162 changed files with 1738 additions and 14777 deletions
--- a/.github/scripts/generate-helm-docs.sh
+++ b/.github/scripts/generate-helm-docs.sh
@ -9,7 +9,7 @@
 # Node >=16

 # renovate: datasource=github-releases depName=bitnami-labs/readme-generator-for-helm
-GENERATOR_VERSION="2.7.0"
+GENERATOR_VERSION="2.6.1"

 echo "Checking if readme generator is installed already..."
 if [[ $(npm list -g | grep -c "readme-generator-for-helm@${GENERATOR_VERSION}") -eq 0 ]]; then
--- a/.github/scripts/strip-kustomize-helm.sh
+++ b/.github/scripts/strip-kustomize-helm.sh
@ -1,34 +1,18 @@
-#!/usr/bin/env bash
+#!/bin/bash

 # This script is a hack to support helm flow control in kustomize overlays, which would otherwise break them.
 # It allows us to render helm template bindings and add newlines.
 # For instance, it transforms "___{{ .Value.myValue }}___" to {{ .Value.myValue }}.
-# It also adds newlines wherever ___newline___ is found, and other operations. See
-# sed_expressions below.
+# It also adds newlines wherever ___newline___ is found.
+
+CHARTS_DIR='./chart/open-feature-operator/templates';

 echo 'Running strip-kustomize-helm.sh script'
-CHARTS_DIR='./chart/open-feature-operator/templates'
-
-# Careful! Ordering of these expressions matter!
-sed_expressions=(
-    "s/___newline___/\\n/g"
-    "s/___space___/ /g"
-    "s/\"___//g"
-    "s/___\"//g"
-    "/___delete_me___/d"
-    "s/___//g"
-)
-
-find $CHARTS_DIR -name "*.yaml" | while read file; do
-    for expr in "${sed_expressions[@]}"; do
-        if [[ "$OSTYPE" == "darwin"* ]]; then
-            # macOS (BSD) version
-            sed -i '' "$expr" "$file"
-        else
-            # Linux (GNU) version
-            sed -i "$expr" "$file"
-        fi
-    done
+filenames=`find $CHARTS_DIR -name "*.yaml"`
+for file in $filenames; do
+    sed -i "s/___newline___/\\n/g" $file
+    sed -i "s/\"___//g" $file
+    sed -i "s/___\"//g" $file
+    sed -i "s/___//g" $file
 done
-
-echo 'Done running strip-kustomize-helm.sh script'
+echo 'Done running strip-kustomize-helm.sh script'
--- a/.github/workflows/dco-merge-group.yml
+++ b/.github/workflows/dco-merge-group.yml
@ -1,12 +0,0 @@
-name: DCO
-on:
-  merge_group:
-
-# Workaround because the DCO app doesn't run on a merge_group trigger
-# https://github.com/dcoapp/app/pull/200
-jobs:
-  DCO:
-    runs-on: ubuntu-latest
-    if: ${{ github.actor != 'renovate[bot]' }}
-    steps:
-      - run: echo "dummy DCO workflow (it won't run any check actually) to trigger by merge_group in order to enable merge queue"
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@ -6,20 +6,20 @@ on:
        description: "Tag of Kind image"
        type: "string"
 env:
-  GO_VERSION: "~1.23"
+  GO_VERSION: "~1.21"
 defaults:
  run:
    shell: bash

 jobs:
  e2e-test:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Download image
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
        with:
          name: open-feature-operator-local-${{ github.sha }}
          path: ${{ github.workspace }}
@ -36,7 +36,7 @@ jobs:
          docker load --input ${{ github.workspace }}/open-feature-operator-local.tar

      - name: Create k8s Kind Cluster
-        uses: helm/kind-action@v1.12.0
+        uses: helm/kind-action@v1.10.0
        with:
          config: ./test/e2e/kind-cluster.yml
          cluster_name: open-feature-operator-test
@ -47,7 +47,7 @@ jobs:
          kind load docker-image open-feature-operator-local:${{ github.sha }} --name open-feature-operator-test

      - name: Install Chainsaw
-        uses: kyverno/action-install-chainsaw@f2b47b97dc889c12702113753d713f01ec268de5 # v0.2.12
+        uses: kyverno/action-install-chainsaw@748066cc1580718e7924c9b689a8d366bde05100 # v0.2.0

      - name: Install OFO
        run: |
@ -64,7 +64,7 @@ jobs:

      - name: Upload cluster logs
        if: failure()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        with:
          name: e2e-tests
          path: .github/scripts/logs
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@ -17,19 +17,19 @@ on:
      - "!docs/**"
 env:
  # renovate: datasource=github-releases depName=golangci/golangci-lint
-  GOLANGCI_LINT_VERSION: "v1.63.4"
-  GO_VERSION: "~1.23"
+  GOLANGCI_LINT_VERSION: "v1.59.0"
+  GO_VERSION: "~1.21"
 jobs:
  golangci-lint:
    name: golangci-lint
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    strategy:
      fail-fast: false
    steps:
      - name: Check out code
        uses: actions/checkout@v4

-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@v4
        with:
          go-version: ${{ env.GO_VERSION }}
          check-latest: true
@ -38,7 +38,7 @@ jobs:
        run: make workspace-init

      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v6
+        uses: golangci/golangci-lint-action@v3
        with:
          working-directory: ./
          version: ${{ env.GOLANGCI_LINT_VERSION }}
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@ -4,14 +4,14 @@ on:
  push:
    branches:
      - main
+    paths-ignore:
+      - '**.md'
  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-    branches:
-      - main
-  merge_group:
+    paths-ignore:
+      - '**.md'
+env:
+  # Default minimum version of Go to support.
+  DEFAULT_GO_VERSION: "~1.21"

 permissions:
  contents: read
@ -19,15 +19,12 @@ permissions:
 jobs:
  unit-test:
    name: Unit Tests
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
      - name: Install Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v4
        with:
-          go-version-file: 'go.mod'
+          go-version: ${{ env.DEFAULT_GO_VERSION }}

      - name: Setup Environment
        run: |
@ -42,6 +39,9 @@ jobs:
          path: ~/go/pkg/mod
          key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/go.sum') }}

+      - name: Checkout repository
+        uses: actions/checkout@v4
+
      - name: Workspace Init
        run: make workspace-init

@ -49,27 +49,27 @@ jobs:
        run: make unit-test

      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v3
        with:
          flags: unit-tests

  docker-local:
    permissions:
      security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@master
        with:
          platforms: all
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@master
      - name: Build
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v4
        with:
          builder: ${{ steps.buildx.outputs.name }}
          context: .
@ -78,21 +78,19 @@ jobs:
          cache-from: type=gha,scope=${{ github.ref_name }}-ofo
          cache-to: type=gha,scope=${{ github.ref_name }}-ofo
      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.29.0
+        uses: aquasecurity/trivy-action@master
        with:
-          input: ${{ github.workspace }}/open-feature-operator-local.tar
-          format: "sarif"
+          input: /github/workspace/open-feature-operator-local.tar
+          format: "template"
+          template: "@/contrib/sarif.tpl"
          output: "trivy-results.sarif"
          severity: "CRITICAL,HIGH"
-        env:
-          # use an alternative trivvy db to avoid rate limits
-          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2,ghcr.io/aquasecurity/trivy-db:2
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: "trivy-results.sarif"
      - name: Upload image as artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        with:
          name: open-feature-operator-local-${{ github.sha }}
          path: ${{ github.workspace }}/open-feature-operator-local.tar
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@ -18,10 +18,9 @@ jobs:
      pull-requests: write
      statuses: write  # for amannn/action-semantic-pull-request to mark status of analyzed PR
    name: Validate PR title
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - uses: amannn/action-semantic-pull-request@v5
-        id: lint_pr_title
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@ -7,7 +7,7 @@ on:

 env:
  # Default minimum version of Go to support.
-  DEFAULT_GO_VERSION: "~1.23"
+  DEFAULT_GO_VERSION: "~1.21"
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}
  GITHUB_PAGES_BRANCH: gh-pages
@ -24,7 +24,7 @@ jobs:
    permissions:
      contents: write  # for google-github-actions/release-please-action to create release commit
      pull-requests: write  # for google-github-actions/release-please-action to create release PR
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04

    # Release-please creates a PR that tracks all changes
    steps:
@ -32,9 +32,8 @@ jobs:
        id: release
        with:
          command: manifest
-          token: ${{secrets.RELEASE_PLEASE_ACTION_TOKEN}}
+          token: ${{secrets.GITHUB_TOKEN}}
          default-branch: main
-          signoff: "OpenFeature Bot <109696520+openfeaturebot@users.noreply.github.com>"

    outputs:
      release_created: ${{ steps.release.outputs.release_created }}
@ -44,7 +43,7 @@ jobs:
    needs: release-please
    permissions:
      packages: write # to push the container image
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    if: ${{ needs.release-please.outputs.release_created }}
    steps:
      - name: Checkout
@ -53,7 +52,7 @@ jobs:
          ref: ${{ needs.release-please.outputs.release_tag_name }}

      - name: Log in to the Container registry
-        uses: docker/login-action@327cd5a69de6c009b9ce71bce8395f28e651bf99
+        uses: docker/login-action@a9794064588be971151ec5e7144cb535bcb56e36
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
@ -61,7 +60,7 @@ jobs:

