtime v0.20.1 h1:JbGMAG/X94NeM3xvjenVUaBjy6Ui4Ogd/J5ZtjZnHaE=
 sigs.k8s.io/controller-runtime v0.20.1/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU=
 sigs.k8s.io/gateway-api v1.2.1 h1:fZZ/+RyRb+Y5tGkwxFKuYuSRQHu9dZtbjenblleOLHM=
 sigs.k8s.io/gateway-api v1.2.1/go.mod h1:EpNfEXNjiYfUJypf0eZ0P5iXA9ekSGWaS1WgPaM42X0=
 sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
 sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
 sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=
 sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
--- a/apis/go.mod
+++ b/apis/go.mod
@ -1,71 +0,0 @@
 module github.com/open-feature/open-feature-operator/apis
 go 1.21
 require (
 	github.com/open-feature/flagd-schemas v0.2.9-0.20240527214546-61523e5efe3e
 	github.com/stretchr/testify v1.8.4
 	github.com/xeipuuv/gojsonschema v1.2.0
 	k8s.io/api v0.28.10
 	k8s.io/apimachinery v0.28.10
 	sigs.k8s.io/controller-runtime v0.16.6
 )
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-logr/logr v1.2.4 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/imdario/mergo v0.3.6 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.16.0 // indirect
 	github.com/prometheus/client_model v0.4.0 // indirect
 	github.com/prometheus/common v0.44.0 // indirect
 	github.com/prometheus/procfs v0.10.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect
 	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/oauth2 v0.8.0 // indirect
 	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/term v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiextensions-apiserver v0.28.9 // indirect
 	k8s.io/client-go v0.28.9 // indirect
 	k8s.io/component-base v0.28.9 // indirect
 	k8s.io/klog/v2 v2.100.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect
 	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
--- a/apis/go.sum
+++ b/apis/go.sum
@ -1,209 +0,0 @@
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
 github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
 github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
 github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA=
 github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
 github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
 github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
 github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
 github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
 github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
 github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU=
 github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM=
 github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
 github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
 github.com/open-feature/flagd-schemas v0.2.9-0.20240408192555-ea4f119d2bd7 h1:oP+BH8RiNEmSWTffKEXz2ciwen7wbvyX0fESx0aoJ80=
 github.com/open-feature/flagd-schemas v0.2.9-0.20240408192555-ea4f119d2bd7/go.mod h1:WKtwo1eW9/K6D+4HfgTXWBqCDzpvMhDa5eRxW7R5B2U=
 github.com/open-feature/flagd-schemas v0.2.9-0.20240527214546-61523e5efe3e h1:j1xFE8kIrFXf4fZtJUsR457rEG4mxsq2YCVyy92I0HU=
 github.com/open-feature/flagd-schemas v0.2.9-0.20240527214546-61523e5efe3e/go.mod h1:WKtwo1eW9/K6D+4HfgTXWBqCDzpvMhDa5eRxW7R5B2U=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8=
 github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc=
 github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
 github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
 github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
 github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
 github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg=
 github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c=
 go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA=
 golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
 golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
 golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
 golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA=
 golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
 google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 k8s.io/api v0.28.10 h1:q1Y+h3F+siuwP/qCQuqgqGJjaIuQWN0yFE7z367E3Q0=
 k8s.io/api v0.28.10/go.mod h1:u6EzGdzmEC2vfhyw4sD89i7OIc/2v1EAwvd1t4chQac=
 k8s.io/apiextensions-apiserver v0.28.9 h1:yzPHp+4IASHeu7XIPkAKJrY4UjWdjiAjOcQMd6oNKj0=
 k8s.io/apiextensions-apiserver v0.28.9/go.mod h1:Rjhvq5y3JESdZgV2UOByldyefCfRrUguVpBLYOAIbVs=
 k8s.io/apimachinery v0.28.10 h1:cWonrYsJK3lbuf9IgMs5+L5Jzw6QR3ZGA3hzwG0HDeI=
 k8s.io/apimachinery v0.28.10/go.mod h1:zUG757HaKs6Dc3iGtKjzIpBfqTM4yiRsEe3/E7NX15o=
 k8s.io/client-go v0.28.9 h1:mmMvejwc/KDjMLmDpyaxkWNzlWRCJ6ht7Qsbsnwn39Y=
 k8s.io/client-go v0.28.9/go.mod h1:GFDy3rUNId++WGrr0hRaBrs+y1eZz5JtVZODEalhRMo=
 k8s.io/component-base v0.28.9 h1:ySM2PR8Z/xaUSG1Akd3yM6dqUezTltI7S5aV41MMuuc=
 k8s.io/component-base v0.28.9/go.mod h1:QtWzscEhCKRfHV24/S+11BwWjVxhC6fd3RYoEgZcWFU=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ=
 k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
 k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk=
 k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/controller-runtime v0.16.6 h1:FiXwTuFF5ZJKmozfP2Z0j7dh6kmxP4Ou1KLfxgKKC3I=
 sigs.k8s.io/controller-runtime v0.16.6/go.mod h1:+dQzkZxnylD0u49e0a+7AR+vlibEBaThmPca7lTyUsI=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
 sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
--- a/chart/open-feature-operator/Chart.yaml
+++ b/chart/open-feature-operator/Chart.yaml
@ -13,12 +13,12 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: "v0.6.0" # x-release-please-version
+version: "v0.8.7" # x-release-please-version
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "v0.6.0" # x-release-please-version
+appVersion: "v0.8.7" # x-release-please-version
 home: https://openfeature.dev
 icon: https://open-feature.github.io/open-feature-operator/chart/open-feature-operator/openfeature-logo.png
--- a/chart/open-feature-operator/README.md
+++ b/chart/open-feature-operator/README.md
@ -93,10 +93,27 @@ The command removes all the Kubernetes components associated with the chart and
 ### Global
-| Name               | Description                                                                                                                                                                                                                                                                      | Value                          |
+| Name               | Description                                                                                                                                                                                                  | Value                          |
-| ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
+| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------ |
-| `defaultNamespace` | To override the namespace use the `--namespace` flag. This default is provided to ensure that the kustomize build charts in `/templates` deploy correctly when no `namespace` is provided via the `-n` flag.                                                                     | `open-feature-operator-system` |
+| `defaultNamespace` | To override the namespace use the `--namespace` flag. This default is provided to ensure that the kustomize build charts in `/templates` deploy correctly when no `namespace` is provided via the `-n` flag. | `open-feature-operator-system` |
-| `imagePullSecrets` | Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image, controllerManager.kubeRbacProxy.image). Example: imagePullSecrets: [{"name": "my-secret"}]  | `[]`                           |
+
 ### namespace
 | Name                    | Description                                                                                                                                                                                                                               | Value  |
 | ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
 | `namespace.create`      | Whether to create the namespace as part of this chart.                                                                                                                                                                                    | `true` |
 | `namespace.labels`      | Labels for the namespace if created as part of the chart.                                                                                                                                                                                 | `{}`   |
 | `namespace.annotations` | Annotations for the namespace if created as part of the chart.                                                                                                                                                                            | `{}`   |
 | `imagePullSecrets`      | Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image). Example: imagePullSecrets: [{"name": "my-secret"}]  | `[]`   |
 | `labels`                | Labels to apply to all of the pods in the operator.                                                                                                                                                                                       | `{}`   |
 | `annotations`           | Annotations to apply to all of the pods in the operator.                                                                                                                                                                                  | `{}`   |
 ### Mutating Webhook configuration
 | Name                             | Description                                               | Value    |
 | -------------------------------- | --------------------------------------------------------- | -------- |
 | `mutatingWebhook.failurePolicy`  | FailurePolicy when the webhook does not respond           | `Ignore` |
 | `mutatingWebhook.objectSelector` | ObjectSelector on which pods the mutatingWebhook will run | `{}`     |
 ### Sidecar configuration
@ -106,7 +123,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `sidecarConfiguration.managementPort`            | Sets the value of the `XXX_MANAGEMENT_PORT` environment variable for the injected sidecar.                                                                                                                                                                  | `8014`                       |
 | `sidecarConfiguration.socketPath`                | Sets the value of the `XXX_SOCKET_PATH` environment variable for the injected sidecar.                                                                                                                                                                      | `""`                         |
 | `sidecarConfiguration.image.repository`          | Sets the image for the injected sidecar.                                                                                                                                                                                                                    | `ghcr.io/open-feature/flagd` |
-| `sidecarConfiguration.image.tag`                 | Sets the version tag for the injected sidecar.                                                                                                                                                                                                              | `v0.10.3`                    |
+| `sidecarConfiguration.image.tag`                 | Sets the version tag for the injected sidecar.                                                                                                                                                                                                              | `v0.12.4`                    |
 | `sidecarConfiguration.providerArgs`              | Used to append arguments to the sidecar startup command. This value is a comma separated string of key values separated by '=', e.g. `key=value,key2=value2` results in the appending of `--sync-provider-args key=value --sync-provider-args key2=value2`. | `""`                         |
 | `sidecarConfiguration.envVarPrefix`              | Sets the prefix for all environment variables set in the injected sidecar.                                                                                                                                                                                  | `FLAGD`                      |
 | `sidecarConfiguration.defaultSyncProvider`       | Sets the value of the `XXX_SYNC_PROVIDER` environment variable for the injected sidecar container. There are 4 valid sync providers: `kubernetes`, `grpc`, `file` and `http`.                                                                               | `kubernetes`                 |
@ -138,10 +155,11 @@ The command removes all the Kubernetes components associated with the chart and
 | Name                                       | Description                                                                     | Value                              |
 | ------------------------------------------ | ------------------------------------------------------------------------------- | ---------------------------------- |
 | `flagdProxyConfiguration.replicaCount`     | sets the number of replicas for the flagd-proxy deployment.                     | `1`                                |
 | `flagdProxyConfiguration.port`             | Sets the port to expose the sync API on.                                        | `8015`                             |
 | `flagdProxyConfiguration.managementPort`   | Sets the port to expose the management API on.                                  | `8016`                             |
 | `flagdProxyConfiguration.image.repository` | Sets the image for the flagd-proxy deployment.                                  | `ghcr.io/open-feature/flagd-proxy` |
-| `flagdProxyConfiguration.image.tag`        | Sets the tag for the flagd-proxy deployment.                                    | `v0.6.2`                           |
+| `flagdProxyConfiguration.image.tag`        | Sets the tag for the flagd-proxy deployment.                                    | `v0.7.4`                           |
 | `flagdProxyConfiguration.debugLogging`     | Controls the addition of the `--debug` flag to the container startup arguments. | `false`                            |
 ### Flagd configuration
@ -153,27 +171,25 @@ The command removes all the Kubernetes components associated with the chart and
 | `flagdConfiguration.syncPort`         | Sets the port to expose the sync API on.                                        | `8015`                       |
 | `flagdConfiguration.managementPort`   | Sets the port to expose the management API on.                                  | `8014`                       |
 | `flagdConfiguration.image.repository` | Sets the image for the flagd deployment.                                        | `ghcr.io/open-feature/flagd` |
-| `flagdConfiguration.image.tag`        | Sets the tag for the flagd deployment.                                          | `v0.10.3`                    |
+| `flagdConfiguration.image.tag`        | Sets the tag for the flagd deployment.                                          | `v0.12.4`                    |
 | `flagdConfiguration.debugLogging`     | Controls the addition of the `--debug` flag to the container startup arguments. | `false`                      |
 ### Operator resource configuration
-| Name                                                                      | Description                                              | Value                                        |
+| Name                                                                      | Description                                                                                                      | Value                                        |
-| ------------------------------------------------------------------------- | -------------------------------------------------------- | -------------------------------------------- |
+| ------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | -------------------------------------------- |
-| `controllerManager.kubeRbacProxy.image.repository`                        | Sets the image for the kube-rbac-proxy.                  | `gcr.io/kubebuilder/kube-rbac-proxy`         |
+| `controllerManager.manager.image.repository`                              | Sets the image for the operator.                                                                                 | `ghcr.io/open-feature/open-feature-operator` |
-| `controllerManager.kubeRbacProxy.image.tag`                               | Sets the version tag for the kube-rbac-proxy.            | `v0.14.1`                                    |
+| `controllerManager.manager.image.tag`                                     | Sets the version tag for the operator.                                                                           | `v0.8.7`                                     |
-| `controllerManager.kubeRbacProxy.resources.limits.cpu`                    | Sets cpu resource limits for kube-rbac-proxy.            | `500m`                                       |
+| `controllerManager.manager.resources.limits.cpu`                          | Sets cpu resource limits for operator.                                                                           | `500m`                                       |
-| `controllerManager.kubeRbacProxy.resources.limits.memory`                 | Sets memory resource limits for kube-rbac-proxy.         | `128Mi`                                      |
+| `controllerManager.manager.resources.limits.memory`                       | Sets memory resource limits for operator.                                                                        | `128Mi`                                      |
-| `controllerManager.kubeRbacProxy.resources.requests.cpu`                  | Sets cpu resource requests for kube-rbac-proxy.          | `5m`                                         |
+| `controllerManager.manager.resources.requests.cpu`                        | Sets cpu resource requests for operator.                                                                         | `10m`                                        |
-| `controllerManager.kubeRbacProxy.resources.requests.memory`               | Sets memory resource requests for kube-rbac-proxy.       | `64Mi`                                       |
+| `controllerManager.manager.resources.requests.memory`                     | Sets memory resource requests for operator.                                                                      | `64Mi`                                       |
-| `controllerManager.manager.image.repository`                              | Sets the image for the operator.                         | `ghcr.io/open-feature/open-feature-operator` |
+| `controllerManager.manager.hostNetwork`                                   | Should the injector pods run on the host network (useful when using an alternate CNI in EKS)                     | `false`                                      |
-| `controllerManager.manager.image.tag`                                     | Sets the version tag for the operator.                   | `v0.6.0`                                     |
+| `controllerManager.manager.dnsPolicy`                                     | Pod DNS resolution scheme. Should be `ClusterFirstWithHostNet` if hostNetwork is true, `ClusterFirst` otherwise. | `ClusterFirst`                               |
-| `controllerManager.manager.resources.limits.cpu`                          | Sets cpu resource limits for operator.                   | `500m`                                       |
+| `controllerManager.replicas`                                              | Sets number of replicas of the OpenFeature operator pod.                                                         | `1`                                          |
-| `controllerManager.manager.resources.limits.memory`                       | Sets memory resource limits for operator.                | `128Mi`                                      |
+| `managerConfig.flagsValidationEnabled`                                    | Enables the validating webhook for FeatureFlag CR.                                                               | `true`                                       |
-| `controllerManager.manager.resources.requests.cpu`                        | Sets cpu resource requests for operator.                 | `10m`                                        |
+| `managerConfig.controllerManagerConfigYaml.health.healthProbeBindAddress` | Sets the bind address for health probes.                                                                         | `:8081`                                      |
-| `controllerManager.manager.resources.requests.memory`                     | Sets memory resource requests for operator.              | `64Mi`                                       |
+| `managerConfig.controllerManagerConfigYaml.metrics.bindAddress`           | Sets the bind address for metrics (combined with bindPort).                                                      | `127.0.0.1`                                  |
-| `controllerManager.replicas`                                              | Sets number of replicas of the OpenFeature operator pod. | `1`                                          |
+| `managerConfig.controllerManagerConfigYaml.metrics.bindPort`              | Sets the bind port for metrics.                                                                                  | `8080`                                       |
-| `managerConfig.flagsValidatonEnabled`                                     | Enables the validating webhook for FeatureFlag CR.       | `true`                                       |
+| `managerConfig.controllerManagerConfigYaml.webhook.port`                  | Sets the bind address for webhook.                                                                               | `9443`                                       |
-| `managerConfig.controllerManagerConfigYaml.health.healthProbeBindAddress` | Sets the bind address for health probes.                 | `:8081`                                      |
+
 | `managerConfig.controllerManagerConfigYaml.metrics.bindAddress`           | Sets the bind address for metrics.                       | `127.0.0.1:8080`                             |
 | `managerConfig.controllerManagerConfigYaml.webhook.port`                  | Sets the bind address for webhook.                       | `9443`                                       |
--- a/chart/open-feature-operator/templates/admissionregistration.k8s.io_v1_validatingwebhookconfiguration_open-feature-operator-validating-webhook-configuration.yaml
+++ b/chart/open-feature-operator/templates/admissionregistration.k8s.io_v1_validatingwebhookconfiguration_open-feature-operator-validating-webhook-configuration.yaml
@ -1,4 +1,4 @@
-{{ if eq .Values.managerConfig.flagsValidatonEnabled "true" }}
+{{ if eq .Values.managerConfig.flagsValidationEnabled "true" }}
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
--- a/chart/open-feature-operator/templates/namespace.yaml
+++ b/chart/open-feature-operator/templates/namespace.yaml
@ -1,10 +1,17 @@
 # Only deploy the namespace if the default is being used (helm install should fail if the namespace isnt present)
 # when one is defined with -n
-{{ if eq ( include "chart.namespace" . ) .Values.defaultNamespace }}
+{{- if and (eq (include "chart.namespace" .) .Values.defaultNamespace) .Values.namespace.create }}
 apiVersion: v1
 kind: Namespace
 metadata:
  name: '{{ include "chart.namespace" . }}'
  labels:
    control-plane: controller-manager
-  name: '{{ include "chart.namespace" . }}'
+    {{- range $key, $value := $.Values.namespace.labels }}
-{{ end }}
+    {{ $key }}: {{ $value | quote }}
    {{- end }}
  annotations:
    {{- range $key, $value := $.Values.namespace.annotations }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
 {{ end }}
--- a/chart/open-feature-operator/values.yaml
+++ b/chart/open-feature-operator/values.yaml
@ -2,9 +2,28 @@
 ## @section Global
 ## @param  defaultNamespace To override the namespace use the `--namespace` flag. This default is provided to ensure that the kustomize build charts in `/templates` deploy correctly when no `namespace` is provided via the `-n` flag.