      - name: Extract metadata (tags, labels) for Docker
        id: meta
-        uses: docker/metadata-action@60a0d343a0d8a18aedee9d34e62251f752153bdb
+        uses: docker/metadata-action@f7b4ed12385588c3f9bc252f0a2b520d83b52d48
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

@ -75,7 +74,7 @@ jobs:
        uses: docker/setup-buildx-action@master

      - name: Build
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v4
        with:
          builder: ${{ steps.buildx.outputs.name }}
          context: .
@ -110,7 +109,7 @@ jobs:
    needs: release-please
    permissions:
      contents: write  # for softprops/action-gh-release to create GitHub release
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    if: ${{ needs.release-please.outputs.release_created }}
    steps:
        - name: Checkout
@ -119,7 +118,7 @@ jobs:
            ref: ${{ needs.release-please.outputs.release_tag_name }}

        - name: Setup go
-          uses: actions/setup-go@v5
+          uses: actions/setup-go@v4
          with:
            go-version: ${{ env.DEFAULT_GO_VERSION }}
        - run: |
@ -146,7 +145,7 @@ jobs:
    needs: release-please
    permissions:
      contents: write
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    if: ${{ needs.release-please.outputs.release_created }}
    steps:
      - name: Checkout
@ -156,7 +155,7 @@ jobs:
          ref: ${{ env.GITHUB_PAGES_BRANCH }}

      - name: Setup go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v4
        with:
          go-version: ${{ env.DEFAULT_GO_VERSION }}

--- a/.github/workflows/validate-crd-docs.yml
+++ b/.github/workflows/validate-crd-docs.yml
@ -9,7 +9,7 @@ defaults:
 jobs:
  check-helm-docs:
    name: Check crd documentation values
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: Check out code
        uses: actions/checkout@v4
--- a/.github/workflows/validate-helm-docs.yml
+++ b/.github/workflows/validate-helm-docs.yml
@ -11,13 +11,13 @@ defaults:
 jobs:
  check-helm-docs:
    name: Check helm documentation values
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    steps:
      - name: Check out code
        uses: actions/checkout@v4

      - name: Set up Node
-        uses: actions/setup-node@v4.4.0
+        uses: actions/setup-node@v3.8.2
        with:
          node-version: 16

--- a/.gitignore
+++ b/.gitignore
@ -34,5 +34,3 @@ testbin/*

 go.work
 go.work.sum
-
-dist
--- a/.golangci.yml
+++ b/.golangci.yml
@ -1,6 +1,6 @@
 run:
  timeout: 5m
-  go: '1.23'
+  go: '1.20'
 linters:
  enable:
    - gofmt         # Gofmt checks whether code was gofmt-ed. By default, this tool runs with -s option to check for code simplification
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@ -1,4 +1,4 @@
 {
-  ".": "0.8.7",
-  "apis": "0.2.45"
+  ".": "0.6.0",
+  "apis": "0.2.43"
 }
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,215 +1,5 @@
 # Changelog

-## [0.8.7](https://github.com/open-feature/open-feature-operator/compare/v0.8.6...v0.8.7) (2025-07-14)
-
-
-### 🐛 Bug Fixes
-
-* API server warning for empty imagePullSecrets ([#774](https://github.com/open-feature/open-feature-operator/issues/774)) ([6f7152c](https://github.com/open-feature/open-feature-operator/commit/6f7152cffc75b1b00a4f941afc9e8ee2593151d7))
-* end-to-end.yaml ([#771](https://github.com/open-feature/open-feature-operator/issues/771)) ([4b76e47](https://github.com/open-feature/open-feature-operator/commit/4b76e479c44c3dd90ab237ac7ba319617b61f6b9))
-* Ingress annotations not reconciling ([#773](https://github.com/open-feature/open-feature-operator/issues/773)) ([6cbc0fa](https://github.com/open-feature/open-feature-operator/commit/6cbc0fa1a19ef89660b0816b0e92425d1e414d96))
-
-
-### 🧹 Chore
-
-* **deps:** update actions/setup-node action to v4.4.0 ([#767](https://github.com/open-feature/open-feature-operator/issues/767)) ([1e5af9d](https://github.com/open-feature/open-feature-operator/commit/1e5af9d5f0933d93fb55c8df0c6e2b463fae4b4c))
-
-## [0.8.6](https://github.com/open-feature/open-feature-operator/compare/v0.8.5...v0.8.6) (2025-06-03)
-
-
-### ✨ New Features
-
-* **flagd:** add support for GCS ([#765](https://github.com/open-feature/open-feature-operator/issues/765)) ([349c176](https://github.com/open-feature/open-feature-operator/commit/349c176ee5eb9f2738f1354c8987760620363aa6))
-
-
-### 🐛 Bug Fixes
-
-* **deps:** update kubernetes packages to v0.32.3 ([#756](https://github.com/open-feature/open-feature-operator/issues/756)) ([a4b4216](https://github.com/open-feature/open-feature-operator/commit/a4b4216d2009a5703214cfb9efacea60d9e1f8d0))
-* **deps:** update open-feature/flagd ([#755](https://github.com/open-feature/open-feature-operator/issues/755)) ([20f6f40](https://github.com/open-feature/open-feature-operator/commit/20f6f4095669e4b0b0f895da683a2fe9e580ee5e))
-* namespace for ca injection for mutatingwebhook solving [#759](https://github.com/open-feature/open-feature-operator/issues/759) ([#763](https://github.com/open-feature/open-feature-operator/issues/763)) ([d39973b](https://github.com/open-feature/open-feature-operator/commit/d39973b0ea9801829d146ad7649a2b25985fb7af))
-
-
-### 🧹 Chore
-
-* **deps:** update dependency ubuntu to v24 ([#748](https://github.com/open-feature/open-feature-operator/issues/748)) ([3014013](https://github.com/open-feature/open-feature-operator/commit/301401391ec352a4e23ba96a479aad0a42ddb07f))
-* **deps:** update helm/kind-action action to v1.12.0 ([#744](https://github.com/open-feature/open-feature-operator/issues/744)) ([3fc56cd](https://github.com/open-feature/open-feature-operator/commit/3fc56cd89d3f220f8131184fbe4e9245f554c680))
-
-
-### 📚 Documentation
-
-* Replace the old events calendar by the OpenFeature community Page link ([#751](https://github.com/open-feature/open-feature-operator/issues/751)) ([c4c0c59](https://github.com/open-feature/open-feature-operator/commit/c4c0c59f7f522c8c2f4d3f7fed57dd1cda4e92bb))
-
-## [0.8.5](https://github.com/open-feature/open-feature-operator/compare/v0.8.4...v0.8.5) (2025-01-31)
-
-
-### 🐛 Bug Fixes
-
-* **deps:** update open-feature/flagd ([#736](https://github.com/open-feature/open-feature-operator/issues/736)) ([9eb1ca8](https://github.com/open-feature/open-feature-operator/commit/9eb1ca8bebe6cfc5d33a905e610ea8a908381740))
-
-
-### 🧹 Chore
-
-* **deps:** update actions/setup-node action to v4.2.0 ([#737](https://github.com/open-feature/open-feature-operator/issues/737)) ([15d55c5](https://github.com/open-feature/open-feature-operator/commit/15d55c587d6edee562bd86564fa60bb559eed132))
-* **deps:** update aquasecurity/trivy-action action to v0.29.0 ([#738](https://github.com/open-feature/open-feature-operator/issues/738)) ([8ac429b](https://github.com/open-feature/open-feature-operator/commit/8ac429beeced6d06883fa66de0e9a50819986f69))
-* **deps:** update busybox docker tag to v1.37.0 ([#739](https://github.com/open-feature/open-feature-operator/issues/739)) ([740205f](https://github.com/open-feature/open-feature-operator/commit/740205fc2a6a89dcf2572d9f604f7ba69afc6573))
-* **deps:** update curlimages/curl docker tag to v8.11.1 ([#703](https://github.com/open-feature/open-feature-operator/issues/703)) ([383c116](https://github.com/open-feature/open-feature-operator/commit/383c1168d4640d2fe57782982829f68d349b1828))
-* **deps:** update dependency bitnami-labs/readme-generator-for-helm to v2.7.0 ([#741](https://github.com/open-feature/open-feature-operator/issues/741)) ([963d155](https://github.com/open-feature/open-feature-operator/commit/963d155d0a847718a9bde15b6e90e56b09812ebb))
-* **deps:** update docker/build-push-action action to v6 ([#694](https://github.com/open-feature/open-feature-operator/issues/694)) ([3d2ddfe](https://github.com/open-feature/open-feature-operator/commit/3d2ddfe8d6b2b9b31ba6100f008d079b5e42d19c))
-* **deps:** update docker/login-action digest to 327cd5a ([#728](https://github.com/open-feature/open-feature-operator/issues/728)) ([0038e45](https://github.com/open-feature/open-feature-operator/commit/0038e45a72f088976378d647d2ccf721182e0318))
-* **deps:** update golang docker tag to v1.23.5 ([#481](https://github.com/open-feature/open-feature-operator/issues/481)) ([06f43a9](https://github.com/open-feature/open-feature-operator/commit/06f43a9241fda9700ef6d6361a65dc50fac7ecb3))
-* remove rbac-proxy values and doc ([#742](https://github.com/open-feature/open-feature-operator/issues/742)) ([def1434](https://github.com/open-feature/open-feature-operator/commit/def14340603c2c9976e3a6142ab494764933f682))
-* replace deprecated gcr.io/kubebuilder/kube-rbac-proxy ([#733](https://github.com/open-feature/open-feature-operator/issues/733)) ([5358d1e](https://github.com/open-feature/open-feature-operator/commit/5358d1eacfd44cf01016c4bc6f68c496e757354f))
-
-## [0.8.4](https://github.com/open-feature/open-feature-operator/compare/v0.8.3...v0.8.4) (2025-01-13)
-
-
-### 🧹 Chore
-
-* release apis 0.2.45 ([#727](https://github.com/open-feature/open-feature-operator/issues/727)) ([dbe1222](https://github.com/open-feature/open-feature-operator/commit/dbe12227bc551dcda472b6c1afedb57321852e33))
-
-## [0.8.3](https://github.com/open-feature/open-feature-operator/compare/v0.8.2...v0.8.3) (2025-01-13)
-
-
-### 🐛 Bug Fixes
-
-* Add --port argument in flagd pods for set flagd service port ([#710](https://github.com/open-feature/open-feature-operator/issues/710)) ([674dd16](https://github.com/open-feature/open-feature-operator/commit/674dd16ac4dca94f04160247c55121e266979e25))
-* flagd environment variables missing prefix ([#730](https://github.com/open-feature/open-feature-operator/issues/730)) ([0aa61ec](https://github.com/open-feature/open-feature-operator/commit/0aa61ec1419ec1d99f3c875dd6526ec8ca8e6014))
-
-## [0.8.2](https://github.com/open-feature/open-feature-operator/compare/v0.8.1...v0.8.2) (2025-01-13)
-
-
-### ✨ New Features
-
-* add gateway api support ([#725](https://github.com/open-feature/open-feature-operator/issues/725)) ([b393a26](https://github.com/open-feature/open-feature-operator/commit/b393a2669c05d58afe453867401f8d697464b145))
-* allow setting mutating webhook failurepolicy and objectSelector via helm ([#715](https://github.com/open-feature/open-feature-operator/issues/715)) ([e3f1e24](https://github.com/open-feature/open-feature-operator/commit/e3f1e2471f2f2bd1a29539c57aa8161dc9fdd570))
-
-
-### 🐛 Bug Fixes
-
-* Add missing poddisruptionbudget update verb ([#722](https://github.com/open-feature/open-feature-operator/issues/722)) ([9b8e8c3](https://github.com/open-feature/open-feature-operator/commit/9b8e8c322ecc07d4d7f85d491a5cae0187b2db92))
-
-## [0.8.1](https://github.com/open-feature/open-feature-operator/compare/v0.8.0...v0.8.1) (2024-10-30)
-
-
-### 🐛 Bug Fixes
-
-* Add missing poddisruption budget permissions in manager cluster role ([#718](https://github.com/open-feature/open-feature-operator/issues/718)) ([69efcf0](https://github.com/open-feature/open-feature-operator/commit/69efcf021dfa4915bba9c943d0b8a8d137bfb2b2))
-* make flagd replica count configureable in helm chart ([#716](https://github.com/open-feature/open-feature-operator/issues/716)) ([8ae6ee8](https://github.com/open-feature/open-feature-operator/commit/8ae6ee81ac48589d01fd6e75f9c16bcd62c336b0))
-
-
-### 🧹 Chore
-
-* **deps:** update docker/login-action digest to 0689575 ([#714](https://github.com/open-feature/open-feature-operator/issues/714)) ([20e4045](https://github.com/open-feature/open-feature-operator/commit/20e4045d1ad45a5047f4f81a544b96643528dda7))
-
-## [0.8.0](https://github.com/open-feature/open-feature-operator/compare/v0.7.2...v0.8.0) (2024-10-22)
-
-
-### ⚠ BREAKING CHANGES
-
-* Fix typo flagsValidatonEnabled into flagsValidationEnabled ([#707](https://github.com/open-feature/open-feature-operator/issues/707))
-
-### ✨ New Features
-
-* add flagd-proxy HA configuration ([#712](https://github.com/open-feature/open-feature-operator/issues/712)) ([e115159](https://github.com/open-feature/open-feature-operator/commit/e115159936773e11353912bb11739a51108eb297))
-
-
-### 🐛 Bug Fixes
-
-* Fix typo flagsValidatonEnabled into flagsValidationEnabled ([#707](https://github.com/open-feature/open-feature-operator/issues/707)) ([64cdc25](https://github.com/open-feature/open-feature-operator/commit/64cdc25a031cd6991cca9425ec3052fc892ce720))
-
-
-### 🧹 Chore
-
-* **deps:** update golangci/golangci-lint-action action to v6 ([#704](https://github.com/open-feature/open-feature-operator/issues/704)) ([696e2ed](https://github.com/open-feature/open-feature-operator/commit/696e2edf83a6ba358bf6e19337e69c7b70162d37))
-
-## [0.7.2](https://github.com/open-feature/open-feature-operator/compare/v0.7.1...v0.7.2) (2024-08-02)
-
-
-### ✨ New Features
-
-* Custom labels and annotations for namespace. ([#702](https://github.com/open-feature/open-feature-operator/issues/702)) ([a21f278](https://github.com/open-feature/open-feature-operator/commit/a21f278c2ee994223eb715796c963d109237dff5))
-
-
-### 🐛 Bug Fixes
-
-* Case-align FROM and AS in Dockerfile ([#699](https://github.com/open-feature/open-feature-operator/issues/699)) ([4a43871](https://github.com/open-feature/open-feature-operator/commit/4a43871bfacbd9b38a0225b50520daa37bef97c9))
-* Fix Kustomize installation ([#700](https://github.com/open-feature/open-feature-operator/issues/700)) ([b5ad594](https://github.com/open-feature/open-feature-operator/commit/b5ad5943cc0edf4298efa571a50482f8991314e9))
-
-
-### 🧹 Chore
-
-* **deps:** update codecov/codecov-action action to v4 ([#693](https://github.com/open-feature/open-feature-operator/issues/693)) ([1588ef8](https://github.com/open-feature/open-feature-operator/commit/1588ef85202c14fb2bcf47925f99bb2ab5dd1ac3))
-
-## [0.7.1](https://github.com/open-feature/open-feature-operator/compare/v0.7.0...v0.7.1) (2024-07-23)
-
-
-### ✨ New Features
-
-* Add labels and annotations to pods. ([#681](https://github.com/open-feature/open-feature-operator/issues/681)) ([7ec44a6](https://github.com/open-feature/open-feature-operator/commit/7ec44a6a06ce570bf80d2cf6d78632f61a73fe89))
-
-
-### 🐛 Bug Fixes
-
-* **deps:** update golang.org/x/exp digest to 8a7402a ([#691](https://github.com/open-feature/open-feature-operator/issues/691)) ([db53303](https://github.com/open-feature/open-feature-operator/commit/db53303d14ca0fada38db97981dd5ed95d95f7ad))
-* **deps:** update module github.com/stretchr/testify to v1.9.0 ([#671](https://github.com/open-feature/open-feature-operator/issues/671)) ([1d2713d](https://github.com/open-feature/open-feature-operator/commit/1d2713dad6381e56aa3b552c33e1cb3513574a6e))
-
-
-### 🧹 Chore
-
-* **deps:** update actions/setup-go action to v5 ([#673](https://github.com/open-feature/open-feature-operator/issues/673)) ([b27a9eb](https://github.com/open-feature/open-feature-operator/commit/b27a9eb7163b23c4febec9721126639297a41217))
-* **deps:** update actions/setup-node action to v4 ([#675](https://github.com/open-feature/open-feature-operator/issues/675)) ([6f77899](https://github.com/open-feature/open-feature-operator/commit/6f77899bdefefdf43f4cee02c6f1def3ccaf758a))
-* **deps:** update docker/login-action digest to 9780b0c ([#605](https://github.com/open-feature/open-feature-operator/issues/605)) ([486a4fd](https://github.com/open-feature/open-feature-operator/commit/486a4fd8b2d647d1666f745ed07a601fcc8b7af8))
-* **deps:** update docker/metadata-action digest to 60a0d34 ([#690](https://github.com/open-feature/open-feature-operator/issues/690)) ([473929c](https://github.com/open-feature/open-feature-operator/commit/473929c3d80f1abe9a9dd92e5a4db542c8b32da8))
-* **deps:** update module golang.org/x/net to v0.27.0 ([#669](https://github.com/open-feature/open-feature-operator/issues/669)) ([0fdd6db](https://github.com/open-feature/open-feature-operator/commit/0fdd6db6e1809f3e94fe68ca6d3094725ce51b4c))
-* **deps:** update open-feature/flagd ([#689](https://github.com/open-feature/open-feature-operator/issues/689)) ([0d331a9](https://github.com/open-feature/open-feature-operator/commit/0d331a9bc5db752cb3aa49f7ce5afc0830f115fe))
-* release apis 0.2.44 ([#688](https://github.com/open-feature/open-feature-operator/issues/688)) ([9997ea4](https://github.com/open-feature/open-feature-operator/commit/9997ea443ecc025afd7aff2e33e92fb05acb3b1a))
-
-## [0.7.0](https://github.com/open-feature/open-feature-operator/compare/v0.6.1...v0.7.0) (2024-07-04)
-
-
-### ⚠ BREAKING CHANGES
-
-* split bind address to manage host and port separately ([#679](https://github.com/open-feature/open-feature-operator/issues/679))
-
-### ✨ New Features
-
-* Add hostNetwork flag. ([#680](https://github.com/open-feature/open-feature-operator/issues/680)) ([8e00a35](https://github.com/open-feature/open-feature-operator/commit/8e00a35c89732a1b76ab07a923ae7aee13028615))
-* split bind address to manage host and port separately ([#679](https://github.com/open-feature/open-feature-operator/issues/679)) ([31cddba](https://github.com/open-feature/open-feature-operator/commit/31cddbaf95649701a5c981e8fd0c1f0a5461e980))
-
-
-### 🐛 Bug Fixes
-
-* remove duplicated port in helm ([#686](https://github.com/open-feature/open-feature-operator/issues/686)) ([65c3c26](https://github.com/open-feature/open-feature-operator/commit/65c3c262110cca3b1d913b680e4b49973ce1a09a))
-
-## [0.6.1](https://github.com/open-feature/open-feature-operator/compare/v0.6.0...v0.6.1) (2024-06-06)
-
-
-### ✨ New Features
-
-* add image pull secrets ([#655](https://github.com/open-feature/open-feature-operator/issues/655)) ([2d7b30c](https://github.com/open-feature/open-feature-operator/commit/2d7b30c407f5c4d83cdf5bb08ff9de52bcc841a2))
-
-
-### 🐛 Bug Fixes
-
-* **deps:** update module github.com/go-logr/logr to v1.4.2 ([#601](https://github.com/open-feature/open-feature-operator/issues/601)) ([f245658](https://github.com/open-feature/open-feature-operator/commit/f245658ffbc33db5814798182a1e7d9a538ba4e8))
-* **deps:** update module go.uber.org/zap to v1.27.0 ([#614](https://github.com/open-feature/open-feature-operator/issues/614)) ([3746216](https://github.com/open-feature/open-feature-operator/commit/3746216b6e3c7b20dff2788954eb11e94e8a4a34))
-* flagd path defaults ([#658](https://github.com/open-feature/open-feature-operator/issues/658)) ([aef1010](https://github.com/open-feature/open-feature-operator/commit/aef1010dff162e8d232942e642c68e3e9ba3f35f))
-* handle multiple imagePullSecrets ([#666](https://github.com/open-feature/open-feature-operator/issues/666)) ([df3d6d9](https://github.com/open-feature/open-feature-operator/commit/df3d6d922a262ccfe3082a972a8f3fe495a7d4ca))
-
-
-### 🧹 Chore
-
-* add rule for env cfg tags ([#674](https://github.com/open-feature/open-feature-operator/issues/674)) ([499661e](https://github.com/open-feature/open-feature-operator/commit/499661e53318f7476e9cb4c9a551eb0c3a626090))
-* **deps:** update actions/setup-node action to v3.8.2 ([#580](https://github.com/open-feature/open-feature-operator/issues/580)) ([e43ce5f](https://github.com/open-feature/open-feature-operator/commit/e43ce5f0a6e207b3f03262d29b1ab0a5e6baa817))
-* **deps:** update curlimages/curl docker tag to v8.8.0 ([#616](https://github.com/open-feature/open-feature-operator/issues/616)) ([ab7cfde](https://github.com/open-feature/open-feature-operator/commit/ab7cfde2b8bc284f7d67fdc69ff5a7bad6665790))
-* **deps:** update dependency bitnami-labs/readme-generator-for-helm to v2.6.1 ([#662](https://github.com/open-feature/open-feature-operator/issues/662)) ([fdce5f9](https://github.com/open-feature/open-feature-operator/commit/fdce5f9a4a4faa5618ffa1bed7f7058d0354e7ad))
-* **deps:** update dependency golangci/golangci-lint to v1.59.0 ([#606](https://github.com/open-feature/open-feature-operator/issues/606)) ([692a325](https://github.com/open-feature/open-feature-operator/commit/692a325f70bb902a1b51e44efd5ce004bb832c05))
-* **deps:** update dependency kubernetes-sigs/controller-tools to v0.15.0 ([#667](https://github.com/open-feature/open-feature-operator/issues/667)) ([60f528f](https://github.com/open-feature/open-feature-operator/commit/60f528f464141a3c93f15684ca5f7c37213a2b6f))
-* **deps:** update docker/metadata-action digest to f7b4ed1 ([#598](https://github.com/open-feature/open-feature-operator/issues/598)) ([28700ce](https://github.com/open-feature/open-feature-operator/commit/28700ce600c74bae921d88ede113313fe9924efb))
-* **deps:** update helm/kind-action action to v1.10.0 ([#668](https://github.com/open-feature/open-feature-operator/issues/668)) ([e0b1748](https://github.com/open-feature/open-feature-operator/commit/e0b1748a265a741a17317730dfbb6270f7c43f31))
-* **deps:** update open-feature/flagd ([#670](https://github.com/open-feature/open-feature-operator/issues/670)) ([1174a1b](https://github.com/open-feature/open-feature-operator/commit/1174a1b277c1f335b5f73ee76e0c111fd16ace4b))
-* release apis 0.2.43 ([#660](https://github.com/open-feature/open-feature-operator/issues/660)) ([aed8ba1](https://github.com/open-feature/open-feature-operator/commit/aed8ba19ffd00f202cdfa980ef063bae49468faa))
-
 ## [0.6.0](https://github.com/open-feature/open-feature-operator/compare/v0.5.7...v0.6.0) (2024-05-29)