 defaultNamespace: open-feature-operator-system
-## @param imagePullSecrets Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image, controllerManager.kubeRbacProxy.image). Example: imagePullSecrets: [{"name": "my-secret"}] 
+## @section namespace
-imagePullSecrets: []
+namespace:
  ## @param namespace.create Whether to create the namespace as part of this chart.
  create: true
  ## @param namespace.labels Labels for the namespace if created as part of the chart.
  labels: {}
  ## @param namespace.annotations Annotations for the namespace if created as part of the chart.
  annotations: {}
 ## @param imagePullSecrets Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image). Example: imagePullSecrets: [{"name": "my-secret"}] 
 imagePullSecrets: []
 ## @param labels Labels to apply to all of the pods in the operator.
 labels: {}
 ## @param annotations Annotations to apply to all of the pods in the operator.
 annotations: {}
 ## @section Mutating Webhook configuration
 mutatingWebhook:
  ## @param mutatingWebhook.failurePolicy FailurePolicy when the webhook does not respond
  failurePolicy: Ignore
  ## @param mutatingWebhook.objectSelector ObjectSelector on which pods the mutatingWebhook will run
  objectSelector: {}
 ## @section Sidecar configuration
 sidecarConfiguration:
  ## @param sidecarConfiguration.port Sets the value of the `XXX_PORT` environment variable for the injected sidecar.
@ -18,7 +37,7 @@ sidecarConfiguration:
    ## @param sidecarConfiguration.image.repository Sets the image for the injected sidecar.
    repository: "ghcr.io/open-feature/flagd"
    ## @param sidecarConfiguration.image.tag Sets the version tag for the injected sidecar.
-    tag: v0.10.3
+    tag: v0.12.4
  ## @param sidecarConfiguration.providerArgs Used to append arguments to the sidecar startup command. This value is a comma separated string of key values separated by '=', e.g. `key=value,key2=value2` results in the appending of `--sync-provider-args key=value --sync-provider-args key2=value2`.
  providerArgs: ""
  ## @param sidecarConfiguration.envVarPrefix Sets the prefix for all environment variables set in the injected sidecar.
@ -71,6 +90,8 @@ inProcessConfiguration:
 ## @section Flagd-proxy configuration
 flagdProxyConfiguration:
  ## @param flagdProxyConfiguration.replicaCount sets the number of replicas for the flagd-proxy deployment.
  replicaCount: 1
  ## @param flagdProxyConfiguration.port Sets the port to expose the sync API on.
  port: 8015
  ## @param flagdProxyConfiguration.managementPort Sets the port to expose the management API on.
@ -79,7 +100,7 @@ flagdProxyConfiguration:
    ## @param flagdProxyConfiguration.image.repository Sets the image for the flagd-proxy deployment.
    repository: "ghcr.io/open-feature/flagd-proxy"
    ## @param flagdProxyConfiguration.image.tag Sets the tag for the flagd-proxy deployment.
-    tag: v0.6.2
+    tag: v0.7.4
  ## @param flagdProxyConfiguration.debugLogging Controls the addition of the `--debug` flag to the container startup arguments.
  debugLogging: false
@ -97,35 +118,18 @@ flagdConfiguration:
    ## @param flagdConfiguration.image.repository Sets the image for the flagd deployment.
    repository: "ghcr.io/open-feature/flagd"
    ## @param flagdConfiguration.image.tag Sets the tag for the flagd deployment.
-    tag: v0.10.3
+    tag: v0.12.4
  ## @param flagdConfiguration.debugLogging Controls the addition of the `--debug` flag to the container startup arguments.
  debugLogging: false
 ## @section Operator resource configuration
 controllerManager:
  kubeRbacProxy:
    image:
      ## @param controllerManager.kubeRbacProxy.image.repository Sets the image for the kube-rbac-proxy.
      repository: gcr.io/kubebuilder/kube-rbac-proxy
      ## @param controllerManager.kubeRbacProxy.image.tag Sets the version tag for the kube-rbac-proxy.
      tag: "v0.14.1"
    resources:
      limits:
        ## @param controllerManager.kubeRbacProxy.resources.limits.cpu Sets cpu resource limits for kube-rbac-proxy.
        cpu: 500m
        ## @param controllerManager.kubeRbacProxy.resources.limits.memory Sets memory resource limits for kube-rbac-proxy.
        memory: 128Mi
      requests:
        ## @param controllerManager.kubeRbacProxy.resources.requests.cpu Sets cpu resource requests for kube-rbac-proxy.
        cpu: 5m
        ## @param controllerManager.kubeRbacProxy.resources.requests.memory Sets memory resource requests for kube-rbac-proxy.
        memory: 64Mi
  manager:
    image:
      ## @param controllerManager.manager.image.repository Sets the image for the operator.
      repository: ghcr.io/open-feature/open-feature-operator
      ## @param controllerManager.manager.image.tag Sets the version tag for the operator.
-      tag: v0.6.0 # x-release-please-version
+      tag: v0.8.7 # x-release-please-version
    resources:
      limits:
        ## @param controllerManager.manager.resources.limits.cpu Sets cpu resource limits for operator.
@ -137,19 +141,25 @@ controllerManager:
        cpu: 10m
        ## @param controllerManager.manager.resources.requests.memory Sets memory resource requests for operator.
        memory: 64Mi
    ## @param controllerManager.manager.hostNetwork Should the injector pods run on the host network (useful when using an alternate CNI in EKS)
    hostNetwork: false
    ## @param controllerManager.manager.dnsPolicy Pod DNS resolution scheme. Should be `ClusterFirstWithHostNet` if hostNetwork is true, `ClusterFirst` otherwise.
    dnsPolicy: ClusterFirst
  ## @param controllerManager.replicas Sets number of replicas of the OpenFeature operator pod.
  replicas: 1
 managerConfig:
-  ## @param managerConfig.flagsValidatonEnabled Enables the validating webhook for FeatureFlag CR.
+  ## @param managerConfig.flagsValidationEnabled Enables the validating webhook for FeatureFlag CR.
-  flagsValidatonEnabled: "true"
+  flagsValidationEnabled: "true"
  controllerManagerConfigYaml:
    health:
      ## @param managerConfig.controllerManagerConfigYaml.health.healthProbeBindAddress Sets the bind address for health probes.
      healthProbeBindAddress: :8081
-    metrics:
+    metrics: 
-      ## @param managerConfig.controllerManagerConfigYaml.metrics.bindAddress Sets the bind address for metrics.
+      ## @param managerConfig.controllerManagerConfigYaml.metrics.bindAddress Sets the bind address for metrics (combined with bindPort).
-      bindAddress: 127.0.0.1:8080
+      bindAddress: 127.0.0.1
      ## @param managerConfig.controllerManagerConfigYaml.metrics.bindPort Sets the bind port for metrics.
      bindPort: 8080
    webhook:
      ## @param managerConfig.controllerManagerConfigYaml.webhook.port Sets the bind address for webhook.
      port: 9443
--- a/cmd/main.go
+++ b/cmd/main.go
@ -18,22 +18,26 @@ package main
 import (
 	"context"
 	"crypto/tls"
 	"flag"
 	"fmt"
 	"log"
 	"os"
 	"path/filepath"
 	"strings"
 	"time"
 	"github.com/kelseyhightower/envconfig"
 	corev1beta1 "github.com/open-feature/open-feature-operator/apis/core/v1beta1"
-	"github.com/open-feature/open-feature-operator/common"
+	"github.com/open-feature/open-feature-operator/internal/common"
-	"github.com/open-feature/open-feature-operator/common/flagdinjector"
+	"github.com/open-feature/open-feature-operator/internal/common/flagdinjector"
-	"github.com/open-feature/open-feature-operator/common/flagdproxy"
+	"github.com/open-feature/open-feature-operator/internal/common/flagdproxy"
-	"github.com/open-feature/open-feature-operator/common/types"
+	"github.com/open-feature/open-feature-operator/internal/common/types"
-	"github.com/open-feature/open-feature-operator/controllers/core/featureflagsource"
+	"github.com/open-feature/open-feature-operator/internal/common/utils"
-	"github.com/open-feature/open-feature-operator/controllers/core/flagd"
+	"github.com/open-feature/open-feature-operator/internal/controller/core/featureflagsource"
-	flagdresources "github.com/open-feature/open-feature-operator/controllers/core/flagd/resources"
+	"github.com/open-feature/open-feature-operator/internal/controller/core/flagd"
-	webhooks "github.com/open-feature/open-feature-operator/webhooks"
+	flagdResources "github.com/open-feature/open-feature-operator/internal/controller/core/flagd/resources"
 	webhooks "github.com/open-feature/open-feature-operator/internal/webhook"
 	"go.uber.org/zap/zapcore"
 	appsV1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@ -44,13 +48,17 @@ import (
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/certwatcher"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	"sigs.k8s.io/controller-runtime/pkg/metrics/filters"
 	"sigs.k8s.io/controller-runtime/pkg/metrics/server"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 	gatewayApiv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 const (
@ -58,32 +66,71 @@ const (
 	metricsBindAddressFlagName     = "metrics-bind-address"
 	verboseFlagName                = "verbose"
 	leaderElectFlagName            = "leader-elect"
-	sidecarCpuLimitFlagName        = "sidecar-cpu-limit"
+
-	sidecarRamLimitFlagName        = "sidecar-ram-limit"
+	sidecarCpuLimitFlagName = "sidecar-cpu-limit"
-	sidecarCpuRequestFlagName      = "sidecar-cpu-request"
+	sidecarCpuLimitDefault  = "0.5"
-	sidecarRamRequestFlagName      = "sidecar-ram-request"
+
-	sidecarCpuLimitDefault         = "0.5"
+	sidecarRamLimitFlagName = "sidecar-ram-limit"
-	sidecarRamLimitDefault         = "64M"
+	sidecarRamLimitDefault  = "64M"
-	sidecarCpuRequestDefault       = "0.2"
+
-	sidecarRamRequestDefault       = "32M"
+	sidecarCpuRequestFlagName = "sidecar-cpu-request"
-	imagePullSecretFlagName        = "image-pull-secrets"
+	sidecarCpuRequestDefault  = "0.2"
-	imagePullSecretFlagDefault     = ""
+
 	sidecarRamRequestFlagName = "sidecar-ram-request"
 	sidecarRamRequestDefault  = "32M"
 	imagePullSecretFlagName    = "image-pull-secrets"
 	imagePullSecretFlagDefault = ""
 	labelsFlagName    = "labels"
 	labelsFlagDefault = ""
 	annotationsFlagName    = "annotations"
 	annotationsFlagDefault = ""
 )
 var (
 	scheme                                                                 = runtime.NewScheme()
 	setupLog                                                               = ctrl.Log.WithName("setup")
 	metricsAddr                                                            string
 	metricsCertPath, metricsCertName, metricsCertKey                       string
 	webhookCertPath, webhookCertName, webhookCertKey                       string
 	secureMetrics                                                          bool
 	enableHTTP2                                                            bool
 	tlsOpts                                                                []func(*tls.Config)
 	enableLeaderElection                                                   bool
 	probeAddr                                                              string
 	verbose                                                                bool
 	sidecarCpuLimit, sidecarRamLimit, sidecarCpuRequest, sidecarRamRequest string
 	imagePullSecrets                                                       string
 	labels                                                                 string
 	annotations                                                            string
 )
 // StringToMap transforms a string into a map[string]string
 func StringToMap(s string) map[string]string {
 	m := map[string]string{}
 	for _, pair := range strings.Split(s, ",") {
 		kv := strings.SplitN(pair, ":", 2)
 		if len(kv) == 2 {
 			m[kv[0]] = kv[1]
 		}
 	}
 	return m
 }
 // CommaSeparatedStringToSlice transforms a comma-separated string into a slice of strings
 func CommaSeparatedStringToSlice(s string) []string {
 	if s == "" {
 		return []string{}
 	}
 	return strings.Split(s, ",")
 }
 func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 	utilruntime.Must(corev1beta1.AddToScheme(scheme))
 	utilruntime.Must(gatewayApiv1.Install(scheme))
 	//+kubebuilder:scaffold:scheme
 }
@ -101,12 +148,26 @@ func main() {
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
 	flag.BoolVar(&secureMetrics, "metrics-secure", true,
 		"If set, the metrics endpoint is served securely via HTTPS. Use --metrics-secure=false to use HTTP instead.")
 	flag.StringVar(&webhookCertPath, "webhook-cert-path", "", "The directory that contains the webhook certificate.")
 	flag.StringVar(&webhookCertName, "webhook-cert-name", "tls.crt", "The name of the webhook certificate file.")
 	flag.StringVar(&webhookCertKey, "webhook-cert-key", "tls.key", "The name of the webhook key file.")
 	flag.StringVar(&metricsCertPath, "metrics-cert-path", "",
 		"The directory that contains the metrics server certificate.")
 	flag.StringVar(&metricsCertName, "metrics-cert-name", "tls.crt", "The name of the metrics server certificate file.")
 	flag.StringVar(&metricsCertKey, "metrics-cert-key", "tls.key", "The name of the metrics server key file.")
 	flag.BoolVar(&enableHTTP2, "enable-http2", false,
 		"If set, HTTP/2 will be enabled for the metrics and webhook servers")
 	// the following default values are chosen as a result of load testing: https://github.com/open-feature/flagd/blob/main/tests/loadtest/README.MD#performance-observations
 	flag.StringVar(&sidecarCpuLimit, sidecarCpuLimitFlagName, sidecarCpuLimitDefault, "sidecar CPU limit, in cores. (500m = .5 cores)")
 	flag.StringVar(&sidecarRamLimit, sidecarRamLimitFlagName, sidecarRamLimitDefault, "sidecar memory limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)")
 	flag.StringVar(&sidecarCpuRequest, sidecarCpuRequestFlagName, sidecarCpuRequestDefault, "sidecar CPU minimum, in cores. (500m = .5 cores)")
 	flag.StringVar(&sidecarRamRequest, sidecarRamRequestFlagName, sidecarRamRequestDefault, "sidecar memory minimum, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)")
 	flag.StringVar(&imagePullSecrets, imagePullSecretFlagName, imagePullSecretFlagDefault, "Comma-delimited list of secrets containing credentials to pull images.")
 	flag.StringVar(&labels, labelsFlagName, labelsFlagDefault, "Map of labels to add to the deployed pods. Formatted like key1:value1,key2:value2,key3:value3")
 	flag.StringVar(&annotations, annotationsFlagName, annotationsFlagDefault, "Map of annotations to add to the deployed pods. Formatted like key1:value1,key2:value2,key3:value3")
 	flag.Parse()
@ -122,6 +183,95 @@ func main() {
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 	// if the enable-http2 flag is false (the default), http/2 should be disabled
 	// due to its vulnerabilities. More specifically, disabling http/2 will
 	// prevent from being vulnerable to the HTTP/2 Stream Cancellation and
 	// Rapid Reset CVEs. For more information see:
 	// - https://github.com/advisories/GHSA-qppj-fm5r-hxr3
 	// - https://github.com/advisories/GHSA-4374-p667-p6c8
 	disableHTTP2 := func(c *tls.Config) {
 		setupLog.Info("disabling http/2")
 		c.NextProtos = []string{"http/1.1"}
 	}
 	if !enableHTTP2 {
 		tlsOpts = append(tlsOpts, disableHTTP2)
 	}
 	// Create watchers for metrics and webhooks certificates
 	var metricsCertWatcher, webhookCertWatcher *certwatcher.CertWatcher
 	// Initial webhook TLS options
 	webhookTLSOpts := tlsOpts
 	if len(webhookCertPath) > 0 {
 		setupLog.Info("Initializing webhook certificate watcher using provided certificates",
 			"webhook-cert-path", webhookCertPath, "webhook-cert-name", webhookCertName, "webhook-cert-key", webhookCertKey)
 		var err error
 		webhookCertWatcher, err = certwatcher.New(
 			filepath.Join(webhookCertPath, webhookCertName),
 			filepath.Join(webhookCertPath, webhookCertKey),
 		)
 		if err != nil {
 			setupLog.Error(err, "Failed to initialize webhook certificate watcher")
 			os.Exit(1)
 		}
 		webhookTLSOpts = append(webhookTLSOpts, func(config *tls.Config) {
 			config.GetCertificate = webhookCertWatcher.GetCertificate
 		})
 	}
 	webhookServer := webhook.NewServer(webhook.Options{
 		TLSOpts: webhookTLSOpts,
 		Port:    9443,
 	})
 	// Metrics endpoint is enabled in 'config/default/kustomization.yaml'. The Metrics options configure the server.
 	// More info:
 	// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.20.0/pkg/metrics/server
 	// - https://book.kubebuilder.io/reference/metrics.html
 	metricsServerOptions := metricsserver.Options{
 		BindAddress:   metricsAddr,
 		SecureServing: secureMetrics,
 		TLSOpts:       tlsOpts,
 	}
 	if secureMetrics {
 		// FilterProvider is used to protect the metrics endpoint with authn/authz.
 		// These configurations ensure that only authorized users and service accounts
 		// can access the metrics endpoint. The RBAC are configured in 'config/rbac/kustomization.yaml'. More info:
 		// https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.20.0/pkg/metrics/filters#WithAuthenticationAndAuthorization
 		metricsServerOptions.FilterProvider = filters.WithAuthenticationAndAuthorization
 	}
 	// If the certificate is not specified, controller-runtime will automatically
 	// generate self-signed certificates for the metrics server. While convenient for development and testing,
 	// this setup is not recommended for production.
 	//
 	// - [METRICS-WITH-CERTS] at config/default/kustomization.yaml to generate and use certificates
 	// managed by cert-manager for the metrics server.