--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -36,9 +36,6 @@ and deploying to your cluster. Please be aware that it is using the cluster your

 Some part of the project docs may be autogenerated and require running a script.

-#### Re-generating helm docs after modifying the chart
-` ./.github/scripts/generate-helm-docs.sh`
-
 #### CRDs Docs
 If you modified or added crds to the project, then you should recreate the crds.md file. To do so run: 

--- a/20
+++ b/20
@ -1,5 +1,5 @@
 # Build the manager binary
-FROM --platform=$BUILDPLATFORM golang:1.23.5-alpine3.20 AS builder
+FROM --platform=$BUILDPLATFORM golang:1.20.3-alpine3.16 AS builder

 WORKDIR /workspace
 # Copy the Go Modules manifests
@ -7,27 +7,25 @@ COPY go.mod go.mod
 COPY go.sum go.sum

 # Copy the go source
-COPY cmd/ cmd/
-COPY api/ api/
-COPY internal/ internal/
+COPY main.go main.go
+COPY apis/ apis/
+COPY webhooks/ webhooks/
+COPY controllers/ controllers/
+COPY common/ common/

 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
-RUN go work init . ./api && go mod download
+RUN go work init . ./apis && go mod download

 ARG TARGETOS
 ARG TARGETARCH

 # Build
-# the GOARCH has not a default value to allow the binary be built according to the host where the command
-# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
-# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
-# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
-RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go
+RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -a -o manager main.go

 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot AS production
+FROM gcr.io/distroless/static:nonroot as production
 WORKDIR /
 COPY --from=builder /workspace/manager .
 USER 65532:65532
--- a/21
+++ b/21
@ -6,7 +6,7 @@ ARCH?=amd64
 IMG?=$(RELEASE_REGISTRY)/$(RELEASE_IMAGE)
 # customize overlay to be used in the build, DEFAULT or HELM
 KUSTOMIZE_OVERLAY ?= DEFAULT
-CHART_VERSION=v0.8.7# x-release-please-version
+CHART_VERSION=v0.6.0# x-release-please-version
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.26.1
 WAIT_TIMEOUT_SECONDS?=60
@ -65,8 +65,8 @@ vet: ## Run go vet against code.
 	go vet ./...

 .PHONY: unit-test
-unit-test: manifests generate envtest fmt vet ## Run tests.
-	cd api && go test ./... -v -coverprofile ../cover-apis.out cover-main.out cover-pkg.out
+unit-test: manifests fmt vet generate envtest ## Run tests.
+	cd apis && go test ./... -v -coverprofile ../cover-apis.out cover-main.out cover-pkg.out 
 	go test ./... -v -coverprofile cover-operator.out
 	sed -i '/mode: set/d' "cover-operator.out"
 	sed -i '/mode: set/d' "cover-apis.out"
@ -98,7 +98,7 @@ e2e-test-validate-local:
 .PHONY: lint
 lint:
 	go install -v github.com/golangci/golangci-lint/cmd/golangci-lint@latest
-	${GOPATH}/bin/golangci-lint run --timeout=3m --config=./.golangci.yml -v ./... # Run linters
+	${GOPATH}/bin/golangci-lint run --deadline=3m --timeout=3m --config=./.golangci.yml -v ./... # Run linters

 .PHONY: generate-crdocs
 generate-crdocs: kustomize crdocs
@ -112,12 +112,12 @@ generate-crdocs: kustomize crdocs
 ##@ Build

 .PHONY: build
-build: manifests generate fmt vet ## Build manager binary.
-	go build -o bin/manager cmd/main.go
+build: generate fmt vet ## Build manager binary.
+	go build -o bin/manager main.go

 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.
-	go run ./cmd/main.go
+	go run ./main.go

 .PHONY: docker-build
 docker-build: clean  ## Build docker image with the manager.
@ -211,14 +211,15 @@ CRDOC ?= $(LOCALBIN)/crdoc
 # renovate: datasource=github-tags depName=kubernetes-sigs/kustomize
 KUSTOMIZE_VERSION ?= v5.4.1
 # renovate: datasource=github-releases depName=kubernetes-sigs/controller-tools
-CONTROLLER_TOOLS_VERSION ?= v0.16.5
+CONTROLLER_TOOLS_VERSION ?= v0.15.0
 CRDOC_VERSION ?= v0.6.2

+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
 $(KUSTOMIZE): $(LOCALBIN)
 	[ -e "$(KUSTOMIZE)" ] && rm -rf "$(KUSTOMIZE)" || true
-	test -s ${LOCALBIN}/kustomize || GOBIN=${LOCALBIN} GO111MODULE=on go install sigs.k8s.io/kustomize/kustomize/v5@$(KUSTOMIZE_VERSION)
+	curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN)

 .PHONY: controller-gen
 controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary.
@ -251,7 +252,7 @@ set-helm-overlay:
 helm-package: set-helm-overlay generate release-manifests helm
 	mkdir -p chart/open-feature-operator/templates/crds
 	mv chart/open-feature-operator/templates/*customresourcedefinition* chart/open-feature-operator/templates/crds
-	.github/scripts/strip-kustomize-helm.sh
+	sh .github/scripts/strip-kustomize-helm.sh
 	$(HELM) package --version $(CHART_VERSION) chart/open-feature-operator
 	mkdir -p charts && mv open-feature-operator-*.tgz charts
 	$(HELM) repo index --url https://open-feature.github.io/open-feature-operator/charts charts
--- a/4
+++ b/4
@ -4,10 +4,8 @@
 # More info: https://book.kubebuilder.io/reference/project-config.html
 domain: openfeature.dev
 layout:
- go.kubebuilder.io/v4
+- go.kubebuilder.io/v3
 multigroup: true
-plugins:
-  helm.kubebuilder.io/v1-alpha: {}
 projectName: open-feature-operator
 repo: github.com/open-feature/open-feature-operator
 resources:
--- a/README.md
+++ b/README.md
@ -33,8 +33,7 @@ See [CHANGELOG.md](https://github.com/open-feature/open-feature-operator/blob/ma

 See [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to contribute to the OpenFeature project.

-Our community meetings are held regularly and open to everyone, as well as other community channels.
-Check the [OpenFeature community page]https://openfeature.dev/community/) for the links and participation guidelines.
+Our community meetings are held regularly and open to everyone. Check the [OpenFeature community calendar](https://calendar.google.com/calendar/u/0?cid=MHVhN2kxaGl2NWRoMThiMjd0b2FoNjM2NDRAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ) for specific dates and for the Zoom meeting links.

 Thanks so much to our contributors.

--- a/api/go.mod
+++ b/api/go.mod
@ -1,75 +0,0 @@
-module github.com/open-feature/open-feature-operator/apis
-
-go 1.23.0
-
-toolchain go1.23.3
-
-require (
-	github.com/open-feature/flagd-schemas v0.2.9-0.20250529171004-2852d7772e6b
-	github.com/stretchr/testify v1.10.0
-	github.com/xeipuuv/gojsonschema v1.2.0
-	k8s.io/api v0.32.3
-	k8s.io/apimachinery v0.32.3
-	sigs.k8s.io/controller-runtime v0.20.1
-	sigs.k8s.io/gateway-api v1.2.1
-)
-
-require (
-	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
-	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
-	github.com/fsnotify/fsnotify v1.8.0 // indirect
-	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
-	github.com/go-openapi/jsonpointer v0.21.0 // indirect
-	github.com/go-openapi/jsonreference v0.21.0 // indirect
-	github.com/go-openapi/swag v0.23.0 // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/btree v1.1.3 // indirect
-	github.com/google/gnostic-models v0.6.9 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20250125003558-7fdb3d7e6fa0 // indirect
-	github.com/google/uuid v1.6.0 // indirect
-	github.com/josharian/intern v1.0.0 // indirect
-	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.11 // indirect
-	github.com/mailru/easyjson v0.9.0 // indirect
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/client_golang v1.20.5 // indirect
-	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.62.0 // indirect
-	github.com/prometheus/procfs v0.15.1 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/x448/float16 v0.8.4 // indirect
-	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
-	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
-	golang.org/x/net v0.34.0 // indirect
-	golang.org/x/oauth2 v0.25.0 // indirect
-	golang.org/x/sync v0.10.0 // indirect
-	golang.org/x/sys v0.29.0 // indirect
-	golang.org/x/term v0.28.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
-	golang.org/x/time v0.9.0 // indirect
-	golang.org/x/tools v0.29.0 // indirect
-	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/protobuf v1.36.4 // indirect
-	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
-	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.32.1 // indirect
-	k8s.io/client-go v0.32.1 // indirect
-	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
-	k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
-	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
-	sigs.k8s.io/yaml v1.4.0 // indirect
-)
--- a/api/go.sum
+++ b/api/go.sum
@ -1,198 +0,0 @@
-github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
-github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
-github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
-github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
-github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
-github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
-github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
-github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
-github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
-github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
-github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
-github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
-github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
-github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
-github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
-github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
-github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
-github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
-github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
-github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
-github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
-github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
-github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
-github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
-github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
-github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
-github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
-github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20250125003558-7fdb3d7e6fa0 h1:my2ucqBZmv+cWHIhZNSIYKzgN8EBGyHdC7zD5sASRAg=
-github.com/google/pprof v0.0.0-20250125003558-7fdb3d7e6fa0/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
-github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
-github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
-github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
-github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
-github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
-github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
-github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
-github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
-github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
-github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
-github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
-github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
-github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
-github.com/open-feature/flagd-schemas v0.2.9-0.20240708163558-2aa89b314322 h1:5zbNHqcZAc9jlhSrC0onuVL2RPpvYcDaNvW2wOZBfUY=
-github.com/open-feature/flagd-schemas v0.2.9-0.20240708163558-2aa89b314322/go.mod h1:WKtwo1eW9/K6D+4HfgTXWBqCDzpvMhDa5eRxW7R5B2U=
-github.com/open-feature/flagd-schemas v0.2.9-0.20250127221449-bb763438abc5/go.mod h1:WKtwo1eW9/K6D+4HfgTXWBqCDzpvMhDa5eRxW7R5B2U=
-github.com/open-feature/flagd-schemas v0.2.9-0.20250529171004-2852d7772e6b/go.mod h1:WKtwo1eW9/K6D+4HfgTXWBqCDzpvMhDa5eRxW7R5B2U=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
-github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
-github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
-github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
-github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
-github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
-github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
-github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
-github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
-github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
-github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
-github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
-github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
-go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
-go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
-go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
-golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
-golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70=
-golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
-golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
-golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
-golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE=
-golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
-gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM=
-google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
-gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
-gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc=
-k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k=
-k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls=
-k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k=
-k8s.io/apiextensions-apiserver v0.32.1 h1:hjkALhRUeCariC8DiVmb5jj0VjIc1N0DREP32+6UXZw=
-k8s.io/apiextensions-apiserver v0.32.1/go.mod h1:sxWIGuGiYov7Io1fAS2X06NjMIk5CbRHc2StSmbaQto=
-k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs=
-k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
-k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
-k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
-k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU=
-k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg=
-k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
-k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg=
-k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas=
-k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
-k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-sigs.k8s.io/controller-runtime v0.20.1 h1:JbGMAG/X94NeM3xvjenVUaBjy6Ui4Ogd/J5ZtjZnHaE=
-sigs.k8s.io/controller-runtime v0.20.1/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU=
-sigs.k8s.io/gateway-api v1.2.1 h1:fZZ/+RyRb+Y5tGkwxFKuYuSRQHu9dZtbjenblleOLHM=
-sigs.k8s.io/gateway-api v1.2.1/go.mod h1:EpNfEXNjiYfUJypf0eZ0P5iXA9ekSGWaS1WgPaM42X0=
-sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
-sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
-sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=
-sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
-sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
-sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
--- a/apis/CHANGELOG.md
+++ b/apis/CHANGELOG.md
@ -1,29 +1,5 @@
 # Changelog

-## [0.2.45](https://github.com/open-feature/open-feature-operator/compare/apis/v0.2.44...apis/v0.2.45) (2025-01-13)
-
-
-### ✨ New Features
-
-* add gateway api support ([#725](https://github.com/open-feature/open-feature-operator/issues/725)) ([b393a26](https://github.com/open-feature/open-feature-operator/commit/b393a2669c05d58afe453867401f8d697464b145))
-
-
-### 🐛 Bug Fixes
-
-* flagd environment variables missing prefix ([#730](https://github.com/open-feature/open-feature-operator/issues/730)) ([0aa61ec](https://github.com/open-feature/open-feature-operator/commit/0aa61ec1419ec1d99f3c875dd6526ec8ca8e6014))
-
-## [0.2.44](https://github.com/open-feature/open-feature-operator/compare/apis/v0.2.43...apis/v0.2.44) (2024-07-23)
-
-
-### 🐛 Bug Fixes
-
-* **deps:** update module github.com/stretchr/testify to v1.9.0 ([#671](https://github.com/open-feature/open-feature-operator/issues/671)) ([1d2713d](https://github.com/open-feature/open-feature-operator/commit/1d2713dad6381e56aa3b552c33e1cb3513574a6e))
-
-
-### 🧹 Chore
-
-* **deps:** update open-feature/flagd ([#689](https://github.com/open-feature/open-feature-operator/issues/689)) ([0d331a9](https://github.com/open-feature/open-feature-operator/commit/0d331a9bc5db752cb3aa49f7ce5afc0830f115fe))
-
 ## [0.2.43](https://github.com/open-feature/open-feature-operator/compare/apis/v0.2.42...apis/v0.2.43) (2024-06-06)