 	// - [PROMETHEUS-WITH-CERTS] at config/prometheus/kustomization.yaml for TLS certification.
 	if len(metricsCertPath) > 0 {
 		setupLog.Info("Initializing metrics certificate watcher using provided certificates",
 			"metrics-cert-path", metricsCertPath, "metrics-cert-name", metricsCertName, "metrics-cert-key", metricsCertKey)
 		var err error
 		metricsCertWatcher, err = certwatcher.New(
 			filepath.Join(metricsCertPath, metricsCertName),
 			filepath.Join(metricsCertPath, metricsCertKey),
 		)
 		if err != nil {
 			setupLog.Error(err, "to initialize metrics certificate watcher", "error", err)
 			os.Exit(1)
 		}
 		metricsServerOptions.TLSOpts = append(metricsServerOptions.TLSOpts, func(config *tls.Config) {
 			config.GetCertificate = metricsCertWatcher.GetCertificate
 		})
 	}
 	resources, err := processResources()
 	if err != nil {
 		os.Exit(1)
@ -134,6 +284,7 @@ func main() {
 		Metrics: server.Options{
 			BindAddress: metricsAddr,
 		},
 		HealthProbeBindAddress: probeAddr,
 		LeaderElection:         enableLeaderElection,
 		LeaderElectionID:       "131bf64c.openfeature.dev",
@ -142,15 +293,29 @@ func main() {
 				DisableFor: disableCacheFor,
 			},
 		},
-		WebhookServer: webhook.NewServer(webhook.Options{
+		WebhookServer: webhookServer,
 			Port: 9443,
 		}),
 	})
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")
 		os.Exit(1)
 	}
 	if metricsCertWatcher != nil {
 		setupLog.Info("Adding metrics certificate watcher to manager")
 		if err := mgr.Add(metricsCertWatcher); err != nil {
 			setupLog.Error(err, "unable to add metrics certificate watcher to manager")
 			os.Exit(1)
 		}
 	}
 	if webhookCertWatcher != nil {
 		setupLog.Info("Adding webhook certificate watcher to manager")
 		if err := mgr.Add(webhookCertWatcher); err != nil {
 			setupLog.Error(err, "unable to add webhook certificate watcher to manager")
 			os.Exit(1)
 		}
 	}
 	// setup indexer for backfilling permissions on the flagd-kubernetes-sync role binding
 	if err := mgr.GetFieldIndexer().IndexField(
 		context.Background(),
@ -182,8 +347,16 @@ func main() {
 		os.Exit(1)
 	}
 	labelsMap := StringToMap(labels)
 	annotationsMap := StringToMap(annotations)
 	kph := flagdproxy.NewFlagdProxyHandler(
-		flagdproxy.NewFlagdProxyConfiguration(env, strings.Split(imagePullSecrets, ",")),
+		flagdproxy.NewFlagdProxyConfiguration(
 			env,
 			CommaSeparatedStringToSlice(imagePullSecrets),
 			labelsMap,
 			annotationsMap,
 		),
 		mgr.GetClient(),
 		ctrl.Log.WithName("FeatureFlagSource FlagdProxyHandler"),
 	)
@ -193,6 +366,10 @@ func main() {
 		Scheme:     mgr.GetScheme(),
 		Log:        ctrl.Log.WithName("FeatureFlagSource Controller"),
 		FlagdProxy: kph,
 		FlagdProxyBackoff: &utils.ExponentialBackoff{
 			StartDelay: time.Second,
 			MaxDelay:   time.Minute,
 		},
 	}
 	if err = flagSourceController.SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "FeatureFlagSource")
@ -215,22 +392,31 @@ func main() {
 		Scheme: mgr.GetScheme(),
 		Log:    flagdControllerLogger,
 	}
-	flagdConfig := flagd.NewFlagdConfiguration(env, strings.Split(imagePullSecrets, ","))
+
 	flagdConfig := flagd.NewFlagdConfiguration(
 		env,
 		CommaSeparatedStringToSlice(imagePullSecrets),
 		labelsMap,
 		annotationsMap,
 	)
 	if err = (&flagd.FlagdReconciler{
 		Client:             mgr.GetClient(),
 		Scheme:             mgr.GetScheme(),
 		ResourceReconciler: flagdResourceReconciler,
-		FlagdDeployment: &flagdresources.FlagdDeployment{
+		FlagdDeployment: &flagdResources.FlagdDeployment{
 			Client:        mgr.GetClient(),
 			Log:           flagdControllerLogger,
 			FlagdInjector: flagdContainerInjector,
 			FlagdConfig:   flagdConfig,
 		},
-		FlagdService: &flagdresources.FlagdService{
+		FlagdService: &flagdResources.FlagdService{
 			FlagdConfig: flagdConfig,
 		},
-		FlagdIngress: &flagdresources.FlagdIngress{
+		FlagdIngress: &flagdResources.FlagdIngress{
 			FlagdConfig: flagdConfig,
 		},
 		FlagdGatewayApiHttpRoute: &flagdResources.FlagdGatewayApiHttpRoute{
 			FlagdConfig: flagdConfig,
 		},
 	}).SetupWithManager(mgr); err != nil {
@ -239,7 +425,7 @@ func main() {
 	}
 	if env.FlagsValidationEnabled {
-		if err = (&corev1beta1.FeatureFlag{}).SetupWebhookWithManager(mgr); err != nil {
+		if err = (&webhooks.FeatureFlagCustomValidator{}).SetupWebhookWithManager(mgr); err != nil {
 			setupLog.Error(err, "unable to create the validation webhook for FeatureFlag CRD", "webhook", "FeatureFlag")
 			os.Exit(1)
 		}
--- a/common/flagdproxy/flagdproxy.go
+++ b/common/flagdproxy/flagdproxy.go
@ -1,252 +0,0 @@
 package flagdproxy
 import (
 	"context"
 	"fmt"
 	"reflect"
 	"github.com/go-logr/logr"
 	"github.com/open-feature/open-feature-operator/common"
 	"github.com/open-feature/open-feature-operator/common/types"
 	appsV1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 const (
 	FlagdProxyDeploymentName     = "flagd-proxy"
 	FlagdProxyServiceAccountName = "open-feature-operator-flagd-proxy"
 	FlagdProxyServiceName        = "flagd-proxy-svc"
 )
 type FlagdProxyHandler struct {
 	client.Client
 	config *FlagdProxyConfiguration
 	Log    logr.Logger
 }
 type CreateUpdateFunc func(ctx context.Context, obj client.Object) error
 type FlagdProxyConfiguration struct {
 	Port                   int
 	ManagementPort         int
 	DebugLogging           bool
 	Image                  string
 	Tag                    string
 	Namespace              string
 	OperatorDeploymentName string
 	ImagePullSecrets       []string
 }
 func NewFlagdProxyConfiguration(env types.EnvConfig, imagePullSecrets []string) *FlagdProxyConfiguration {
 	return &FlagdProxyConfiguration{
 		Image:                  env.FlagdProxyImage,
 		Tag:                    env.FlagdProxyTag,
 		Namespace:              env.PodNamespace,
 		OperatorDeploymentName: common.OperatorDeploymentName,
 		Port:                   env.FlagdProxyPort,
 		ManagementPort:         env.FlagdProxyManagementPort,
 		DebugLogging:           env.FlagdProxyDebugLogging,
 		ImagePullSecrets:       imagePullSecrets,
 	}
 }
 func NewFlagdProxyHandler(config *FlagdProxyConfiguration, client client.Client, logger logr.Logger) *FlagdProxyHandler {
 	return &FlagdProxyHandler{
 		config: config,
 		Client: client,
 		Log:    logger,
 	}
 }
 func (f *FlagdProxyHandler) Config() *FlagdProxyConfiguration {
 	return f.config
 }
 func (f *FlagdProxyHandler) createObject(ctx context.Context, obj client.Object) error {
 	return f.Client.Create(ctx, obj)
 }
 func (f *FlagdProxyHandler) updateObject(ctx context.Context, obj client.Object) error {
 	return f.Client.Update(ctx, obj)
 }
 func (f *FlagdProxyHandler) HandleFlagdProxy(ctx context.Context) error {
 	exists, deployment, err := f.doesFlagdProxyExist(ctx)
 	if err != nil {
 		return err
 	}
 	ownerReference, err := f.getOwnerReference(ctx)
 	if err != nil {
 		return err
 	}
 	newDeployment := f.newFlagdProxyManifest(ownerReference)
 	newService := f.newFlagdProxyServiceManifest(ownerReference)
 	if !exists {
 		f.Log.Info("flagd-proxy Deployment does not exist, creating")
 		return f.deployFlagdProxy(ctx, f.createObject, newDeployment, newService)
 	}
 	// flagd-proxy exists, need to check if we should update it
 	if f.shouldUpdateFlagdProxy(deployment, newDeployment) {
 		f.Log.Info("flagd-proxy Deployment out of sync, updating")
 		return f.deployFlagdProxy(ctx, f.updateObject, newDeployment, newService)
 	}
 	f.Log.Info("flagd-proxy Deployment up-to-date")
 	return nil
 }
 func (f *FlagdProxyHandler) deployFlagdProxy(ctx context.Context, createUpdateFunc CreateUpdateFunc, deployment *appsV1.Deployment, service *corev1.Service) error {
 	f.Log.Info("deploying the flagd-proxy")
 	if err := createUpdateFunc(ctx, deployment); err != nil && !errors.IsAlreadyExists(err) {
 		return err
 	}
 	f.Log.Info("deploying the flagd-proxy service")
 	if err := createUpdateFunc(ctx, service); err != nil && !errors.IsAlreadyExists(err) {
 		return err
 	}
 	return nil
 }
 func (f *FlagdProxyHandler) newFlagdProxyServiceManifest(ownerReference *metav1.OwnerReference) *corev1.Service {
 	return &corev1.Service{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:            FlagdProxyServiceName,
 			Namespace:       f.config.Namespace,
 			OwnerReferences: []metav1.OwnerReference{*ownerReference},
 		},
 		Spec: corev1.ServiceSpec{
 			Selector: map[string]string{
 				"app.kubernetes.io/name":      FlagdProxyDeploymentName,
 				common.ManagedByAnnotationKey: common.ManagedByAnnotationValue,
 			},
 			Ports: []corev1.ServicePort{
 				{
 					Name:       "flagd-proxy",
 					Port:       int32(f.config.Port),
 					TargetPort: intstr.FromInt(f.config.Port),
 				},
 			},
 		},
 	}
 }
 func (f *FlagdProxyHandler) newFlagdProxyManifest(ownerReference *metav1.OwnerReference) *appsV1.Deployment {
 	replicas := int32(1)
 	args := []string{
 		"start",
 		"--management-port",
 		fmt.Sprintf("%d", f.config.ManagementPort),
 	}
 	if f.config.DebugLogging {
 		args = append(args, "--debug")
 	}
 	imagePullSecrets := []corev1.LocalObjectReference{}
 	for _, secret := range f.config.ImagePullSecrets {
 		imagePullSecrets = append(imagePullSecrets, corev1.LocalObjectReference{
 			Name: secret,
 		})
 	}
 	return &appsV1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      FlagdProxyDeploymentName,
 			Namespace: f.config.Namespace,
 			Labels: map[string]string{
 				"app":                          FlagdProxyDeploymentName,
 				"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
 				"app.kubernetes.io/version":    f.config.Tag,
 			},
 			OwnerReferences: []metav1.OwnerReference{*ownerReference},
 		},
 		Spec: appsV1.DeploymentSpec{
 			Replicas: &replicas,
 			Selector: &metav1.LabelSelector{
 				MatchLabels: map[string]string{
 					"app": FlagdProxyDeploymentName,
 				},
 			},
 			Template: corev1.PodTemplateSpec{
 				ObjectMeta: metav1.ObjectMeta{
 					Labels: map[string]string{
 						"app":                          FlagdProxyDeploymentName,
 						"app.kubernetes.io/name":       FlagdProxyDeploymentName,
 						"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
 						"app.kubernetes.io/version":    f.config.Tag,
 					},
 				},
 				Spec: corev1.PodSpec{
 					ServiceAccountName: FlagdProxyServiceAccountName,
 					ImagePullSecrets:   imagePullSecrets,
 					Containers: []corev1.Container{
 						{
 							Image: fmt.Sprintf("%s:%s", f.config.Image, f.config.Tag),
 							Name:  FlagdProxyDeploymentName,
 							Ports: []corev1.ContainerPort{
 								{
 									Name:          "port",
 									ContainerPort: int32(f.config.Port),
 								},
 								{
 									Name:          "management-port",
 									ContainerPort: int32(f.config.ManagementPort),
 								},
 							},
 							Args: args,
 						},
 					},
 				},
 			},
 		},
 	}
 }
 func (f *FlagdProxyHandler) doesFlagdProxyExist(ctx context.Context) (bool, *appsV1.Deployment, error) {
 	d := &appsV1.Deployment{}
 	err := f.Client.Get(ctx, client.ObjectKey{Name: FlagdProxyDeploymentName, Namespace: f.config.Namespace}, d)
 	if err != nil {
 		if errors.IsNotFound(err) {
 			// does not exist, is not ready, no error
 			return false, nil, nil
 		}
 		// does not exist, is not ready, is in error
 		return false, nil, err
 	}
 	return true, d, nil
 }
 func (f *FlagdProxyHandler) shouldUpdateFlagdProxy(old, new *appsV1.Deployment) bool {
 	if !common.IsManagedByOFO(old) {
 		f.Log.Info("flagd-proxy Deployment not managed by OFO")
 		return false
 	}
 	return !reflect.DeepEqual(old.Spec, new.Spec)
 }
 func (f *FlagdProxyHandler) getOperatorDeployment(ctx context.Context) (*appsV1.Deployment, error) {
 	d := &appsV1.Deployment{}
 	if err := f.Client.Get(ctx, client.ObjectKey{Name: f.config.OperatorDeploymentName, Namespace: f.config.Namespace}, d); err != nil {
 		return nil, fmt.Errorf("unable to fetch operator deployment: %w", err)
 	}
 	return d, nil
 }
 func (f *FlagdProxyHandler) getOwnerReference(ctx context.Context) (*metav1.OwnerReference, error) {
 	operatorDeployment, err := f.getOperatorDeployment(ctx)
 	if err != nil {
 		f.Log.Error(err, "unable to create owner reference for open-feature-operator")
 		return nil, err
 	}
 	return &metav1.OwnerReference{
 		UID:        operatorDeployment.GetUID(),
 		Name:       operatorDeployment.GetName(),
 		APIVersion: operatorDeployment.APIVersion,
 		Kind:       operatorDeployment.Kind,
 	}, nil
 }
--- a/common/utils/utils_test.go
+++ b/common/utils/utils_test.go
@ -1,41 +0,0 @@
 package utils
 import (
 	"testing"
 	"github.com/stretchr/testify/require"
 )
 func Test_FeatureFlagId(t *testing.T) {
 	require.Equal(t, "namespace_name", FeatureFlagId("namespace", "name"))
 }
 func Test_FeatureFlagConfigMapKey(t *testing.T) {
 	require.Equal(t, "namespace_name.flagd.json", FeatureFlagConfigMapKey("namespace", "name"))
 }
 func Test_FalseVal(t *testing.T) {
 	f := false
 	require.Equal(t, &f, FalseVal())
 }
 func Test_TrueVal(t *testing.T) {
 	tt := true
 	require.Equal(t, &tt, TrueVal())
 }
 func Test_ContainsString(t *testing.T) {
 	slice := []string{"str1", "str2"}
 	require.True(t, ContainsString(slice, "str1"))
 	require.False(t, ContainsString(slice, "some"))
 }
 func Test_ParseAnnotations(t *testing.T) {
 	s1, s2 := ParseAnnotation("some/anno", "default")
 	require.Equal(t, "some", s1)
 	require.Equal(t, "anno", s2)
 	s1, s2 = ParseAnnotation("anno", "default")
 	require.Equal(t, "default", s1)
 	require.Equal(t, "anno", s2)
 }
--- a/config/certmanager/certificate.yaml
+++ b/config/certmanager/certificate.yaml
@ -5,6 +5,9 @@ apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: selfsigned-issuer
  labels:
    app.kubernetes.io/name: open-feature-operator
    app.kubernetes.io/managed-by: kustomize
 spec:
  selfSigned: {}
 ---
@ -12,12 +15,35 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: serving-cert  # this name should match the one appeared in kustomizeconfig.yaml
  labels:
    app.kubernetes.io/name: open-feature-operator
    app.kubernetes.io/managed-by: kustomize
 spec:
-  # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
+  # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
  dnsNames:
-  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
+  - SERVICE_NAME.SERVICE_NAMESPACE.svc
-  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
+  - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local
  issuerRef:
    kind: Issuer
    name: selfsigned-issuer
  secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize
 ---
 # The following manifests contain a self-signed issuer CR and a metrics certificate CR.
 # More document can be found at https://docs.cert-manager.io
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: metrics-certs  # this name should match the one appeared in kustomizeconfig.yaml
  labels:
    app.kubernetes.io/name: open-feature-operator
    app.kubernetes.io/managed-by: kustomize
 spec:
  dnsNames:
    # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
    # replacements in the config/default/kustomization.yaml file.
    - SERVICE_NAME.SERVICE_NAMESPACE.svc
    - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local
  issuerRef:
    kind: Issuer
    name: selfsigned-issuer
  secretName: metrics-server-cert
--- a/config/certmanager/kustomizeconfig.yaml
+++ b/config/certmanager/kustomizeconfig.yaml
@ -6,11 +6,3 @@ nameReference:
  - kind: Certificate
    group: cert-manager.io
    path: spec/issuerRef/name
 varReference:
 - kind: Certificate
  group: cert-manager.io
  path: spec/commonName
 - kind: Certificate
  group: cert-manager.io
  path: spec/dnsNames
--- a/config/crd/bases/core.openfeature.dev_featureflagconfigurations.yaml
+++ b/config/crd/bases/core.openfeature.dev_featureflagconfigurations.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.5
  name: featureflagconfigurations.core.openfeature.dev
 spec:
  group: core.openfeature.dev
@ -83,10 +83,13 @@ spec:
                                  description: The key to select.
                                  type: string
                                name:
                                  default: ""
                                  description: |-
                                    Name of the referent.
                                    This field is effectively required, but due to backwards compatibility is
                                    allowed to be empty. Instances of this type with an empty value here are
                                    almost certainly wrong.
                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind, uid?
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
@ -146,10 +149,13 @@ spec:
                                    be a valid secret key.
                                  type: string
                                name:
                                  default: ""
                                  description: |-
                                    Name of the referent.
                                    This field is effectively required, but due to backwards compatibility is
                                    allowed to be empty. Instances of this type with an empty value here are
                                    almost certainly wrong.
                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind, uid?
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
@ -173,24 +179,8 @@ spec:
                nullable: true
                properties:
                  credentials:
-                    description: |-
+                    description: ObjectReference contains enough information to let
-                      ObjectReference contains enough information to let you inspect or modify the referred object.
+                      you inspect or modify the referred object.
                      ---
                      New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.
                       1. Ignored fields.  It includes many fields which are not generally honored.  For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.
                       2. Invalid usage help.  It is impossible to add specific help for individual usage.  In most embedded usages, there are particular
                          restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted".
                          Those cannot be well described when embedded.
                       3. Inconsistent validation.  Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.
                       4. The fields are both imprecise and overly precise.  Kind is not a precise mapping to a URL. This can produce ambiguity
                          during interpretation and require a REST mapping.  In most cases, the dependency is on the group,resource tuple
                          and the version of the actual struct is irrelevant.
                       5. We cannot easily change it.  Because this type is embedded in many locations, updates to this type
                          will affect numerous schemas.  Don't make new APIs embed an underspecified API type they do not control.
                      Instead of using this type, create a locally provided and used type that is well-focused on your reference.
                      For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
                    nullable: true
                    properties:
                      apiVersion:
@ -205,7 +195,6 @@ spec:
                          the event) or if no container name is specified "spec.containers[2]" (container with
                          index 2 in this pod). This syntax is chosen only to have some well-defined way of
                          referencing a part of an object.
                          TODO: this design is not final and this field is subject to change in the future.
                        type: string
                      kind:
                        description: |-
@ -369,10 +358,13 @@ spec:
                                  description: The key to select.
                                  type: string
                                name:
                                  default: ""
                                  description: |-
                                    Name of the referent.
                                    This field is effectively required, but due to backwards compatibility is
                                    allowed to be empty. Instances of this type with an empty value here are
                                    almost certainly wrong.
                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind, uid?
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
@ -432,10 +424,13 @@ spec:
                                    be a valid secret key.
                                  type: string
                                name:
                                  default: ""
                                  description: |-
                                    Name of the referent.
                                    This field is effectively required, but due to backwards compatibility is
                                    allowed to be empty. Instances of this type with an empty value here are
                                    almost certainly wrong.
                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind, uid?
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
@ -460,11 +455,9 @@ spec:
                      Claims lists the names of resources, defined in spec.resourceClaims,
                      that are used by this container.
                      This is an alpha field and requires enabling the
                      DynamicResourceAllocation feature gate.
                      This field is immutable. It can only be set for containers.
                    items:
                      description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@ -475,6 +468,12 @@ spec:
                            the Pod where this field is used. It makes that resource available
                            inside a container.
                          type: string
                        request:
                          description: |-
                            Request is the name chosen for a request in the referenced claim.
                            If empty, everything from the claim is made available, otherwise
                            only the result of this request.
                          type: string
                      required:
                      - name
                      type: object
@ -512,24 +511,8 @@ spec:
                nullable: true
                properties:
                  credentials:
-                    description: |-
+                    description: ObjectReference contains enough information to let
-                      ObjectReference contains enough information to let you inspect or modify the referred object.
+                      you inspect or modify the referred object.
                      ---
                      New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.
                       1. Ignored fields.  It includes many fields which are not generally honored.  For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.
                       2. Invalid usage help.  It is impossible to add specific help for individual usage.  In most embedded usages, there are particular
                          restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted".
                          Those cannot be well described when embedded.
                       3. Inconsistent validation.  Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.
                       4. The fields are both imprecise and overly precise.  Kind is not a precise mapping to a URL. This can produce ambiguity
                          during interpretation and require a REST mapping.  In most cases, the dependency is on the group,resource tuple
                          and the version of the actual struct is irrelevant.
                       5. We cannot easily change it.  Because this type is embedded in many locations, updates to this type
                          will affect numerous schemas.  Don't make new APIs embed an underspecified API type they do not control.
                      Instead of using this type, create a locally provided and used type that is well-focused on your reference.
                      For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
                    nullable: true
                    properties:
                      apiVersion:
@ -544,7 +527,6 @@ spec:
                          the event) or if no container name is specified "spec.containers[2]" (container with
                          index 2 in this pod). This syntax is chosen only to have some well-defined way of
                          referencing a part of an object.
                          TODO: this design is not final and this field is subject to change in the future.
                        type: string
                      kind:
                        description: |-
--- a/config/crd/bases/core.openfeature.dev_featureflags.yaml
+++ b/config/crd/bases/core.openfeature.dev_featureflags.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.5
  name: featureflags.core.openfeature.dev
 spec:
  group: core.openfeature.dev
--- a/config/crd/bases/core.openfeature.dev_featureflagsources.yaml
+++ b/config/crd/bases/core.openfeature.dev_featureflagsources.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.5
  name: featureflagsources.core.openfeature.dev
 spec:
  group: core.openfeature.dev
@ -49,6 +49,7 @@ spec:
                description: DefaultSyncProvider defines the default sync provider
                type: string
              envVarPrefix:
                default: FLAGD
                description: EnvVarPrefix defines the prefix to be applied to all
                  environment variables applied to the sidecar, default FLAGD
                type: string
@ -86,10 +87,13 @@ spec:
                              description: The key to select.
                              type: string
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the ConfigMap or its key
@ -148,10 +152,13 @@ spec:
                                be a valid secret key.
                              type: string
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
@ -167,13 +174,16 @@ spec:
                  type: object
                type: array
              evaluator:
                default: json
                description: Evaluator sets an evaluator, defaults to 'json'
                type: string
              logFormat:
                default: json
                description: LogFormat allows for the sidecar log format to be overridden,
                  defaults to 'json'
                type: string
              managementPort:
                default: 8014
                description: ManagemetPort defines the port to serve management on,
                  defaults to 8014
                format: int32
@ -183,6 +193,7 @@ spec:
                  flag of flagd sidecar. Default false (disabled).
                type: string
              port:
                default: 8013
                description: Port defines the port to listen on, defaults to 8013
                format: int32
                type: integer
@ -199,11 +210,9 @@ spec:
                      Claims lists the names of resources, defined in spec.resourceClaims,
                      that are used by this container.
                      This is an alpha field and requires enabling the
                      DynamicResourceAllocation feature gate.
                      This field is immutable. It can only be set for containers.
                    items:
                      description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@ -214,6 +223,12 @@ spec:
                            the Pod where this field is used. It makes that resource available
                            inside a container.
                          type: string
                        request:
                          description: |-
                            Request is the name chosen for a request in the referenced claim.
                            If empty, everything from the claim is made available, otherwise
                            only the result of this request.
                          type: string
                      required:
                      - name
                      type: object
--- a/config/crd/bases/core.openfeature.dev_flagds.yaml
+++ b/config/crd/bases/core.openfeature.dev_flagds.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.5
  name: flagds.core.openfeature.dev
 spec:
  group: core.openfeature.dev
@ -44,6 +44,180 @@ spec:
                  FeatureFlagSource references to a FeatureFlagSource from which the created flagd instance retrieves
                  the feature flag configurations
                type: string
              gatewayApiRoutes:
                description: GatewayApiRoutes
                properties:
                  annotations:
                    additionalProperties:
                      type: string
                    description: Annotations to be added to the Gateway API routes
                    type: object
                  enabled:
                    description: Enabled enables/disables the Gateway API routes for
                      flagd
                    type: boolean
                  hosts:
                    description: |-
                      Hosts list of hosts to be added to the ingress.
                      Empty string corresponds to rule with no host.
                    items:
                      type: string
                    type: array
                  parentRefs:
                    description: |-
                      ParentRefs references the resources (usually Gateways) that the Routes should
                      be attached to.
                    items:
                      description: |-
                        ParentReference identifies an API object (usually a Gateway) that can be considered
                        a parent of this resource (usually a route). There are two kinds of parent resources
                        with "Core" support:
                        * Gateway (Gateway conformance profile)
                        * Service (Mesh conformance profile, ClusterIP Services only)
                        This API may be extended in the future to support additional kinds of parent
                        resources.
                        The API object must be valid in the cluster; the Group and Kind must
                        be registered in the cluster for this reference to be valid.
                      properties:
                        group:
                          default: gateway.networking.k8s.io
                          description: |-
                            Group is the group of the referent.
                            When unspecified, "gateway.networking.k8s.io" is inferred.
                            To set the core API group (such as for a "Service" kind referent),
                            Group must be explicitly set to "" (empty string).
                            Support: Core
                          maxLength: 253
                          pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                          type: string
                        kind:
                          default: Gateway
                          description: |-
                            Kind is kind of the referent.
                            There are two kinds of parent resources with "Core" support:
                            * Gateway (Gateway conformance profile)
                            * Service (Mesh conformance profile, ClusterIP Services only)
                            Support for other resources is Implementation-Specific.
                          maxLength: 63
                          minLength: 1
                          pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
                          type: string
                        name:
                          description: |-
                            Name is the name of the referent.
                            Support: Core
                          maxLength: 253
                          minLength: 1
                          type: string
                        namespace:
                          description: |-
                            Namespace is the namespace of the referent. When unspecified, this refers
                            to the local namespace of the Route.
                            Note that there are specific rules for ParentRefs which cross namespace
                            boundaries. Cross-namespace references are only valid if they are explicitly
                            allowed by something in the namespace they are referring to. For example:
                            Gateway has the AllowedRoutes field, and ReferenceGrant provides a
                            generic way to enable any other kind of cross-namespace reference.
                            <gateway:experimental:description>
                            ParentRefs from a Route to a Service in the same namespace are "producer"
                            routes, which apply default routing rules to inbound connections from
                            any namespace to the Service.
                            ParentRefs from a Route to a Service in a different namespace are
                            "consumer" routes, and these routing rules are only applied to outbound
                            connections originating from the same namespace as the Route, for which
                            the intended destination of the connections are a Service targeted as a
                            ParentRef of the Route.
                            </gateway:experimental:description>
                            Support: Core
                          maxLength: 63
                          minLength: 1
                          pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                          type: string
                        port:
                          description: |-
                            Port is the network port this Route targets. It can be interpreted
                            differently based on the type of parent resource.
                            When the parent resource is a Gateway, this targets all listeners
                            listening on the specified port that also support this kind of Route(and
                            select this Route). It's not recommended to set `Port` unless the
                            networking behaviors specified in a Route must apply to a specific port
                            as opposed to a listener(s) whose port(s) may be changed. When both Port
                            and SectionName are specified, the name and port of the selected listener
                            must match both specified values.
                            <gateway:experimental:description>
                            When the parent resource is a Service, this targets a specific port in the
                            Service spec. When both Port (experimental) and SectionName are specified,
                            the name and port of the selected port must match both specified values.
                            </gateway:experimental:description>
                            Implementations MAY choose to support other parent resources.
                            Implementations supporting other types of parent resources MUST clearly
                            document how/if Port is interpreted.
                            For the purpose of status, an attachment is considered successful as
                            long as the parent resource accepts it partially. For example, Gateway
                            listeners can restrict which Routes can attach to them by Route kind,
                            namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
                            from the referencing Route, the Route MUST be considered successfully
                            attached. If no Gateway listeners accept attachment from this Route,
                            the Route MUST be considered detached from the Gateway.
                            Support: Extended
                          format: int32
                          maximum: 65535
                          minimum: 1
                          type: integer
                        sectionName:
                          description: |-
                            SectionName is the name of a section within the target resource. In the
                            following resources, SectionName is interpreted as the following:
                            * Gateway: Listener name. When both Port (experimental) and SectionName
                            are specified, the name and port of the selected listener must match
                            both specified values.
                            * Service: Port name. When both Port (experimental) and SectionName
                            are specified, the name and port of the selected listener must match
                            both specified values.
                            Implementations MAY choose to support attaching Routes to other resources.
                            If that is the case, they MUST clearly document how SectionName is
                            interpreted.
                            When unspecified (empty string), this will reference the entire resource.
                            For the purpose of status, an attachment is considered successful if at
                            least one section in the parent resource accepts it. For example, Gateway
                            listeners can restrict which Routes can attach to them by Route kind,
                            namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
                            the referencing Route, the Route MUST be considered successfully
                            attached. If no Gateway listeners accept attachment from this Route, the
                            Route MUST be considered detached from the Gateway.
                            Support: Core
                          maxLength: 253
                          minLength: 1
                          pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                          type: string
                      required:
                      - name
                      type: object
                    type: array
                required:
                - parentRefs
                type: object
              ingress:
                description: Ingress
                properties:
--- a/config/crd/bases/core.openfeature.dev_flagsourceconfigurations.yaml
+++ b/config/crd/bases/core.openfeature.dev_flagsourceconfigurations.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.5
  name: flagsourceconfigurations.core.openfeature.dev
 spec:
  group: core.openfeature.dev
@ -88,10 +88,13 @@ spec:
                              description: The key to select.
                              type: string
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the ConfigMap or its key
@ -150,10 +153,13 @@ spec:
                                be a valid secret key.
                              type: string
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
@ -205,11 +211,9 @@ spec:
                      Claims lists the names of resources, defined in spec.resourceClaims,
                      that are used by this container.
                      This is an alpha field and requires enabling the
                      DynamicResourceAllocation feature gate.
                      This field is immutable. It can only be set for containers.
                    items:
                      description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@ -220,6 +224,12 @@ spec:
                            the Pod where this field is used. It makes that resource available
                            inside a container.
                          type: string
                        request:
                          description: |-
                            Request is the name chosen for a request in the referenced claim.
                            If empty, everything from the claim is made available, otherwise
                            only the result of this request.
                          type: string
                      required:
                      - name
                      type: object
@ -471,10 +481,13 @@ spec:
                              description: The key to select.
                              type: string
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the ConfigMap or its key
@ -533,10 +546,13 @@ spec:
                                be a valid secret key.
                              type: string
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
@ -588,11 +604,9 @@ spec:
                      Claims lists the names of resources, defined in spec.resourceClaims,
                      that are used by this container.
                      This is an alpha field and requires enabling the
                      DynamicResourceAllocation feature gate.
                      This field is immutable. It can only be set for containers.
                    items:
                      description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@ -603,6 +617,12 @@ spec:
                            the Pod where this field is used. It makes that resource available
                            inside a container.
                          type: string
                        request:
                          description: |-
                            Request is the name chosen for a request in the referenced claim.
                            If empty, everything from the claim is made available, otherwise
                            only the result of this request.
                          type: string
                      required:
                      - name
                      type: object
--- a/config/crd/bases/core.openfeature.dev_inprocessconfigurations.yaml
+++ b/config/crd/bases/core.openfeature.dev_inprocessconfigurations.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.5
  name: inprocessconfigurations.core.openfeature.dev
 spec:
  group: core.openfeature.dev
@ -86,10 +86,13 @@ spec:
                              description: The key to select.
                              type: string
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the ConfigMap or its key
@ -148,10 +151,13 @@ spec:
                                be a valid secret key.
                              type: string
                            name:
                              default: ""
                              description: |-
                                Name of the referent.
                                This field is effectively required, but due to backwards compatibility is
                                allowed to be empty. Instances of this type with an empty value here are
                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
--- a/config/crd/kustomization.yaml
+++ b/config/crd/kustomization.yaml
@ -8,7 +8,7 @@ resources:
 - bases/core.openfeature.dev_inprocessconfigurations.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
-patchesStrategicMerge:
+patches:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
 #- patches/webhook_in_featureflags.yaml
@ -17,14 +17,6 @@ patchesStrategicMerge:
 #- patches/webhook_in_inprocessconfigurations.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
 #- patches/cainjection_in_featureflags.yaml
 #- patches/cainjection_in_featureflagsources.yaml
 #- patches/cainjection_in_flagds.yaml
 #- patches/cainjection_in_inprocessconfigurations.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 # the following config is for teaching kustomize how to do kustomization for CRDs.
 configurations:
 - kustomizeconfig.yaml
--- a/config/crd/kustomizeconfig.yaml
+++ b/config/crd/kustomizeconfig.yaml
@ -1,19 +1,19 @@
 # This file is for teaching kustomize how to substitute name and namespace reference in CRD
 nameReference:
- kind: Service
+  - kind: Service
-  version: v1
+    version: v1
-  fieldSpecs:
+    fieldSpecs:
      - kind: CustomResourceDefinition
        version: v1
        group: apiextensions.k8s.io
        path: spec/conversion/webhook/clientConfig/service/name
 namespace:
  - kind: CustomResourceDefinition
    version: v1
    group: apiextensions.k8s.io
-    path: spec/conversion/webhook/clientConfig/service/name
+    path: spec/conversion/webhook/clientConfig/service/namespace
-
+    create: false
 namespace:
 - kind: CustomResourceDefinition
  version: v1
  group: apiextensions.k8s.io
  path: spec/conversion/webhook/clientConfig/service/namespace
  create: false
 varReference:
- path: metadata/annotations
+  - path: metadata/annotations
--- a/config/crd/patches/cainjection_in_core_featureflags.yaml
+++ b/config/crd/patches/cainjection_in_core_featureflags.yaml
@ -1,7 +0,0 @@
 # The following patch adds a directive for certmanager to inject CA into the CRD
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
  name: featureflags.core.openfeature.dev
--- a/config/crd/patches/cainjection_in_core_featureflagsources.yaml
+++ b/config/crd/patches/cainjection_in_core_featureflagsources.yaml
@ -1,7 +0,0 @@
 # The following patch adds a directive for certmanager to inject CA into the CRD
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
  name: featureflagsources.core.openfeature.dev
--- a/config/crd/patches/cainjection_in_core_flagds.yaml
+++ b/config/crd/patches/cainjection_in_core_flagds.yaml
@ -1,7 +0,0 @@
 # The following patch adds a directive for certmanager to inject CA into the CRD
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
  name: flagds.core.openfeature.dev
--- a/config/crd/patches/cainjection_in_core_inprocessconfigurations.yaml
+++ b/config/crd/patches/cainjection_in_core_inprocessconfigurations.yaml
@ -1,7 +0,0 @@
 # The following patch adds a directive for certmanager to inject CA into the CRD
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
  name: inprocessconfigurations.core.openfeature.dev
--- a/config/default/cert_metrics_manager_patch.yaml
+++ b/config/default/cert_metrics_manager_patch.yaml
@ -0,0 +1,30 @@
 # This patch adds the args, volumes, and ports to allow the manager to use the metrics-server certs.
 # Add the volumeMount for the metrics-server certs
 - op: add
  path: /spec/template/spec/containers/0/volumeMounts/-
  value:
    mountPath: /tmp/k8s-metrics-server/metrics-certs
    name: metrics-certs
    readOnly: true
 # Add the --metrics-cert-path argument for the metrics server
 - op: add
  path: /spec/template/spec/containers/0/args/-
  value: --metrics-cert-path=/tmp/k8s-metrics-server/metrics-certs
 # Add the metrics-server certs volume configuration
 - op: add
  path: /spec/template/spec/volumes/-
  value:
    name: metrics-certs
    secret:
      secretName: metrics-server-cert
      optional: false
      items:
        - key: ca.crt
          path: ca.crt
        - key: tls.crt
          path: tls.crt
        - key: tls.key
          path: tls.key
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@ -12,63 +12,206 @@ namePrefix: open-feature-operator-
 #commonLabels:
 #  someName: someValue
-bases:
+resources:
 - ../crd
 - ../rbac
 - ../manager
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 - ../webhook
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
 - ../certmanager
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus
-patchesStrategicMerge:
+# [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy.