--- a/apis/core/v1alpha1/featureflagconfiguration_types.go
+++ b/apis/core/v1alpha1/featureflagconfiguration_types.go
--- a/apis/core/v1alpha1/flagsourceconfiguration_types.go
+++ b/apis/core/v1alpha1/flagsourceconfiguration_types.go
--- a/apis/core/v1alpha1/groupversion_info.go
+++ b/apis/core/v1alpha1/groupversion_info.go
--- a/apis/core/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/core/v1alpha1/zz_generated.deepcopy.go
--- a/apis/core/v1alpha2/featureflagconfiguration_types.go
+++ b/apis/core/v1alpha2/featureflagconfiguration_types.go
--- a/apis/core/v1alpha2/flagsourceconfiguration_types.go
+++ b/apis/core/v1alpha2/flagsourceconfiguration_types.go
--- a/apis/core/v1alpha2/groupversion_info.go
+++ b/apis/core/v1alpha2/groupversion_info.go
--- a/apis/core/v1alpha2/zz_generated.deepcopy.go
+++ b/apis/core/v1alpha2/zz_generated.deepcopy.go
--- a/apis/core/v1alpha3/flagsourceconfiguration_types.go
+++ b/apis/core/v1alpha3/flagsourceconfiguration_types.go
--- a/apis/core/v1alpha3/groupversion_info.go
+++ b/apis/core/v1alpha3/groupversion_info.go
--- a/apis/core/v1alpha3/zz_generated.deepcopy.go
+++ b/apis/core/v1alpha3/zz_generated.deepcopy.go
--- a/apis/core/v1beta1/common/common.go
+++ b/apis/core/v1beta1/common/common.go
@ -11,7 +11,6 @@ type SyncProviderType string
 const (
 	SyncProviderKubernetes SyncProviderType = "kubernetes"
 	SyncProviderFilepath   SyncProviderType = "file"
-	SyncProviderGcs        SyncProviderType = "gcs"
 	SyncProviderHttp       SyncProviderType = "http"
 	SyncProviderGrpc       SyncProviderType = "grpc"
 	SyncProviderFlagdProxy SyncProviderType = "flagd-proxy"
@ -58,10 +57,6 @@ func (s SyncProviderType) IsHttp() bool {
 	return s == SyncProviderHttp
 }

-func (s SyncProviderType) IsGcs() bool {
-	return s == SyncProviderGcs
-}
-
 func (s SyncProviderType) IsFilepath() bool {
 	return s == SyncProviderFilepath
 }
--- a/apis/core/v1beta1/common/common_test.go
+++ b/apis/core/v1beta1/common/common_test.go
@ -12,19 +12,16 @@ func Test_FeatureFlagSource_SyncProvider(t *testing.T) {
 	f := SyncProviderFilepath
 	h := SyncProviderHttp
 	g := SyncProviderGrpc
-	gcs := SyncProviderGcs

 	require.True(t, k.IsKubernetes())
 	require.True(t, f.IsFilepath())
 	require.True(t, h.IsHttp())
 	require.True(t, g.IsGrpc())
-	require.True(t, gcs.IsGcs())

 	require.False(t, f.IsKubernetes())
 	require.False(t, h.IsFilepath())
 	require.False(t, k.IsGrpc())
 	require.False(t, g.IsHttp())
-	require.False(t, g.IsGcs())
 }

 func Test_FLagSourceConfiguration_EnvVarKey(t *testing.T) {
--- a/apis/core/v1beta1/featureflag_types.go
+++ b/apis/core/v1beta1/featureflag_types.go
--- a/apis/core/v1beta1/featureflag_types_test.go
+++ b/apis/core/v1beta1/featureflag_types_test.go
--- a/apis/core/v1beta1/featureflag_webhook.go
+++ b/apis/core/v1beta1/featureflag_webhook.go
@ -14,17 +14,16 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

-package webhook
+package v1beta1

 import (
-	"context"
-	_ "embed"
 	"encoding/json"
 	"fmt"
 	"sync"

+	_ "embed"
+
 	schema "github.com/open-feature/flagd-schemas/json"
-	"github.com/open-feature/open-feature-operator/apis/core/v1beta1"
 	"github.com/xeipuuv/gojsonschema"
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
@ -33,36 +32,26 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )

-type FeatureFlagCustomValidator struct {
-}
-
 // log is for logging in this package.
-var featureFlagLog = logf.Log.WithName("featureflag-resource validator")
+var featureFlagLog = logf.Log.WithName("featureflag-resource")
 var compiledSchema *gojsonschema.Schema
 var schemaInitOnce sync.Once

-func (v *FeatureFlagCustomValidator) SetupWebhookWithManager(mgr ctrl.Manager) error {
+func (ff *FeatureFlag) SetupWebhookWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewWebhookManagedBy(mgr).
-		For(&v1beta1.FeatureFlag{}).
-		WithValidator(&FeatureFlagCustomValidator{}).
+		For(ff).
 		Complete()
 }

-// +kubebuilder:webhook:path=/validate-core-openfeature-dev-v1beta1-featureflag,mutating=false,failurePolicy=fail,sideEffects=None,groups=core.openfeature.dev,resources=featureflags,verbs=create;update,versions=v1beta1,name=vfeatureflag.kb.io,admissionReviewVersions=v1
+//+kubebuilder:webhook:path=/validate-core-openfeature-dev-v1beta1-featureflag,mutating=false,failurePolicy=fail,sideEffects=None,groups=core.openfeature.dev,resources=featureflags,verbs=create;update,versions=v1beta1,name=vfeatureflag.kb.io,admissionReviewVersions=v1

-var _ webhook.CustomValidator = &FeatureFlagCustomValidator{}
+var _ webhook.Validator = &FeatureFlag{}

 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type
-func (v *FeatureFlagCustomValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) {
-	featureFlag, ok := obj.(*v1beta1.FeatureFlag)
+func (ff *FeatureFlag) ValidateCreate() (admission.Warnings, error) {
+	featureFlagLog.Info("validate create", "name", ff.Name)

-	if !ok {
-		return nil, fmt.Errorf("expected a FeatureFlag object but got %T", obj)
-	}
-
-	featureFlagLog.Info("validate create", "name", featureFlag.Name)
-
-	if err := validateFeatureFlagFlags(featureFlag.Spec.FlagSpec.Flags); err != nil {
+	if err := validateFeatureFlagFlags(ff.Spec.FlagSpec.Flags); err != nil {
 		return []string{}, err
 	}

@ -70,16 +59,10 @@ func (v *FeatureFlagCustomValidator) ValidateCreate(ctx context.Context, obj run
 }

 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
-func (v *FeatureFlagCustomValidator) ValidateUpdate(ctx context.Context, oldObj runtime.Object, newObj runtime.Object) (warnings admission.Warnings, err error) {
-	featureFlag, ok := oldObj.(*v1beta1.FeatureFlag)
+func (ff *FeatureFlag) ValidateUpdate(old runtime.Object) (admission.Warnings, error) {
+	featureFlagLog.Info("validate update", "name", ff.Name)

-	if !ok {
-		return nil, fmt.Errorf("expected a FeatureFlag object but got %T", oldObj)
-	}
-
-	featureFlagLog.Info("validate update", "name", featureFlag.Name)
-
-	if err := validateFeatureFlagFlags(featureFlag.Spec.FlagSpec.Flags); err != nil {
+	if err := validateFeatureFlagFlags(ff.Spec.FlagSpec.Flags); err != nil {
 		return []string{}, err
 	}

@ -87,19 +70,13 @@ func (v *FeatureFlagCustomValidator) ValidateUpdate(ctx context.Context, oldObj
 }

 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type
-func (v *FeatureFlagCustomValidator) ValidateDelete(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) {
-	featureFlag, ok := obj.(*v1beta1.FeatureFlag)
-
-	if !ok {
-		return nil, fmt.Errorf("expected a FeatureFlag object but got %T", obj)
-	}
-
-	featureFlagLog.Info("validate delete", "name", featureFlag.Name)
+func (ff *FeatureFlag) ValidateDelete() (admission.Warnings, error) {
+	featureFlagLog.Info("validate delete", "name", ff.Name)

 	return []string{}, nil
 }

-func validateFeatureFlagFlags(flags v1beta1.Flags) error {
+func validateFeatureFlagFlags(flags Flags) error {
 	b, err := json.Marshal(flags)
 	if err != nil {
 		return err
@ -120,10 +97,9 @@ func validateFeatureFlagFlags(flags v1beta1.Flags) error {
 	if !result.Valid() {
 		err = fmt.Errorf("")
 		for _, desc := range result.Errors() {
-			err = fmt.Errorf("%s", err.Error()+desc.Description()+"\n")
+			err = fmt.Errorf(err.Error() + desc.Description() + "\n")
 		}
 	}
-
 	return err
 }