-# Protect the /metrics endpoint by putting it behind auth.
+# Only Pod(s) running a namespace labeled with 'metrics: enabled' will be able to gather the metrics.
-# If you want your controller-manager to expose the /metrics
+# Only CR(s) which requires webhooks and are applied on namespaces labeled with 'webhooks: enabled' will
-# endpoint w/o any authn/z, please comment the following line.
+# be able to communicate with the Webhook Server.
- manager_auth_proxy_patch.yaml
+#- ../network-policy
 patches:
 # Mount the controller config file for loading manager configurations
 # through a ComponentConfig type
 #- manager_config_patch.yaml
 # [METRICS] The following patch will enable the metrics endpoint using HTTPS and the port :8443.
 # More info: https://book.kubebuilder.io/reference/metrics
 - path: manager_metrics_patch.yaml
  target:
    kind: Deployment
 # Uncomment the patches line if you enable Metrics and CertManager
 # [METRICS-WITH-CERTS] To enable metrics protected with certManager, uncomment the following line.
 # This patch will protect the metrics with certManager self-signed certs.
 - path: cert_metrics_manager_patch.yaml
  target:
    kind: Deployment
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
- manager_webhook_patch.yaml
+- path: manager_webhook_patch.yaml
  target:
    kind: Deployment
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
 # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
 # 'CERTMANAGER' needs to be enabled to use ca injection
 - webhookcainjection_patch.yaml
 # the following config is for teaching kustomize how to do var substitution
 vars:
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
+# Uncomment the following replacements to add the cert-manager CA injection annotations
-  objref:
+replacements:
-    kind: Certificate
+ - source: # Uncomment the following block to enable certificates for metrics
-    group: cert-manager.io
+     kind: Service
-    version: v1
+     version: v1
-    name: serving-cert # this name should match the one in certificate.yaml
+     name: controller-manager-metrics-service
-  fieldref:
+     fieldPath: metadata.name
-    fieldpath: metadata.namespace
+   targets:
- name: CERTIFICATE_NAME
+     - select:
-  objref:
+         kind: Certificate
-    kind: Certificate
+         group: cert-manager.io
-    group: cert-manager.io
+         version: v1
-    version: v1
+         name: metrics-certs
-    name: serving-cert # this name should match the one in certificate.yaml
+       fieldPaths:
- name: SERVICE_NAMESPACE # namespace of the service
+         - spec.dnsNames.0
-  objref:
+         - spec.dnsNames.1
-    kind: Service
+       options:
-    version: v1
+         delimiter: '.'
-    name: webhook-service
+         index: 0
-  fieldref:
+         create: true
-    fieldpath: metadata.namespace
+
- name: SERVICE_NAME
+ - source:
-  objref:
+     kind: Service
-    kind: Service
+     version: v1
-    version: v1
+     name: controller-manager-metrics-service
-    name: webhook-service
+     fieldPath: metadata.namespace
   targets:
     - select:
         kind: Certificate
         group: cert-manager.io
         version: v1
         name: metrics-certs
       fieldPaths:
         - spec.dnsNames.0
         - spec.dnsNames.1
       options:
         delimiter: '.'
         index: 1
         create: true
 - source: # Uncomment the following block if you have any webhook
     kind: Service
     version: v1
     name: webhook-service
     fieldPath: .metadata.name # Name of the service
   targets:
     - select:
         kind: Certificate
         group: cert-manager.io
         version: v1
         name: serving-cert
       fieldPaths:
         - .spec.dnsNames.0
         - .spec.dnsNames.1
       options:
         delimiter: '.'
         index: 0
         create: true
 - source:
     kind: Service
     version: v1
     name: webhook-service
     fieldPath: .metadata.namespace # Namespace of the service
   targets:
     - select:
         kind: Certificate
         group: cert-manager.io
         version: v1
         name: serving-cert
       fieldPaths:
         - .spec.dnsNames.0
         - .spec.dnsNames.1
       options:
         delimiter: '.'
         index: 1
         create: true
 - source: # Uncomment the following block if you have a ValidatingWebhook (--programmatic-validation)
     kind: Certificate
     group: cert-manager.io
     version: v1
     name: serving-cert # This name should match the one in certificate.yaml
     fieldPath: .metadata.namespace # Namespace of the certificate CR
   targets:
     - select:
         kind: ValidatingWebhookConfiguration
       fieldPaths:
         - .metadata.annotations.[cert-manager.io/inject-ca-from]
       options:
         delimiter: '/'
         index: 0
         create: true
 - source:
     kind: Certificate
     group: cert-manager.io
     version: v1
     name: serving-cert
     fieldPath: .metadata.name
   targets:
     - select:
         kind: ValidatingWebhookConfiguration
       fieldPaths:
         - .metadata.annotations.[cert-manager.io/inject-ca-from]
       options:
         delimiter: '/'
         index: 1
         create: true
 - source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting )
     kind: Certificate
     group: cert-manager.io
     version: v1
     name: serving-cert
     fieldPath: .metadata.namespace # Namespace of the certificate CR
   targets:
     - select:
         kind: MutatingWebhookConfiguration
       fieldPaths:
         - .metadata.annotations.[cert-manager.io/inject-ca-from]
       options:
         delimiter: '/'
         index: 0
         create: true
 - source:
     kind: Certificate
     group: cert-manager.io
     version: v1
     name: serving-cert
     fieldPath: .metadata.name
   targets:
     - select:
         kind: MutatingWebhookConfiguration
       fieldPaths:
         - .metadata.annotations.[cert-manager.io/inject-ca-from]
       options:
         delimiter: '/'
         index: 1
         create: true
 # - source: # Uncomment the following block if you have a ConversionWebhook (--conversion)
 #     kind: Certificate
 #     group: cert-manager.io
 #     version: v1
 #     name: serving-cert
 #     fieldPath: .metadata.namespace # Namespace of the certificate CR
 #   targets: # Do not remove or uncomment the following scaffold marker; required to generate code for target CRD.
 # +kubebuilder:scaffold:crdkustomizecainjectionns
 # - source:
 #     kind: Certificate
 #     group: cert-manager.io
 #     version: v1
 #     name: serving-cert
 #     fieldPath: .metadata.name
 #   targets: # Do not remove or uncomment the following scaffold marker; required to generate code for target CRD.
 # +kubebuilder:scaffold:crdkustomizecainjectionname
--- a/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@ -1,42 +0,0 @@
 # This patch inject a sidecar container which is a HTTP proxy for the
 # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: controller-manager
  namespace: system
 spec:
  template:
    spec:
      containers:
      - name: kube-rbac-proxy
        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.0
        args:
        - "--secure-listen-address=0.0.0.0:8443"
        - "--upstream=http://127.0.0.1:8080/"
        - "--logtostderr=true"
        - "--v=0"
        ports:
        - containerPort: 8443
          protocol: TCP
          name: https
        resources:
          limits:
            cpu: 500m
            memory: 128Mi
          requests:
            cpu: 5m
            memory: 64Mi
        securityContext:
          allowPrivilegeEscalation: false
          runAsNonRoot: true
      - name: manager
        args:
        - "--health-probe-bind-address=:8081"
        - "--metrics-bind-address=127.0.0.1:8080"
        - "--leader-elect"
        - "--sidecar-cpu-limit=0.5" # cores
        - "--sidecar-ram-limit=64M"
        securityContext:
          allowPrivilegeEscalation: false
          runAsNonRoot: true
--- a/config/default/manager_metrics_patch.yaml
+++ b/config/default/manager_metrics_patch.yaml
@ -0,0 +1,4 @@
 # This patch adds the args to allow exposing the metrics endpoint using HTTPS
 - op: add
  path: /spec/template/spec/containers/0/args/0
  value: --metrics-bind-address=:8443
--- a/config/default/manager_webhook_patch.yaml
+++ b/config/default/manager_webhook_patch.yaml
@ -1,23 +1,31 @@
-apiVersion: apps/v1
+# This patch ensures the webhook certificates are properly mounted in the manager container.
-kind: Deployment
+# It configures the necessary arguments, volumes, volume mounts, and container ports.
-metadata:
+
-  name: controller-manager
+# Add the --webhook-cert-path argument for configuring the webhook certificate path
-  namespace: system
+- op: add
-spec:
+  path: /spec/template/spec/containers/0/args/-
-  template:
+  value: --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs
-    spec:
+
-      containers:
+# Add the volumeMount for the webhook certificates
-      - name: manager
+- op: add
-        ports:
+  path: /spec/template/spec/containers/0/volumeMounts/-
-        - containerPort: 9443
+  value:
-          name: webhook-server
+    mountPath: /tmp/k8s-webhook-server/serving-certs
-          protocol: TCP
+    name: webhook-certs
-        volumeMounts:
+    readOnly: true
-        - mountPath: /tmp/k8s-webhook-server/serving-certs
+
-          name: cert
+# Add the port configuration for the webhook server
-          readOnly: true
+- op: add
-      volumes:
+  path: /spec/template/spec/containers/0/ports/-
-      - name: cert
+  value:
-        secret:
+    containerPort: 9443
-          defaultMode: 420
+    name: webhook-server
-          secretName: webhook-server-cert
+    protocol: TCP
 # Add the volume configuration for the webhook certificates
 - op: add
  path: /spec/template/spec/volumes/-
  value:
    name: webhook-certs
    secret:
      secretName: webhook-server-cert
--- a/config/default/metrics_service.yaml
+++ b/config/default/metrics_service.yaml
@ -0,0 +1,18 @@
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    control-plane: controller-manager
    app.kubernetes.io/name: open-feature-operator
    app.kubernetes.io/managed-by: kustomize
  name: controller-manager-metrics-service
  namespace: system
 spec:
  ports:
  - name: https
    port: 8443
    protocol: TCP
    targetPort: 8443
  selector:
    control-plane: controller-manager
    app.kubernetes.io/name: open-feature-operator
--- a/config/default/webhookcainjection_patch.yaml
+++ b/config/default/webhookcainjection_patch.yaml
@ -1,16 +0,0 @@
 # This patch add annotation to admission webhook config and
 # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
  name: mutating-webhook-configuration
  annotations:
    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
  name: validating-webhook-configuration
  annotations:
    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@ -1,14 +1,18 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - manager.yaml
 generatorOptions:
  disableNameSuffixHash: true
 configMapGenerator:
 - files:
  - controller_manager_config.yaml
  name: manager-config
-apiVersion: kustomize.config.k8s.io/v1beta1
+
 kind: Kustomization
 images:
 - name: controller
-  newName: controller
+  newName: open-feature-operator-local
-  newTag: latest
+  newTag: validate
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@ -3,6 +3,7 @@ kind: Namespace
 metadata:
  labels:
    control-plane: controller-manager
    app.kubernetes.io/name: open-feature-operator
  name: system
 ---
 apiVersion: apps/v1
@ -12,10 +13,13 @@ metadata:
  namespace: system
  labels:
    control-plane: controller-manager
    app.kubernetes.io/name: open-feature-operator
    app.kubernetes.io/managed-by: kustomize
 spec:
  selector:
    matchLabels:
      control-plane: controller-manager
      app.kubernetes.io/name: open-feature-operator
  replicas: 1
  template:
    metadata:
@ -23,6 +27,8 @@ spec:
        kubectl.kubernetes.io/default-container: manager
      labels:
        control-plane: controller-manager
        app.kubernetes.io/name: open-feature-operator
        app.kubernetes.io/managed-by: kustomize
    spec:
      securityContext:
        runAsNonRoot: true
@ -43,6 +49,7 @@ spec:
        imagePullPolicy: IfNotPresent
        image: controller:main
        name: manager
        ports: []
        securityContext:
          allowPrivilegeEscalation: false
          runAsNonRoot: true
@ -67,5 +74,7 @@ spec:
          requests:
            cpu: 10m
            memory: 64Mi
        volumeMounts: []
      volumes: []
      serviceAccountName: controller-manager
      terminationGracePeriodSeconds: 10
--- a/config/network-policy/allow-metrics-traffic.yaml
+++ b/config/network-policy/allow-metrics-traffic.yaml
@ -0,0 +1,27 @@
 # This NetworkPolicy allows ingress traffic
 # with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those
 # namespaces are able to gather data from the metrics endpoint.
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  labels:
    app.kubernetes.io/name: open-feature-operator
    app.kubernetes.io/managed-by: kustomize
  name: allow-metrics-traffic
  namespace: system
 spec:
  podSelector:
    matchLabels:
      control-plane: controller-manager
      app.kubernetes.io/name: open-feature-operator
  policyTypes:
    - Ingress
  ingress:
    # This allows ingress traffic from any namespace with the label metrics: enabled
    - from:
      - namespaceSelector:
          matchLabels:
            metrics: enabled  # Only from namespaces with this label
      ports:
        - port: 8443
          protocol: TCP
--- a/config/network-policy/allow-webhook-traffic.yaml
+++ b/config/network-policy/allow-webhook-traffic.yaml
@ -0,0 +1,27 @@
 # This NetworkPolicy allows ingress traffic to your webhook server running
 # as part of the controller-manager from specific namespaces and pods. CR(s) which uses webhooks
 # will only work when applied in namespaces labeled with 'webhook: enabled'
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  labels:
    app.kubernetes.io/name: open-feature-operator
    app.kubernetes.io/managed-by: kustomize
  name: allow-webhook-traffic
  namespace: system
 spec:
  podSelector:
    matchLabels:
      control-plane: controller-manager
      app.kubernetes.io/name: open-feature-operator
  policyTypes:
    - Ingress
  ingress:
    # This allows ingress traffic from any namespace with the label webhook: enabled
    - from:
        - namespaceSelector:
            matchLabels:
              webhook: enabled # Only from namespaces with this label
      ports:
        - port: 443
          protocol: TCP
--- a/config/network-policy/kustomization.yaml
+++ b/config/network-policy/kustomization.yaml
@ -0,0 +1,2 @@
 resources:
 - allow-metrics-traffic.yaml
--- a/config/overlays/helm/certificate-patch.yaml
+++ b/config/overlays/helm/certificate-patch.yaml
@ -0,0 +1,21 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: serving-cert  # this name should match the one appeared in kustomizeconfig.yaml
 spec:
  dnsNames:
    - SERVICE_NAME.{{ include "chart.namespace" . }}.svc
    - SERVICE_NAME.{{ include "chart.namespace" . }}.svc.cluster.local
 ---
 # The following manifests contain a self-signed issuer CR and a metrics certificate CR.
 # More document can be found at https://docs.cert-manager.io
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: metrics-certs  # this name should match the one appeared in kustomizeconfig.yaml
 spec:
  dnsNames:
    # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
    # replacements in the config/default/kustomization.yaml file.
    - SERVICE_NAME.{{ include "chart.namespace" . }}.svc
    - SERVICE_NAME.{{ include "chart.namespace" . }}.svc.cluster.local
--- a/config/overlays/helm/controller_manager_config.yaml
+++ b/config/overlays/helm/controller_manager_config.yaml
@ -3,6 +3,6 @@ kind: ControllerManagerConfig
 health:
  healthProbeBindAddress: "{{ .Values.managerConfig.controllerManagerConfigYaml.health.healthProbeBindAddress }}"
 metrics:
-  bindAddress: "{{ .Values.managerConfig.controllerManagerConfigYaml.metrics.bindAddress }}"
+  bindAddress: "{{ .Values.managerConfig.controllerManagerConfigYaml.metrics.bindAddress }}:{{ .Values.managerConfig.controllerManagerConfigYaml.metrics.bindPort }}"
 webhook:
  port: 0{{ .Values.managerConfig.controllerManagerConfigYaml.webhook.port }}
--- a/config/overlays/helm/exclude-webhook-server-container-port.yaml
+++ b/config/overlays/helm/exclude-webhook-server-container-port.yaml
@ -0,0 +1,16 @@
 # delete the default webhook-server port (to avoid duplicate) since we build it from helm
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: controller-manager
  namespace: system
 spec:
  template:
    spec:
      containers:
      - name: manager
        ports:
        - containerPort: 9443
          name: webhook-server
          protocol: TCP
          $patch: delete
--- a/config/overlays/helm/kustomization.yaml
+++ b/config/overlays/helm/kustomization.yaml
@ -1,5 +1,5 @@
 # import the default deployment as the base
-bases:
+resources:
  - ../../default
 # replace the default namespace with {{ include "chart.namespace" . }}
@ -11,13 +11,55 @@ namespace: |-
 # merge the exclude-ns.yaml with the existing namespace definition, this contains the `$patch: delete` directive allowing 
 # for the helm chart to define the namespace conditionally (only deploys when no namespace is provided and the default 
 # (open-feature-operator-system) is used
-patchesStrategicMerge:
+patches:
-  - exclude-ns.yaml
+  - path: exclude-ns.yaml
-  - manager.yaml
+  - path: manager.yaml
-  - exclude-validatingwebhook.yaml
+  - path: exclude-webhook-server-container-port.yaml
  - path: exclude-validatingwebhook.yaml
  - path: mutatingwebhook.yaml
  - path: certificate-patch.yaml
 configMapGenerator:
 - name: manager-config
  behavior: merge
  files:
    - controller_manager_config.yaml
 replacements:
  - source: # Uncomment the following block to enable certificates for metrics
      kind: Service
      version: v1
      name: controller-manager-metrics-service
      fieldPath: metadata.name
    targets:
      - select:
          kind: Certificate
          group: cert-manager.io
          version: v1
          name: metrics-certs
        fieldPaths:
          - spec.dnsNames.0
          - spec.dnsNames.1
        options:
          delimiter: '.'
          index: 0
          create: true
  - source: # Uncomment the following block if you have any webhook
      kind: Service
      version: v1
      name: webhook-service
      fieldPath: .metadata.name # Name of the service
    targets:
      - select:
          kind: Certificate
          group: cert-manager.io
          version: v1
          name: serving-cert
        fieldPaths:
          - spec.dnsNames.0
          - spec.dnsNames.1
        options:
          delimiter: '.'
          index: 0
          create: true
--- a/config/overlays/helm/manager.yaml
+++ b/config/overlays/helm/manager.yaml
@ -6,9 +6,19 @@ metadata:
 spec:
  replicas: 0{{ .Values.controllerManager.replicas }}
  template:
    metadata:
      # this is transformed by .github/scripts/strip-kustomize-helm.sh
      annotations:
        ___delete_me___: "___ ___newline___{{ if .Values.annotations }}{{___space___toYaml___space___.Values.annotations___space___|___space___indent___space___8___space___}}{{ end }}___"
      # this is transformed by .github/scripts/strip-kustomize-helm.sh
      labels:
        ___delete_me___: "___ ___newline___{{ if .Values.labels }}___newline___{{___space___toYaml___space___.Values.labels___space___|___space___indent___space___8___space___}}{{ end }}___"
    spec:
      # this is transformed by .github/scripts/strip-kustomize-helm.sh
-      ___imagePullSecrets___: "___ ___newline___{{ toYaml .Values.imagePullSecrets | indent 8 }}___"
+      ___imagePullSecrets___: "___ ___newline___        {{ toYaml .Values.imagePullSecrets___space___|___space___indent___space___8___space___}}___"
      # this is transformed by .github/scripts/strip-kustomize-helm.sh
      hostNetwork: "___{{ .Values.controllerManager.manager.hostNetwork }}___"
      dnsPolicy: "{{ .Values.controllerManager.manager.dnsPolicy }}"
      containers:
        - name: manager
          image: "{{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag }}"
@ -19,73 +29,82 @@ spec:
            requests:
              cpu: "{{ .Values.controllerManager.manager.resources.requests.cpu }}"
              memory: "{{ .Values.controllerManager.manager.resources.requests.memory }}"
          ports:
            - containerPort: "___ {{ .Values.managerConfig.controllerManagerConfigYaml.webhook.port }} ___"
              name: webhook-server
              protocol: TCP
            - containerPort: "___ {{ .Values.managerConfig.controllerManagerConfigYaml.metrics.bindPort }} ___"
              name: metrics-server
              protocol: TCP
          env:
-          - name: SIDECAR_MANAGEMENT_PORT
+            - name: SIDECAR_MANAGEMENT_PORT
-            value: "{{ .Values.sidecarConfiguration.managementPort }}"
+              value: "{{ .Values.sidecarConfiguration.managementPort }}"
-          - name: SIDECAR_PORT
+            - name: SIDECAR_PORT
-            value: "{{ .Values.sidecarConfiguration.port }}"
+              value: "{{ .Values.sidecarConfiguration.port }}"
-          - name: SIDECAR_SOCKET_PATH
+            - name: SIDECAR_SOCKET_PATH
-            value: "{{ .Values.sidecarConfiguration.socketPath }}"
+              value: "{{ .Values.sidecarConfiguration.socketPath }}"
-          - name: SIDECAR_IMAGE
+            - name: SIDECAR_IMAGE
-            value: "{{ .Values.sidecarConfiguration.image.repository }}"
+              value: "{{ .Values.sidecarConfiguration.image.repository }}"
-          - name: SIDECAR_TAG
+            - name: SIDECAR_TAG
-            value: "{{ .Values.sidecarConfiguration.image.tag }}"
+              value: "{{ .Values.sidecarConfiguration.image.tag }}"
-          - name: SIDECAR_PROVIDER_ARGS
+            - name: SIDECAR_PROVIDER_ARGS
-            value: "{{ .Values.sidecarConfiguration.providerArgs }}"
+              value: "{{ .Values.sidecarConfiguration.providerArgs }}"
-          - name: SIDECAR_ENV_VAR_PREFIX
+            - name: SIDECAR_ENV_VAR_PREFIX
-            value: "{{ .Values.sidecarConfiguration.envVarPrefix }}"
+              value: "{{ .Values.sidecarConfiguration.envVarPrefix }}"
-          - name: SIDECAR_SYNC_PROVIDER
+            - name: SIDECAR_SYNC_PROVIDER
-            value: "{{ .Values.sidecarConfiguration.defaultSyncProvider }}"
+              value: "{{ .Values.sidecarConfiguration.defaultSyncProvider }}"
-          - name: SIDECAR_EVALUATOR
+            - name: SIDECAR_EVALUATOR
-            value: "{{ .Values.sidecarConfiguration.evaluator }}"
+              value: "{{ .Values.sidecarConfiguration.evaluator }}"
-          - name: SIDECAR_LOG_FORMAT
+            - name: SIDECAR_LOG_FORMAT
-            value: "{{ .Values.sidecarConfiguration.logFormat }}"
+              value: "{{ .Values.sidecarConfiguration.logFormat }}"
-          - name: SIDECAR_PROBES_ENABLED
+            - name: SIDECAR_PROBES_ENABLED
-            value: "{{ .Values.sidecarConfiguration.probesEnabled }}"
+              value: "{{ .Values.sidecarConfiguration.probesEnabled }}"
-          - name: FLAGD_PROXY_IMAGE
+            - name: FLAGD_PROXY_IMAGE
-            value: "{{ .Values.flagdProxyConfiguration.image.repository }}"
+              value: "{{ .Values.flagdProxyConfiguration.image.repository }}"
-          - name: FLAGD_PROXY_TAG
+            - name: FLAGD_PROXY_REPLICA_COUNT
-            value: "{{ .Values.flagdProxyConfiguration.image.tag }}"
+              value: "{{ .Values.flagdProxyConfiguration.replicaCount }}"
-          - name: FLAGD_PROXY_PORT
+            - name: FLAGD_PROXY_TAG
-            value: "{{ .Values.flagdProxyConfiguration.port }}"
+              value: "{{ .Values.flagdProxyConfiguration.image.tag }}"
-          - name: FLAGD_PROXY_MANAGEMENT_PORT
+            - name: FLAGD_PROXY_PORT
-            value: "{{ .Values.flagdProxyConfiguration.managementPort }}"
+              value: "{{ .Values.flagdProxyConfiguration.port }}"
-          - name: FLAGD_PROXY_DEBUG_LOGGING
+            - name: FLAGD_PROXY_MANAGEMENT_PORT
-            value: "{{ .Values.flagdProxyConfiguration.debugLogging }}"
+              value: "{{ .Values.flagdProxyConfiguration.managementPort }}"
-          - name: FLAGD_IMAGE
+            - name: FLAGD_PROXY_DEBUG_LOGGING
-            value: "{{ .Values.flagdConfiguration.image.repository }}"
+              value: "{{ .Values.flagdProxyConfiguration.debugLogging }}"
-          - name: FLAGD_TAG
+            - name: FLAGD_IMAGE
-            value: "{{ .Values.flagdConfiguration.image.tag }}"
+              value: "{{ .Values.flagdConfiguration.image.repository }}"
-          - name: FLAGD_PORT
+            - name: FLAGD_TAG
-            value: "{{ .Values.flagdConfiguration.port }}"
+              value: "{{ .Values.flagdConfiguration.image.tag }}"
-          - name: FLAGD_OFREP_PORT
+            - name: FLAGD_PORT
-            value: "{{ .Values.flagdConfiguration.ofrepPort }}"
+              value: "{{ .Values.flagdConfiguration.port }}"
-          - name: FLAGD_SYNC_PORT
+            - name: FLAGD_OFREP_PORT
-            value: "{{ .Values.flagdConfiguration.syncPort }}"
+              value: "{{ .Values.flagdConfiguration.ofrepPort }}"
-          - name: FLAGD_MANAGEMENT_PORT
+            - name: FLAGD_SYNC_PORT
-            value: "{{ .Values.flagdConfiguration.managementPort }}"
+              value: "{{ .Values.flagdConfiguration.syncPort }}"
-          - name: FLAGD_DEBUG_LOGGING
+            - name: FLAGD_MANAGEMENT_PORT
-            value: "{{ .Values.flagdConfiguration.debugLogging }}"
+              value: "{{ .Values.flagdConfiguration.managementPort }}"
-          - name: FLAGS_VALIDATION_ENABLED
+            - name: FLAGD_DEBUG_LOGGING
-            value: "{{ .Values.managerConfig.flagsValidatonEnabled }}"
+              value: "{{ .Values.flagdConfiguration.debugLogging }}"
-          - name: IN_PROCESS_PORT
+            - name: FLAGS_VALIDATION_ENABLED
-            value: "{{ .Values.inProcessConfiguration.port }}"
+              value: "{{ .Values.managerConfig.flagsValidationEnabled }}"
-          - name: IN_PROCESS_HOST
+            - name: IN_PROCESS_PORT
-            value: "{{ .Values.inProcessConfiguration.host }}"
+              value: "{{ .Values.inProcessConfiguration.port }}"
-          - name: IN_PROCESS_SOCKET_PATH
+            - name: IN_PROCESS_HOST
-            value: "{{ .Values.inProcessConfiguration.socketPath }}"
+              value: "{{ .Values.inProcessConfiguration.host }}"
-          - name: IN_PROCESS_TLS
+            - name: IN_PROCESS_SOCKET_PATH
-            value: "{{ .Values.inProcessConfiguration.tls }}"
+              value: "{{ .Values.inProcessConfiguration.socketPath }}"
-          - name: IN_PROCESS_OFFLINE_FLAG_SOURCE_PATH
+            - name: IN_PROCESS_TLS
-            value: "{{ .Values.inProcessConfiguration.offlineFlagSourcePath }}"
+              value: "{{ .Values.inProcessConfiguration.tls }}"
-          - name: IN_PROCESS_SELECTOR
+            - name: IN_PROCESS_OFFLINE_FLAG_SOURCE_PATH
-            value: "{{ .Values.inProcessConfiguration.selector }}"
+              value: "{{ .Values.inProcessConfiguration.offlineFlagSourcePath }}"
-          - name: IN_PROCESS_CACHE
+            - name: IN_PROCESS_SELECTOR
-            value: "{{ .Values.inProcessConfiguration.cache.type }}"
+              value: "{{ .Values.inProcessConfiguration.selector }}"
-          - name: IN_PROCESS_ENV_VAR_PREFIX
+            - name: IN_PROCESS_CACHE
-            value: "{{ .Values.inProcessConfiguration.envVarPrefix }}"
+              value: "{{ .Values.inProcessConfiguration.cache.type }}"
-          - name: IN_PROCESS_CACHE_MAX_SIZE
+            - name: IN_PROCESS_ENV_VAR_PREFIX
-            value: "{{ .Values.inProcessConfiguration.cache.size }}"
+              value: "{{ .Values.inProcessConfiguration.envVarPrefix }}"
            - name: IN_PROCESS_CACHE_MAX_SIZE
              value: "{{ .Values.inProcessConfiguration.cache.size }}"
          args:
            - --leader-elect
            - --sidecar-cpu-limit={{ .Values.sidecarConfiguration.resources.limits.cpu }}
@ -93,12 +112,6 @@ spec:
            - --sidecar-cpu-request={{ .Values.sidecarConfiguration.resources.requests.cpu }}
            - --sidecar-ram-request={{ .Values.sidecarConfiguration.resources.requests.memory }}
            - --image-pull-secrets={{ range .Values.imagePullSecrets }}{{ .name }},{{- end }}
-        - name: kube-rbac-proxy
+            - --metrics-bind-address=:{{ .Values.managerConfig.controllerManagerConfigYaml.metrics.bindPort }}
-          image: "{{ .Values.controllerManager.kubeRbacProxy.image.repository }}:{{ .Values.controllerManager.kubeRbacProxy.image.tag }}"
+            - --labels={{ $labelKeys := keys .Values.labels -}}{{- $labelPairs := list -}}{{- range $key := $labelKeys -}}{{- $labelPairs = append $labelPairs (printf "%s:%s" $key (index $.Values.labels $key)) -}}{{- end -}}{{- join "," $labelPairs }}
-          resources:
+            - --annotations={{ $annotationKeys := keys .Values.annotations -}}{{- $annotationPairs := list -}}{{- range $key := $annotationKeys -}}{{- $annotationPairs = append $annotationPairs (printf "%s:%s" $key (index $.Values.annotations $key)) -}}{{- end -}}{{- join "," $annotationPairs }}
            limits:
              cpu: "{{ .Values.controllerManager.kubeRbacProxy.resources.limits.cpu }}"
              memory: "{{ .Values.controllerManager.kubeRbacProxy.resources.limits.memory }}"
            requests:
              cpu: "{{ .Values.controllerManager.kubeRbacProxy.resources.requests.cpu }}"
              memory: "{{ .Values.controllerManager.kubeRbacProxy.resources.requests.memory }}"
--- a/config/overlays/helm/mutatingwebhook.yaml
+++ b/config/overlays/helm/mutatingwebhook.yaml
@ -0,0 +1,10 @@
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
  name: mutating-webhook-configuration
  annotations:
    cert-manager.io/inject-ca-from: "___'{{ include \"chart.namespace\" . }}/open-feature-operator-serving-cert'___"
 webhooks:
  - name: mutate.openfeature.dev
    failurePolicy: "___{{ .Values.mutatingWebhook.failurePolicy }}___"
    objectSelector: "___{{ toYaml .Values.mutatingWebhook.objectSelector | nindent 4 }}___"
--- a/config/prometheus/kustomization.yaml
+++ b/config/prometheus/kustomization.yaml
@ -1,2 +1,11 @@
 resources:
 - monitor.yaml
 # [PROMETHEUS-WITH-CERTS] The following patch configures the ServiceMonitor in ../prometheus
 # to securely reference certificates created and managed by cert-manager.
 # Additionally, ensure that you uncomment the [METRICS WITH CERTMANAGER] patch under config/default/kustomization.yaml
 # to mount the "metrics-server-cert" secret in the Manager Deployment.
 patches:
  - path: monitor_tls_patch.yaml
    target:
      kind: ServiceMonitor
--- a/config/prometheus/monitor.yaml
+++ b/config/prometheus/monitor.yaml
@ -1,20 +1,27 @@
 # Prometheus Monitor Service (Metrics)
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  labels:
    control-plane: controller-manager
    app.kubernetes.io/name: open-feature-operator
    app.kubernetes.io/managed-by: kustomize
  name: controller-manager-metrics-monitor
  namespace: system
 spec:
  endpoints:
    - path: /metrics
-      port: https
+      port: https # Ensure this is the name of the port that exposes HTTPS metrics
      scheme: https
      bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
      tlsConfig:
        # TODO(user): The option insecureSkipVerify: true is not recommended for production since it disables
        # certificate verification, exposing the system to potential man-in-the-middle attacks.
        # For production environments, it is recommended to use cert-manager for automatic TLS certificate management.
        # To apply this configuration, enable cert-manager and use the patch located at config/prometheus/servicemonitor_tls_patch.yaml,
        # which securely references the certificate from the 'metrics-server-cert' secret.
        insecureSkipVerify: true
  selector:
    matchLabels:
      control-plane: controller-manager
      app.kubernetes.io/name: open-feature-operator
--- a/config/prometheus/monitor_tls_patch.yaml
+++ b/config/prometheus/monitor_tls_patch.yaml
@ -0,0 +1,22 @@
 # Patch for Prometheus ServiceMonitor to enable secure TLS configuration
 # using certificates managed by cert-manager
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: controller-manager-metrics-monitor
  namespace: system
 spec:
  endpoints:
    - tlsConfig:
        insecureSkipVerify: false
        ca:
          secret:
            name: metrics-server-cert
            key: ca.crt
        cert:
          secret:
            name: metrics-server-cert
            key: tls.crt
        keySecret:
          name: metrics-server-cert
          key: tls.key
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@ -8,18 +8,9 @@ rules:
  - ""
  resources:
  - configmaps
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
 - apiGroups:
  - ""
  resources:
  - pods
  - services
  - services/finalizers
  verbs:
  - create
  - delete
@ -36,14 +27,6 @@ rules:
  - get
  - list
  - watch
 - apiGroups:
  - ""
  resources:
  - services
  verbs:
  - create
  - get
  - list
 - apiGroups:
  - apps
  resources:
@ -56,23 +39,12 @@ rules:
  - patch
  - update
  - watch
 - apiGroups:
  - ""
  resources:
  - services
  - services/finalizers
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
 - apiGroups:
  - core.openfeature.dev
  resources:
  - featureflagsources
  - flagds
  - inprocessconfigurations
  verbs:
  - create
  - delete
@ -96,18 +68,6 @@ rules:
  - get
  - patch
  - update
 - apiGroups:
  - core.openfeature.dev
  resources:
  - flagds
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
 - apiGroups:
  - core.openfeature.dev
  resources:
@ -115,9 +75,9 @@ rules:
  verbs:
  - update
 - apiGroups:
-  - core.openfeature.dev
+  - gateway.networking.k8s.io
  resources:
-  - inprocessconfigurations
+  - httproutes
  verbs:
  - create
  - delete
@ -138,6 +98,18 @@ rules:
  - patch
  - update
  - watch
 - apiGroups:
  - policy
  resources:
  - poddisruptionbudgets
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
 - apiGroups:
  - rbac.authorization.k8s.io
  resourceNames:
--- a/config/samples/end-to-end.yaml
+++ b/config/samples/end-to-end.yaml
@ -8,6 +8,7 @@ apiVersion: core.openfeature.dev/v1beta1
 kind: FeatureFlag
 metadata:
  name: featureflag-sample
  namespace: open-feature-demo
 spec:
  flagSpec:
    flags:
@ -25,7 +26,7 @@ metadata:
  namespace: open-feature-demo
 spec:
  sources:
-  - source: open-feature-demo/end-to-end
+  - source: open-feature-demo/featureflag-sample
    provider: kubernetes
 ---
 # Deployment of a demo-app using our custom resource
@ -78,4 +79,4 @@ kind: ServiceAccount
 metadata:
  name: open-feature-demo-sa
  namespace: open-feature-demo
-automountServiceAccountToken: true
+automountServiceAccountToken: true
--- a/config/webhook/kustomization.yaml
+++ b/config/webhook/kustomization.yaml
@ -4,6 +4,3 @@ resources:
 configurations:
 - kustomizeconfig.yaml
 commonAnnotations:
  cert-manager.io/inject-ca-from: open-feature-operator-system/webhook-cert 
--- a/config/webhook/kustomizeconfig.yaml
+++ b/config/webhook/kustomizeconfig.yaml
@ -20,6 +20,3 @@ namespace:
  group: admissionregistration.k8s.io
  path: webhooks/clientConfig/service/namespace
  create: true
 varReference:
 - path: metadata/annotations
--- a/config/webhook/service.yaml
+++ b/config/webhook/service.yaml
@ -1,9 +1,11 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: webhook-service
  namespace: system
  labels:
    app.kubernetes.io/name: openfeature-operator
    app.kubernetes.io/managed-by: kustomize
 spec:
  ports:
    - port: 443
@ -11,3 +13,4 @@ spec:
      targetPort: 9443
  selector:
    control-plane: controller-manager
    app.kubernetes.io/name: open-feature-operator
--- a/docs/crds.md
+++ b/docs/crds.md
@ -279,6 +279,8 @@ FeatureFlagSourceSpec defines the desired state of FeatureFlagSource
        <td>string</td>
        <td>
          EnvVarPrefix defines the prefix to be applied to all environment variables applied to the sidecar, default FLAGD<br/>
          <br/>
            <i>Default</i>: FLAGD<br/>
        </td>
        <td>false</td>
      </tr><tr>
@ -294,6 +296,8 @@ are added at the lowest index, all values will have the EnvVarPrefix applied, de
        <td>string</td>
        <td>
          Evaluator sets an evaluator, defaults to 'json'<br/>
          <br/>
            <i>Default</i>: json<br/>
        </td>
        <td>false</td>
      </tr><tr>
@ -301,6 +305,8 @@ are added at the lowest index, all values will have the EnvVarPrefix applied, de
        <td>string</td>
        <td>
          LogFormat allows for the sidecar log format to be overridden, defaults to 'json'<br/>
          <br/>
            <i>Default</i>: json<br/>
        </td>
        <td>false</td>
      </tr><tr>
@ -310,6 +316,7 @@ are added at the lowest index, all values will have the EnvVarPrefix applied, de
          ManagemetPort defines the port to serve management on, defaults to 8014<br/>
          <br/>
            <i>Format</i>: int32<br/>
            <i>Default</i>: 8014<br/>
        </td>
        <td>false</td>
      </tr><tr>
@ -326,6 +333,7 @@ are added at the lowest index, all values will have the EnvVarPrefix applied, de
          Port defines the port to listen on, defaults to 8013<br/>
          <br/>
            <i>Format</i>: int32<br/>
            <i>Default</i>: 8013<br/>
        </td>
        <td>false</td>
      </tr><tr>
@ -573,8 +581,12 @@ Selects a key of a ConfigMap.