--- a/apis/core/v1beta1/featureflag_webhook_test.go
+++ b/apis/core/v1beta1/featureflag_webhook_test.go
@ -1,23 +1,22 @@
-package webhook
+package v1beta1

 import (
 	"encoding/json"
 	"testing"

-	"github.com/open-feature/open-feature-operator/apis/core/v1beta1"
 	"github.com/stretchr/testify/require"
 )

 func Test_validateFeatureFlagTargeting(t *testing.T) {
 	tests := []struct {
 		name    string
-		in      v1beta1.Flags
+		in      Flags
 		wantErr bool
 	}{
 		{
 			name: "happy path",
-			in: v1beta1.Flags{
-				FlagsMap: map[string]v1beta1.Flag{
+			in: Flags{
+				FlagsMap: map[string]Flag{
 					"fractional": {
 						State: "ENABLED",
 						Variants: json.RawMessage(`{
@ -43,8 +42,8 @@ func Test_validateFeatureFlagTargeting(t *testing.T) {
 		},
 		{
 			name: "happy path no targeting",
-			in: v1beta1.Flags{
-				FlagsMap: map[string]v1beta1.Flag{
+			in: Flags{
+				FlagsMap: map[string]Flag{
 					"fractional": {
 						State: "ENABLED",
 						Variants: json.RawMessage(`{
@ -62,8 +61,8 @@ func Test_validateFeatureFlagTargeting(t *testing.T) {
 		},
 		{
 			name: "fractional invalid bucketing",
-			in: v1beta1.Flags{
-				FlagsMap: map[string]v1beta1.Flag{
+			in: Flags{
+				FlagsMap: map[string]Flag{
 					"fractional-invalid-bucketing": {
 						State: "ENABLED",
 						Variants: json.RawMessage(`{
@ -90,8 +89,8 @@ func Test_validateFeatureFlagTargeting(t *testing.T) {
 		},
 		{
 			name: "empty variants",
-			in: v1beta1.Flags{
-				FlagsMap: map[string]v1beta1.Flag{
+			in: Flags{
+				FlagsMap: map[string]Flag{
 					"fractional-invalid-bucketing": {
 						State:          "ENABLED",
 						Variants:       json.RawMessage{},
@ -103,8 +102,8 @@ func Test_validateFeatureFlagTargeting(t *testing.T) {
 		},
 		{
 			name: "fractional invalid weighting",
-			in: v1beta1.Flags{
-				FlagsMap: map[string]v1beta1.Flag{
+			in: Flags{
+				FlagsMap: map[string]Flag{
 					"fractional-invalid-weighting": {
 						State: "ENABLED",
 						Variants: json.RawMessage(`{
@ -130,8 +129,8 @@ func Test_validateFeatureFlagTargeting(t *testing.T) {
 		},
 		{
 			name: "invalid-ends-with-param",
-			in: v1beta1.Flags{
-				FlagsMap: map[string]v1beta1.Flag{
+			in: Flags{
+				FlagsMap: map[string]Flag{
 					"invalid-ends-with-param": {
 						State: "ENABLED",
 						Variants: json.RawMessage(`{
--- a/apis/core/v1beta1/featureflagsource_types.go
+++ b/apis/core/v1beta1/featureflagsource_types.go
@ -28,12 +28,10 @@ import (
 type FeatureFlagSourceSpec struct {
 	// ManagemetPort defines the port to serve management on, defaults to 8014
 	// +optional
-	// +kubebuilder:default:=8014
 	ManagementPort int32 `json:"managementPort"`

 	// Port defines the port to listen on, defaults to 8013
 	// +optional
-	// +kubebuilder:default:=8013
 	Port int32 `json:"port"`

 	// SocketPath defines the unix socket path to listen on
@ -42,7 +40,6 @@ type FeatureFlagSourceSpec struct {

 	// Evaluator sets an evaluator, defaults to 'json'
 	// +optional
-	// +kubebuilder:default:="json"
 	Evaluator string `json:"evaluator"`

 	// SyncProviders define the syncProviders and associated configuration to be applied to the sidecar
@ -64,12 +61,10 @@ type FeatureFlagSourceSpec struct {

 	// LogFormat allows for the sidecar log format to be overridden, defaults to 'json'
 	// +optional
-	// +kubebuilder:default:="json"
 	LogFormat string `json:"logFormat"`

 	// EnvVarPrefix defines the prefix to be applied to all environment variables applied to the sidecar, default FLAGD
 	// +optional
-	// +kubebuilder:default:="FLAGD"
 	EnvVarPrefix string `json:"envVarPrefix"`

 	// RolloutOnChange dictates whether annotated deployments will be restarted when configuration changes are
--- a/apis/core/v1beta1/featureflagsource_types_test.go
+++ b/apis/core/v1beta1/featureflagsource_types_test.go
--- a/apis/core/v1beta1/flagd_types.go
+++ b/apis/core/v1beta1/flagd_types.go
@ -20,7 +20,6 @@ import (
 	v1 "k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	gatewayApiv1 "sigs.k8s.io/gateway-api/apis/v1"
 )

 // FlagdSpec defines the desired state of Flagd
@ -50,10 +49,6 @@ type FlagdSpec struct {
 	// Ingress
 	// +optional
 	Ingress IngressSpec `json:"ingress"`
-
-	// GatewayApiRoutes
-	// +optional
-	GatewayApiRoutes GatewayApiSpec `json:"gatewayApiRoutes"`
 }

 // IngressSpec defines the options to be used when deploying the ingress for flagd
@ -96,25 +91,6 @@ type IngressSpec struct {
 	SyncPath string `json:"syncPath,omitempty"`
 }

-// GatewayApiSpec defines the options to be used when deploying Gateway API routes for flagd
-type GatewayApiSpec struct {
-	// Enabled enables/disables the Gateway API routes for flagd
-	Enabled bool `json:"enabled,omitempty"`
-
-	// Annotations to be added to the Gateway API routes
-	// +optional
-	Annotations map[string]string `json:"annotations,omitempty"`
-
-	// Hosts list of hosts to be added to the ingress.
-	// Empty string corresponds to rule with no host.
-	// +optional
-	Hosts []string `json:"hosts,omitempty"`
-
-	// ParentRefs references the resources (usually Gateways) that the Routes should
-	// be attached to.
-	ParentRefs []gatewayApiv1.ParentReference `json:"parentRefs"`
-}
-
 // FlagdStatus defines the observed state of Flagd
 type FlagdStatus struct {
 }
--- a/apis/core/v1beta1/groupversion_info.go
+++ b/apis/core/v1beta1/groupversion_info.go
--- a/apis/core/v1beta1/inprocessconfiguration_types.go
+++ b/apis/core/v1beta1/inprocessconfiguration_types.go
--- a/apis/core/v1beta1/inprocessconfiguration_types_test.go
+++ b/apis/core/v1beta1/inprocessconfiguration_types_test.go
--- a/apis/core/v1beta1/zz_generated.deepcopy.go
+++ b/apis/core/v1beta1/zz_generated.deepcopy.go
@ -24,8 +24,7 @@ import (
 	"encoding/json"
 	"k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-	apisv1 "sigs.k8s.io/gateway-api/apis/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 )

 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@ -354,7 +353,6 @@ func (in *FlagdSpec) DeepCopyInto(out *FlagdSpec) {
 		**out = **in
 	}
 	in.Ingress.DeepCopyInto(&out.Ingress)
-	in.GatewayApiRoutes.DeepCopyInto(&out.GatewayApiRoutes)
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FlagdSpec.
@ -404,40 +402,6 @@ func (in *Flags) DeepCopy() *Flags {
 	return out
 }