        <td>string</td>
        <td>
          Name of the referent.
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+This field is effectively required, but due to backwards compatibility is
-TODO: Add other useful fields. apiVersion, kind, uid?<br/>
+allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names<br/>
          <br/>
            <i>Default</i>: <br/>
        </td>
        <td>false</td>
      </tr><tr>
@ -693,8 +705,12 @@ Selects a key of a secret in the pod's namespace
        <td>string</td>
        <td>
          Name of the referent.
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+This field is effectively required, but due to backwards compatibility is
-TODO: Add other useful fields. apiVersion, kind, uid?<br/>
+allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names<br/>
          <br/>
            <i>Default</i>: <br/>
        </td>
        <td>false</td>
      </tr><tr>
@ -731,11 +747,9 @@ Resources defines flagd sidecar resources. Default to operator sidecar-cpu-* and
          Claims lists the names of resources, defined in spec.resourceClaims,
 that are used by this container.
 This is an alpha field and requires enabling the
 DynamicResourceAllocation feature gate.
 This field is immutable. It can only be set for containers.<br/>
        </td>
        <td>false</td>
@ -786,6 +800,15 @@ the Pod where this field is used. It makes that resource available
 inside a container.<br/>
        </td>
        <td>true</td>
      </tr><tr>
        <td><b>request</b></td>
        <td>string</td>
        <td>
          Request is the name chosen for a request in the referenced claim.
 If empty, everything from the claim is made available, otherwise
 only the result of this request.<br/>
        </td>
        <td>false</td>
      </tr></tbody>
 </table>
@ -867,6 +890,13 @@ FlagdSpec defines the desired state of Flagd
 the feature flag configurations<br/>
        </td>
        <td>true</td>
      </tr><tr>
        <td><b><a href="#flagdspecgatewayapiroutes">gatewayApiRoutes</a></b></td>
        <td>object</td>
        <td>
          GatewayApiRoutes<br/>
        </td>
        <td>false</td>
      </tr><tr>
        <td><b><a href="#flagdspecingress">ingress</a></b></td>
        <td>object</td>
@ -908,6 +938,224 @@ Default: ClusterIP<br/>
 </table>
 ### Flagd.spec.gatewayApiRoutes
 <sup><sup>[↩ Parent](#flagdspec)</sup></sup>
 GatewayApiRoutes
 <table>
    <thead>
        <tr>
            <th>Name</th>
            <th>Type</th>
            <th>Description</th>
            <th>Required</th>
        </tr>
    </thead>
    <tbody><tr>
        <td><b><a href="#flagdspecgatewayapiroutesparentrefsindex">parentRefs</a></b></td>
        <td>[]object</td>
        <td>
          ParentRefs references the resources (usually Gateways) that the Routes should
 be attached to.<br/>
        </td>
        <td>true</td>
      </tr><tr>
        <td><b>annotations</b></td>
        <td>map[string]string</td>
        <td>
          Annotations to be added to the Gateway API routes<br/>
        </td>
        <td>false</td>
      </tr><tr>
        <td><b>enabled</b></td>
        <td>boolean</td>
        <td>
          Enabled enables/disables the Gateway API routes for flagd<br/>
        </td>
        <td>false</td>
      </tr><tr>
        <td><b>hosts</b></td>
        <td>[]string</td>
        <td>
          Hosts list of hosts to be added to the ingress.
 Empty string corresponds to rule with no host.<br/>
        </td>
        <td>false</td>
      </tr></tbody>
 </table>
 ### Flagd.spec.gatewayApiRoutes.parentRefs[index]
 <sup><sup>[↩ Parent](#flagdspecgatewayapiroutes)</sup></sup>
 ParentReference identifies an API object (usually a Gateway) that can be considered
 a parent of this resource (usually a route). There are two kinds of parent resources
 with "Core" support:
 * Gateway (Gateway conformance profile)
 * Service (Mesh conformance profile, ClusterIP Services only)
 This API may be extended in the future to support additional kinds of parent
 resources.
 The API object must be valid in the cluster; the Group and Kind must
 be registered in the cluster for this reference to be valid.
 <table>
    <thead>
        <tr>
            <th>Name</th>
            <th>Type</th>
            <th>Description</th>
            <th>Required</th>
        </tr>
    </thead>
    <tbody><tr>
        <td><b>name</b></td>
        <td>string</td>
        <td>
          Name is the name of the referent.
 Support: Core<br/>
        </td>
        <td>true</td>
      </tr><tr>
        <td><b>group</b></td>
        <td>string</td>
        <td>
          Group is the group of the referent.
 When unspecified, "gateway.networking.k8s.io" is inferred.
 To set the core API group (such as for a "Service" kind referent),
 Group must be explicitly set to "" (empty string).
 Support: Core<br/>
          <br/>
            <i>Default</i>: gateway.networking.k8s.io<br/>
        </td>
        <td>false</td>
      </tr><tr>
        <td><b>kind</b></td>
        <td>string</td>
        <td>
          Kind is kind of the referent.
 There are two kinds of parent resources with "Core" support:
 * Gateway (Gateway conformance profile)
 * Service (Mesh conformance profile, ClusterIP Services only)
 Support for other resources is Implementation-Specific.<br/>
          <br/>
            <i>Default</i>: Gateway<br/>
        </td>
        <td>false</td>
      </tr><tr>
        <td><b>namespace</b></td>
        <td>string</td>
        <td>
          Namespace is the namespace of the referent. When unspecified, this refers
 to the local namespace of the Route.
 Note that there are specific rules for ParentRefs which cross namespace
 boundaries. Cross-namespace references are only valid if they are explicitly
 allowed by something in the namespace they are referring to. For example:
 Gateway has the AllowedRoutes field, and ReferenceGrant provides a
 generic way to enable any other kind of cross-namespace reference.
 &lt;gateway:experimental:description&gt;
 ParentRefs from a Route to a Service in the same namespace are "producer"
 routes, which apply default routing rules to inbound connections from
 any namespace to the Service.
 ParentRefs from a Route to a Service in a different namespace are
 "consumer" routes, and these routing rules are only applied to outbound
 connections originating from the same namespace as the Route, for which
 the intended destination of the connections are a Service targeted as a
 ParentRef of the Route.
 &lt;/gateway:experimental:description&gt;
 Support: Core<br/>
        </td>
        <td>false</td>
      </tr><tr>
        <td><b>port</b></td>
        <td>integer</td>
        <td>
          Port is the network port this Route targets. It can be interpreted
 differently based on the type of parent resource.
 When the parent resource is a Gateway, this targets all listeners
 listening on the specified port that also support this kind of Route(and
 select this Route). It's not recommended to set `Port` unless the
 networking behaviors specified in a Route must apply to a specific port
 as opposed to a listener(s) whose port(s) may be changed. When both Port
 and SectionName are specified, the name and port of the selected listener
 must match both specified values.
 &lt;gateway:experimental:description&gt;
 When the parent resource is a Service, this targets a specific port in the
 Service spec. When both Port (experimental) and SectionName are specified,
 the name and port of the selected port must match both specified values.
 &lt;/gateway:experimental:description&gt;
 Implementations MAY choose to support other parent resources.
 Implementations supporting other types of parent resources MUST clearly
 document how/if Port is interpreted.
 For the purpose of status, an attachment is considered successful as
 long as the parent resource accepts it partially. For example, Gateway
 listeners can restrict which Routes can attach to them by Route kind,
 namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
 from the referencing Route, the Route MUST be considered successfully
 attached. If no Gateway listeners accept attachment from this Route,
 the Route MUST be considered detached from the Gateway.
 Support: Extended<br/>
          <br/>
            <i>Format</i>: int32<br/>
            <i>Minimum</i>: 1<br/>
            <i>Maximum</i>: 65535<br/>
        </td>
        <td>false</td>
      </tr><tr>
        <td><b>sectionName</b></td>
        <td>string</td>
        <td>
          SectionName is the name of a section within the target resource. In the
 following resources, SectionName is interpreted as the following:
 * Gateway: Listener name. When both Port (experimental) and SectionName
 are specified, the name and port of the selected listener must match
 both specified values.
 * Service: Port name. When both Port (experimental) and SectionName
 are specified, the name and port of the selected listener must match
 both specified values.
 Implementations MAY choose to support attaching Routes to other resources.
 If that is the case, they MUST clearly document how SectionName is
 interpreted.
 When unspecified (empty string), this will reference the entire resource.
 For the purpose of status, an attachment is considered successful if at
 least one section in the parent resource accepts it. For example, Gateway
 listeners can restrict which Routes can attach to them by Route kind,
 namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
 the referencing Route, the Route MUST be considered successfully
 attached. If no Gateway listeners accept attachment from this Route, the
 Route MUST be considered detached from the Gateway.
 Support: Core<br/>
        </td>
        <td>false</td>
      </tr></tbody>
 </table>
 ### Flagd.spec.ingress
 <sup><sup>[↩ Parent](#flagdspec)</sup></sup>
@ -1319,8 +1567,12 @@ Selects a key of a ConfigMap.
        <td>string</td>
        <td>
          Name of the referent.
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+This field is effectively required, but due to backwards compatibility is
-TODO: Add other useful fields. apiVersion, kind, uid?<br/>
+allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names<br/>
          <br/>
            <i>Default</i>: <br/>
        </td>
        <td>false</td>
      </tr><tr>
@ -1439,8 +1691,12 @@ Selects a key of a secret in the pod's namespace
        <td>string</td>
        <td>
          Name of the referent.
-More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+This field is effectively required, but due to backwards compatibility is
-TODO: Add other useful fields. apiVersion, kind, uid?<br/>
+allowed to be empty. Instances of this type with an empty value here are
 almost certainly wrong.
 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names<br/>
          <br/>
            <i>Default</i>: <br/>
        </td>
        <td>false</td>
      </tr><tr>
--- a/docs/flagd.md
+++ b/docs/flagd.md
@ -1,7 +1,7 @@
 # Flagd
 The CRD `Flagd` at version `v1beta1` is used to create a standalone flagd deployment,
-accompanied by a `Service` and an optional `Ingress` to expose its API
+accompanied by a `Service` and an optional `Ingress` or `Gateway API` routes to expose its API
 endpoint to clients outside the cluster.
 Below is an example of a `Flagd` resource:
@ -166,3 +166,89 @@ spec:
 Note that if the flagd service is intended only for cluster-internal use, the creation of the `Ingress` can be disabled
 by setting the `spec.ingress.enabled` parameter of the `Flagd` resource to `false`.
 ## Gateway API 
 Instead of an `Ingress`, a `Gateway API` route can be created. 
 Below is the above example of a `Flagd` resource with `Gateway API` instead of `Ingress`:
 ```yaml
 apiVersion: core.openfeature.dev/v1beta1
 kind: Flagd
 metadata:
  name: flagd-sample
 spec:
  replicas: 2
  serviceType: ClusterIP
  serviceAccountName: default
  featureFlagSource: end-to-end
  gatewayApiRoutes:
    enabled: true
    hosts:
      - flagd-sample
    parentRefs:
      - name: my-gateway
        namespace: my-gateway-namespace
 ```
 Instead of the `Ingress` resource, the following `HTTPRoute` will be created by the operator after applying it:
 ```yaml
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
  labels:
    app: flagd-sample
    app.kubernetes.io/managed-by: open-feature-operator
    app.kubernetes.io/name: flagd-sample
  name: flagd-sample
  ownerReferences:
    - apiVersion: core.openfeature.dev/v1beta1
      kind: Flagd
      name: flagd-sample
 spec:
  hostnames:
    - flagd-sample
  parentRefs:
    - group: gateway.networking.k8s.io
      kind: Gateway
      name: my-gateway
      namespace: my-gateway-namespace
  rules:
    - backendRefs:
        - group: ""
          kind: Service
          name: flagd-sample
          port: 8016
          weight: 1
      matches:
        - path:
            type: PathPrefix
            value: /ofrep
    - backendRefs:
        - group: ""
          kind: Service
          name: flagd-sample
          port: 8013
          weight: 1
      matches:
        - path:
            type: PathPrefix
            value: /flagd.evaluation.v1.Service
    - backendRefs:
        - group: ""
          kind: Service
          name: flagd-sample
          port: 8015
          weight: 1
      matches:
        - path:
            type: PathPrefix
            value: /flagd.sync.v1.Service
 ```
 The operator only creates an `HTTPRoute` for all endpoints instead of explicitly creating a `GRPCRoute` for the GRPC 
 endpoints, because we are using GRPC Gateway to enable HTTP+JSON for the GRPC endpoints. 
 This means that these endpoint not only support GRPC, but also plain HTTP. Because of this, `GRPCRoute` does not work 
 well for these endpoints.
--- a/docs/flagd_proxy.md
+++ b/docs/flagd_proxy.md
@ -54,6 +54,7 @@ The current implementation of the `flagd-proxy` allows for a set of basic config
 |---------------------------|-----------------------------------------------------------------------------------------------|
 | FLAGD_PROXY_IMAGE         | Allows for the default flagd-proxy image to be overwritten                                    |
 | FLAGD_PROXY_TAG           | Allows for the default flagd-proxy tag to be overwritten                                      |
 | FLAGD_PROXY_REPLICA_COUNT | Allows to configure the number of replicas for the flagd-proxy deployment.                    |
 | FLAGD_PROXY_PORT          | Allows the default port of `8015` to eb overwritten                                           |
 | FLAGD_PROXY_METRICS_PORT  | Allows the default metrics port of `8016` to be overwritten                                   |
 | FLAGD_PROXY_DEBUG_LOGGING | Defaults to `"false"`, allows for the `--debug` flag to be set on the `flagd-proxy` container |
--- a/docs/installation.md
+++ b/docs/installation.md
@ -62,13 +62,13 @@ Apply the release yaml directly via kubectl
 <!-- x-release-please-start-version -->
 ```sh
 kubectl create namespace open-feature-operator-system &&
-kubectl apply -f https://github.com/open-feature/open-feature-operator/releases/download/v0.6.0/release.yaml
+kubectl apply -f https://github.com/open-feature/open-feature-operator/releases/download/v0.8.7/release.yaml
 ```
 <!-- x-release-please-end -->
 ### Uninstall
 <!-- x-release-please-start-version -->
 ```sh
-kubectl delete -f https://github.com/open-feature/open-feature-operator/releases/download/v0.6.0/release.yaml &&
+kubectl delete -f https://github.com/open-feature/open-feature-operator/releases/download/v0.8.7/release.yaml &&
 kubectl delete namespace open-feature-operator-system
 ```
 <!-- x-release-please-end -->
--- a/docs/permissions.md
+++ b/docs/permissions.md
@ -20,26 +20,30 @@ The definition of this role can be found [here](../config/rbac//leader_election_
 ### Manager Role
 The `manager-role` applies the rules described below, its definition can be found [here](../config/rbac/role.yaml).
-It provides the operator with sufficient permissions over the `core.openfeature.dev` resources, and the required permissions for injecting the `flagd` sidecar into appropriate pods. 
+It provides the operator with sufficient permissions over the `core.openfeature.dev` resources, 
 the required permissions for injecting the `flagd` sidecar into appropriate pods, 
 and managing flagd-proxy resources
 The `ConfigMap` permissions are needed to allow the mounting of `FeatureFlag` resources for file syncs.
-| API Group                   | Resource                        | Verbs                                           |
+| API Group                   | Resource                       | Verbs                                           |
-|-----------------------------|---------------------------------|-------------------------------------------------|
+|-----------------------------|--------------------------------|-------------------------------------------------|
-| -                           | `ConfigMap`                     | create, delete, get, list, patch, update, watch |
+| -                           | `ConfigMap`                    | create, delete, get, list, patch, update, watch |
-| -                           | `Pod`                           | create, delete, get, list, patch, update, watch |
+| -                           | `Pod`                          | create, delete, get, list, patch, update, watch |
-| -                           | `ServiceAccount`                | get, list, watch                                |
+| -                           | `ServiceAccount`               | get, list, watch                                |
-| -                           | `Service` *(\*)*                | create, delete, get, list, patch, update, watch |
+| -                           | `Service` *(\*)*               | create, delete, get, list, patch, update, watch |
-| `networking.k8s.io`         | `Ingress` *(\*)*                | create, delete, get, list, patch, update, watch |
+| `policy`                    | `PodDisruptionBudget`          | create, delete, get, list, patch, update, watch |
-| `core.openfeature.dev`      | `FeatureFlag`                   | create, delete, get, list, patch, update, watch |
+| `networking.k8s.io`         | `Ingress` *(\*)*               | create, delete, get, list, patch, update, watch |
-| `core.openfeature.dev`      | `FeatureFlag Finalizers`        | update                                          |
+| `gateway.networking.k8s.io` | `HttpRoute`                    | create, delete, get, list, patch, update, watch |
-| `core.openfeature.dev`      | `FeatureFlag Status`            | get, patch, update                              |
+| `core.openfeature.dev`      | `FeatureFlag`                  | create, delete, get, list, patch, update, watch |
-| `core.openfeature.dev`      | `FeatureFlagSource`             | create, delete, get, list, patch, update, watch |
+| `core.openfeature.dev`      | `FeatureFlag Finalizers`       | update                                          |
-| `core.openfeature.dev`      | `FeatureFlagSource Finalizers`  | get, update                                     |
+| `core.openfeature.dev`      | `FeatureFlag Status`           | get, patch, update                              |
-| `core.openfeature.dev`      | `FeatureFlagSource Status`      | get, patch, update                              |
+| `core.openfeature.dev`      | `FeatureFlagSource`            | create, delete, get, list, patch, update, watch |
-| `core.openfeature.dev`      | `Flagd`                         | create, delete, get, list, patch, update, watch |
+| `core.openfeature.dev`      | `FeatureFlagSource Finalizers` | get, update                                     |
-| `core.openfeature.dev`      | `Flagd Finalizers`              | update                                          |
+| `core.openfeature.dev`      | `FeatureFlagSource Status`     | get, patch, update                              |
-| `core.openfeature.dev`      | `InProcessConfiguration`        | create, delete, get, list, patch, update, watch |
+| `core.openfeature.dev`      | `Flagd`                        | create, delete, get, list, patch, update, watch |
-| `rbac.authorization.k8s.io` | `ClusterRoleBinding`            | get, list, update, watch                        |
+| `core.openfeature.dev`      | `Flagd Finalizers`             | update                                          |
 | `core.openfeature.dev`      | `InProcessConfiguration`       | create, delete, get, list, patch, update, watch |
 | `rbac.authorization.k8s.io` | `ClusterRoleBinding`           | get, list, update, watch                        |
 ### Proxy Role
--- a/docs/quick_start.md
+++ b/docs/quick_start.md
@ -40,7 +40,7 @@ helm upgrade --install openfeature openfeature/open-feature-operator
 <!-- x-release-please-start-version -->
 ```sh
 kubectl create namespace open-feature-operator-system &&
-kubectl apply -f https://github.com/open-feature/open-feature-operator/releases/download/v0.6.0/release.yaml
+kubectl apply -f https://github.com/open-feature/open-feature-operator/releases/download/v0.8.7/release.yaml
 ```
 <!-- x-release-please-end -->
@ -78,7 +78,7 @@ spec:
 EOF
 ```
-#### 5. Install a source definition
+#### 6. Install a source definition
 This is added as a custom resource of kind `FeatureFlagSource` in `flags` namespace
@ -96,7 +96,7 @@ spec:
 EOF
 ```
-#### 6. Deploy sample workload 
+#### 7. Deploy sample workload 
 Workload is deployed to namespace `workload`
@ -137,7 +137,7 @@ spec:
 EOF
 ```
-#### 7. Validate deployment & flag evaluation
+#### 8. Validate deployment & flag evaluation
 First, obtain the pod name of the workload,
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Mark Stickley	c5e1158d6d	docs: Fixed numbering in quick_start.md (#777 ) Signed-off-by: Mark Stickley <markstickley@users.noreply.github.com>	2025-08-07 14:10:30 -04:00
OpenFeature Bot	88a3ee2322	chore: release 0.8.7 (#769 ) Signed-off-by: OpenFeature Bot <109696520+openfeaturebot@users.noreply.github.com> Signed-off-by: Lukas Reining <lukas.reining@codecentric.de> Co-authored-by: Lukas Reining <lukas.reining@codecentric.de>	2025-07-28 22:55:12 +02:00
Yosiah de Koeyer	6f7152cffc	fix: API server warning for empty imagePullSecrets (#774 ) Signed-off-by: Yosiah de Koeyer <dev@yosiahdekoeyer.dev>	2025-07-14 09:14:43 -04:00
Yosiah de Koeyer	6cbc0fa1a1	fix: Ingress annotations not reconciling (#773 ) Signed-off-by: Yosiah de Koeyer <dev@yosiahdekoeyer.dev>	2025-07-14 09:14:25 -04:00
wrzasa	4b76e479c4	fix: end-to-end.yaml (#771 ) Signed-off-by: wrzasa <wrzasa@users.noreply.github.com>	2025-06-26 19:45:33 +00:00
renovate[bot]	1e5af9d5f0	chore(deps): update actions/setup-node action to v4.4.0 (#767 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-06-13 15:23:56 -04:00
OpenFeature Bot	36a286c618	chore: release 0.8.6 (#752 ) Signed-off-by: OpenFeature Bot <109696520+openfeaturebot@users.noreply.github.com> Signed-off-by: Todd Baert <todd.baert@dynatrace.com> Co-authored-by: Todd Baert <todd.baert@dynatrace.com>	2025-06-13 13:39:34 +00:00
Oleg Atamanenko	349c176ee5	feat(flagd): add support for GCS (#765 ) Signed-off-by: Oleg Atamanenko <oleg.atamanenko@gmail.com>	2025-06-03 15:57:32 +00:00
renovate[bot]	20f6f40956	fix(deps): update open-feature/flagd (#755 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-06-03 10:53:26 -04:00
Lukas Reining	d39973b0ea	fix: namespace for ca injection for mutatingwebhook solving #759 (#763 ) Signed-off-by: Lukas Reining <lukas.reining@codecentric.de>	2025-04-19 21:56:15 +02:00
renovate[bot]	301401391e	chore(deps): update dependency ubuntu to v24 (#748 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-04-15 08:12:42 -04:00
renovate[bot]	a4b4216d20	fix(deps): update kubernetes packages to v0.32.3 (#756 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-04-15 08:12:27 -04:00
renovate[bot]	3fc56cd89d	chore(deps): update helm/kind-action action to v1.12.0 (#744 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-13 09:36:02 -04:00
Oleg Nenashev	c4c0c59f7f	docs: Replace the old events calendar by the OpenFeature community Page link (#751 ) Signed-off-by: Oleg Nenashev <o.v.nenashev@gmail.com>	2025-03-07 07:33:23 -05:00
github-actions[bot]	4929ef675b	chore: release 0.8.5 (#734 ) Signed-off-by: OpenFeature Bot <109696520+openfeaturebot@users.noreply.github.com> Signed-off-by: Todd Baert <todd.baert@dynatrace.com> Co-authored-by: OpenFeature Bot <109696520+openfeaturebot@users.noreply.github.com> Co-authored-by: Todd Baert <todd.baert@dynatrace.com>	2025-01-31 13:20:16 -05:00
Todd Baert	def1434060	chore: remove rbac-proxy values and doc (#742 ) Signed-off-by: Todd Baert <todd.baert@dynatrace.com>	2025-01-31 13:11:50 -05:00
Michael Beemer	565b33a175	ci: run release please at the openfeature bot (#745 ) Signed-off-by: Michael Beemer <beeme1mr@users.noreply.github.com>	2025-01-31 13:11:04 -05:00
renovate[bot]	3d2ddfe8d6	chore(deps): update docker/build-push-action action to v6 (#694 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-01-31 17:58:23 +00:00
renovate[bot]	06f43a9241	chore(deps): update golang docker tag to v1.23.5 (#481 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-01-31 17:23:18 +00:00
renovate[bot]	963d155d0a	chore(deps): update dependency bitnami-labs/readme-generator-for-helm to v2.7.0 (#741 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-01-31 17:22:00 +00:00
Michael Beemer	2ed39efb01	ci: add dco workaround, run tests for merge queues (#740 ) Signed-off-by: Michael Beemer <beeme1mr@users.noreply.github.com>	2025-01-31 12:13:37 -05:00
renovate[bot]	0038e45a72	chore(deps): update docker/login-action digest to 327cd5a (#728 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Todd Baert <toddbaert@gmail.com>	2025-01-31 12:10:41 -05:00
renovate[bot]	740205fc2a	chore(deps): update busybox docker tag to v1.37.0 (#739 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-01-31 12:10:22 -05:00
renovate[bot]	15d55c587d	chore(deps): update actions/setup-node action to v4.2.0 (#737 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Todd Baert <toddbaert@gmail.com>	2025-01-31 12:06:35 -05:00
renovate[bot]	8ac429beec	chore(deps): update aquasecurity/trivy-action action to v0.29.0 (#738 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Todd Baert <toddbaert@gmail.com>	2025-01-31 12:05:39 -05:00
renovate[bot]	383c1168d4	chore(deps): update curlimages/curl docker tag to v8.11.1 (#703 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-01-31 12:04:42 -05:00
renovate[bot]	9eb1ca8beb	fix(deps): update open-feature/flagd (#736 ) Signed-off-by: Todd Baert <todd.baert@dynatrace.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Todd Baert <todd.baert@dynatrace.com>	2025-01-31 11:58:44 -05:00
Lukas Reining	5358d1eacf	chore: replace deprecated gcr.io/kubebuilder/kube-rbac-proxy (#733 ) Signed-off-by: Lukas Reining <lukas.reining@codecentric.de>	2025-01-30 12:20:47 -05:00
github-actions[bot]	ee48ee418a	chore: release 0.8.4 (#732 )	2025-01-14 07:42:36 +01:00
github-actions[bot]	dbe12227bc	chore: release apis 0.2.45 (#727 ) Signed-off-by: Michael Beemer <beeme1mr@users.noreply.github.com>	2025-01-13 16:52:19 -05:00
github-actions[bot]	31d7079da2	chore: release 0.8.3 (#731 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2025-01-13 11:44:03 -05:00
Lukas Reining	0aa61ec141	fix: flagd environment variables missing prefix (#730 ) Signed-off-by: Lukas Reining <lukas.reining@codecentric.de>	2025-01-13 17:33:42 +01:00
hayden	674dd16ac4	fix: Add --port argument in flagd pods for set flagd service port (#710 ) Co-authored-by: Lukas Reining <lukas.reining@codecentric.de>	2025-01-13 17:21:51 +01:00
github-actions[bot]	5b5769722c	chore: release 0.8.2 (#726 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2025-01-13 10:02:41 -05:00
Lukas Reining	b393a2669c	feat: add gateway api support (#725 ) Signed-off-by: Lukas Reining <lukas.reining@codecentric.de>	2025-01-13 15:48:16 +01:00
Marco Orovecchia	e3f1e2471f	feat: allow setting mutating webhook failurepolicy and objectSelector via helm (#715 ) Signed-off-by: Marco Orovecchia <marco@orovecchia.at> Co-authored-by: Michael Beemer <beeme1mr@users.noreply.github.com> Co-authored-by: Lukas Reining <lukas.reining@codecentric.de>	2025-01-13 14:57:04 +01:00
Woody Hill	9b8e8c322e	fix: Add missing poddisruptionbudget update verb (#722 ) Signed-off-by: woodyh <woodyh@blackmagicdesign.com> Co-authored-by: woodyh <woodyh@blackmagicdesign.com>	2025-01-13 08:53:18 -05:00
github-actions[bot]	838bddaabc	chore: release 0.8.1 (#720 ) Signed-off-by: Michael Beemer <beeme1mr@users.noreply.github.com>	2024-10-30 12:24:27 -04:00
Matthias Riegler	8ae6ee81ac	fix: make flagd replica count configureable in helm chart (#716 ) Signed-off-by: Matthias Riegler <matthias.riegler@ankorstore.com> Co-authored-by: Michael Beemer <beeme1mr@users.noreply.github.com>	2024-10-30 10:54:03 -04:00
Michael Beemer	52bac10723	ci(trivy): fetch vulnerabilities DB from ERC (#721 ) Signed-off-by: Michael Beemer <beeme1mr@users.noreply.github.com>	2024-10-30 10:45:46 -04:00
Woody Hill	69efcf021d	fix: Add missing poddisruption budget permissions in manager cluster role (#718 ) Signed-off-by: woodyh <woodyh@blackmagicdesign.com>	2024-10-30 09:02:47 -04:00
renovate[bot]	20e4045d1a	chore(deps): update docker/login-action digest to 0689575 (#714 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-10-30 08:37:53 -04:00
github-actions[bot]	bcdafd29a0	chore: release 0.8.0 (#708 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2024-10-24 14:11:37 -04:00
Matthias Riegler	e115159936	feat: add flagd-proxy HA configuration (#712 ) Signed-off-by: Matthias Riegler <matthias.riegler@ankorstore.com>	2024-10-22 16:16:35 -04:00
Michael Beemer	99b1cd46b3	ci: simplify ci, bump version, fix pr linter (#713 ) Signed-off-by: Michael Beemer <beeme1mr@users.noreply.github.com>	2024-10-14 13:23:54 -04:00
renovate[bot]	696e2edf83	chore(deps): update golangci/golangci-lint-action action to v6 (#704 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-10-09 14:45:53 -04:00
hayden	64cdc25a03	fix!: Fix typo flagsValidatonEnabled into flagsValidationEnabled (#707 ) Signed-off-by: kimsehwan96 <sktpghks138@gmail.com> Signed-off-by: Todd Baert <todd.baert@dynatrace.com> Co-authored-by: Todd Baert <todd.baert@dynatrace.com>	2024-10-02 11:39:50 -04:00
github-actions[bot]	7ace54d6a4	chore: release 0.7.2 (#701 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2024-08-12 14:49:09 -04:00
cpitstick-latai	a21f278c2e	feat: Custom labels and annotations for namespace. (#702 ) Signed-off-by: Christopher Pitstick <cpitstick@lat.ai>	2024-08-02 14:06:08 -04:00
renovate[bot]	1588ef8520	chore(deps): update codecov/codecov-action action to v4 (#693 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-08-02 12:33:52 -04:00
cpitstick-latai	4a43871bfa	fix: Case-align FROM and AS in Dockerfile (#699 ) Co-authored-by: Michael Beemer <beeme1mr@users.noreply.github.com>	2024-07-30 14:08:36 -04:00
cpitstick-latai	b5ad5943cc	fix: Fix Kustomize installation (#700 ) Signed-off-by: Christopher Pitstick <cpitstick@lat.ai>	2024-07-30 11:59:14 -04:00
github-actions[bot]	2c18afcba8	chore: release 0.7.1 (#687 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2024-07-23 14:29:28 -04:00
github-actions[bot]	9997ea443e	chore: release apis 0.2.44 (#688 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Todd Baert <toddbaert@gmail.com>	2024-07-23 13:55:43 -04:00
renovate[bot]	b27a9eb716	chore(deps): update actions/setup-go action to v5 (#673 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-07-23 10:08:06 -04:00
renovate[bot]	db53303d14	fix(deps): update golang.org/x/exp digest to 8a7402a (#691 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-07-23 10:07:52 -04:00
renovate[bot]	486a4fd8b2	chore(deps): update docker/login-action digest to 9780b0c (#605 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-07-23 09:50:08 -04:00
renovate[bot]	473929c3d8	chore(deps): update docker/metadata-action digest to 60a0d34 (#690 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-07-23 09:49:55 -04:00
renovate[bot]	6f77899bde	chore(deps): update actions/setup-node action to v4 (#675 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-07-23 09:49:41 -04:00
renovate[bot]	0fdd6db6e1	chore(deps): update module golang.org/x/net to v0.27.0 (#669 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-07-23 09:49:16 -04:00
renovate[bot]	0d331a9bc5	chore(deps): update open-feature/flagd (#689 ) Signed-off-by: Todd Baert <todd.baert@dynatrace.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Todd Baert <todd.baert@dynatrace.com>	2024-07-23 09:26:30 -04:00
renovate[bot]	1d2713dad6	fix(deps): update module github.com/stretchr/testify to v1.9.0 (#671 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-07-18 16:02:45 -04:00
cpitstick-latai	7ec44a6a06	feat: Add labels and annotations to pods. (#681 ) Signed-off-by: Christopher Pitstick <cpitstick@lat.ai> Signed-off-by: Todd Baert <todd.baert@dynatrace.com> Co-authored-by: Todd Baert <todd.baert@dynatrace.com>	2024-07-18 15:51:38 -04:00
github-actions[bot]	917a680fb3	chore: release 0.7.0 (#685 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2024-07-08 12:22:54 -04:00
Todd Baert	65c3c26211	fix: remove duplicated port in helm (#686 ) Signed-off-by: Todd Baert <todd.baert@dynatrace.com>	2024-07-04 07:54:37 -04:00
cpitstick-latai	31cddbaf95	feat!: split bind address to manage host and port separately (#679 ) Signed-off-by: Christopher Pitstick <cpitstick@lat.ai>	2024-07-03 12:04:39 -04:00
cpitstick-latai	8e00a35c89	feat: Add hostNetwork flag. (#680 ) Signed-off-by: Christopher Pitstick <cpitstick@lat.ai>	2024-06-28 13:46:47 -04:00
github-actions[bot]	339e5c8cf4	chore: release 0.6.1 (#661 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2024-06-06 14:54:21 -04:00