-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *GatewayApiSpec) DeepCopyInto(out *GatewayApiSpec) {
-	*out = *in
-	if in.Annotations != nil {
-		in, out := &in.Annotations, &out.Annotations
-		*out = make(map[string]string, len(*in))
-		for key, val := range *in {
-			(*out)[key] = val
-		}
-	}
-	if in.Hosts != nil {
-		in, out := &in.Hosts, &out.Hosts
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.ParentRefs != nil {
-		in, out := &in.ParentRefs, &out.ParentRefs
-		*out = make([]apisv1.ParentReference, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayApiSpec.
-func (in *GatewayApiSpec) DeepCopy() *GatewayApiSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(GatewayApiSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *InProcessConfiguration) DeepCopyInto(out *InProcessConfiguration) {
 	*out = *in
--- a/apis/go.mod
+++ b/apis/go.mod
@ -0,0 +1,71 @@
+module github.com/open-feature/open-feature-operator/apis
+
+go 1.21
+
+require (
+	github.com/open-feature/flagd-schemas v0.2.9-0.20240527214546-61523e5efe3e
+	github.com/stretchr/testify v1.8.4
+	github.com/xeipuuv/gojsonschema v1.2.0
+	k8s.io/api v0.28.10
+	k8s.io/apimachinery v0.28.10
+	sigs.k8s.io/controller-runtime v0.16.6
+)
+
+require (
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/imdario/mergo v0.3.6 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/prometheus/client_golang v1.16.0 // indirect
+	github.com/prometheus/client_model v0.4.0 // indirect
+	github.com/prometheus/common v0.44.0 // indirect
+	github.com/prometheus/procfs v0.10.1 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
+	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+	golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect
+	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/oauth2 v0.8.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/term v0.18.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/apiextensions-apiserver v0.28.9 // indirect
+	k8s.io/client-go v0.28.9 // indirect
+	k8s.io/component-base v0.28.9 // indirect
+	k8s.io/klog/v2 v2.100.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect
+	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
+)
--- a/apis/go.sum
+++ b/apis/go.sum
@ -0,0 +1,209 @@
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
+github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
+github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
+github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
+github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
+github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
+github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
+github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA=
+github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
+github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
+github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
+github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
+github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
+github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
+github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
+github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
+github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU=
+github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM=
+github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
+github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
+github.com/open-feature/flagd-schemas v0.2.9-0.20240408192555-ea4f119d2bd7 h1:oP+BH8RiNEmSWTffKEXz2ciwen7wbvyX0fESx0aoJ80=
+github.com/open-feature/flagd-schemas v0.2.9-0.20240408192555-ea4f119d2bd7/go.mod h1:WKtwo1eW9/K6D+4HfgTXWBqCDzpvMhDa5eRxW7R5B2U=
+github.com/open-feature/flagd-schemas v0.2.9-0.20240527214546-61523e5efe3e h1:j1xFE8kIrFXf4fZtJUsR457rEG4mxsq2YCVyy92I0HU=
+github.com/open-feature/flagd-schemas v0.2.9-0.20240527214546-61523e5efe3e/go.mod h1:WKtwo1eW9/K6D+4HfgTXWBqCDzpvMhDa5eRxW7R5B2U=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8=
+github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc=
+github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
+github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
+github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
+github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
+github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg=
+github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
+github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
+github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
+go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c=
+go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA=
+golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
+golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA=
+golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
+gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
+google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+k8s.io/api v0.28.10 h1:q1Y+h3F+siuwP/qCQuqgqGJjaIuQWN0yFE7z367E3Q0=
+k8s.io/api v0.28.10/go.mod h1:u6EzGdzmEC2vfhyw4sD89i7OIc/2v1EAwvd1t4chQac=
+k8s.io/apiextensions-apiserver v0.28.9 h1:yzPHp+4IASHeu7XIPkAKJrY4UjWdjiAjOcQMd6oNKj0=
+k8s.io/apiextensions-apiserver v0.28.9/go.mod h1:Rjhvq5y3JESdZgV2UOByldyefCfRrUguVpBLYOAIbVs=
+k8s.io/apimachinery v0.28.10 h1:cWonrYsJK3lbuf9IgMs5+L5Jzw6QR3ZGA3hzwG0HDeI=
+k8s.io/apimachinery v0.28.10/go.mod h1:zUG757HaKs6Dc3iGtKjzIpBfqTM4yiRsEe3/E7NX15o=
+k8s.io/client-go v0.28.9 h1:mmMvejwc/KDjMLmDpyaxkWNzlWRCJ6ht7Qsbsnwn39Y=
+k8s.io/client-go v0.28.9/go.mod h1:GFDy3rUNId++WGrr0hRaBrs+y1eZz5JtVZODEalhRMo=
+k8s.io/component-base v0.28.9 h1:ySM2PR8Z/xaUSG1Akd3yM6dqUezTltI7S5aV41MMuuc=
+k8s.io/component-base v0.28.9/go.mod h1:QtWzscEhCKRfHV24/S+11BwWjVxhC6fd3RYoEgZcWFU=
+k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
+k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ=
+k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
+k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk=
+k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/controller-runtime v0.16.6 h1:FiXwTuFF5ZJKmozfP2Z0j7dh6kmxP4Ou1KLfxgKKC3I=
+sigs.k8s.io/controller-runtime v0.16.6/go.mod h1:+dQzkZxnylD0u49e0a+7AR+vlibEBaThmPca7lTyUsI=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
+sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
+sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
+sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
--- a/chart/open-feature-operator/Chart.yaml
+++ b/chart/open-feature-operator/Chart.yaml
@ -13,12 +13,12 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: "v0.8.7" # x-release-please-version
+version: "v0.6.0" # x-release-please-version
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "v0.8.7" # x-release-please-version
+appVersion: "v0.6.0" # x-release-please-version

 home: https://openfeature.dev
 icon: https://open-feature.github.io/open-feature-operator/chart/open-feature-operator/openfeature-logo.png
--- a/chart/open-feature-operator/README.md
+++ b/chart/open-feature-operator/README.md
@ -93,27 +93,10 @@ The command removes all the Kubernetes components associated with the chart and

 ### Global

-| Name               | Description                                                                                                                                                                                                  | Value                          |
-| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------ |
-| `defaultNamespace` | To override the namespace use the `--namespace` flag. This default is provided to ensure that the kustomize build charts in `/templates` deploy correctly when no `namespace` is provided via the `-n` flag. | `open-feature-operator-system` |
-
-### namespace
-
-| Name                    | Description                                                                                                                                                                                                                               | Value  |
-| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
-| `namespace.create`      | Whether to create the namespace as part of this chart.                                                                                                                                                                                    | `true` |
-| `namespace.labels`      | Labels for the namespace if created as part of the chart.                                                                                                                                                                                 | `{}`   |
-| `namespace.annotations` | Annotations for the namespace if created as part of the chart.                                                                                                                                                                            | `{}`   |
-| `imagePullSecrets`      | Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image). Example: imagePullSecrets: [{"name": "my-secret"}]  | `[]`   |
-| `labels`                | Labels to apply to all of the pods in the operator.                                                                                                                                                                                       | `{}`   |
-| `annotations`           | Annotations to apply to all of the pods in the operator.                                                                                                                                                                                  | `{}`   |
-
-### Mutating Webhook configuration
-
-| Name                             | Description                                               | Value    |
-| -------------------------------- | --------------------------------------------------------- | -------- |
-| `mutatingWebhook.failurePolicy`  | FailurePolicy when the webhook does not respond           | `Ignore` |
-| `mutatingWebhook.objectSelector` | ObjectSelector on which pods the mutatingWebhook will run | `{}`     |
+| Name               | Description                                                                                                                                                                                                                                                                      | Value                          |
+| ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
+| `defaultNamespace` | To override the namespace use the `--namespace` flag. This default is provided to ensure that the kustomize build charts in `/templates` deploy correctly when no `namespace` is provided via the `-n` flag.                                                                     | `open-feature-operator-system` |
+| `imagePullSecrets` | Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image, controllerManager.kubeRbacProxy.image). Example: imagePullSecrets: [{"name": "my-secret"}]  | `[]`                           |

 ### Sidecar configuration

@ -123,7 +106,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `sidecarConfiguration.managementPort`            | Sets the value of the `XXX_MANAGEMENT_PORT` environment variable for the injected sidecar.                                                                                                                                                                  | `8014`                       |
 | `sidecarConfiguration.socketPath`                | Sets the value of the `XXX_SOCKET_PATH` environment variable for the injected sidecar.                                                                                                                                                                      | `""`                         |
 | `sidecarConfiguration.image.repository`          | Sets the image for the injected sidecar.                                                                                                                                                                                                                    | `ghcr.io/open-feature/flagd` |
-| `sidecarConfiguration.image.tag`                 | Sets the version tag for the injected sidecar.                                                                                                                                                                                                              | `v0.12.4`                    |
+| `sidecarConfiguration.image.tag`                 | Sets the version tag for the injected sidecar.                                                                                                                                                                                                              | `v0.10.3`                    |
 | `sidecarConfiguration.providerArgs`              | Used to append arguments to the sidecar startup command. This value is a comma separated string of key values separated by '=', e.g. `key=value,key2=value2` results in the appending of `--sync-provider-args key=value --sync-provider-args key2=value2`. | `""`                         |
 | `sidecarConfiguration.envVarPrefix`              | Sets the prefix for all environment variables set in the injected sidecar.                                                                                                                                                                                  | `FLAGD`                      |
 | `sidecarConfiguration.defaultSyncProvider`       | Sets the value of the `XXX_SYNC_PROVIDER` environment variable for the injected sidecar container. There are 4 valid sync providers: `kubernetes`, `grpc`, `file` and `http`.                                                                               | `kubernetes`                 |
@ -155,11 +138,10 @@ The command removes all the Kubernetes components associated with the chart and

 | Name                                       | Description                                                                     | Value                              |
 | ------------------------------------------ | ------------------------------------------------------------------------------- | ---------------------------------- |
-| `flagdProxyConfiguration.replicaCount`     | sets the number of replicas for the flagd-proxy deployment.                     | `1`                                |
 | `flagdProxyConfiguration.port`             | Sets the port to expose the sync API on.                                        | `8015`                             |
 | `flagdProxyConfiguration.managementPort`   | Sets the port to expose the management API on.                                  | `8016`                             |
 | `flagdProxyConfiguration.image.repository` | Sets the image for the flagd-proxy deployment.                                  | `ghcr.io/open-feature/flagd-proxy` |
-| `flagdProxyConfiguration.image.tag`        | Sets the tag for the flagd-proxy deployment.                                    | `v0.7.4`                           |
+| `flagdProxyConfiguration.image.tag`        | Sets the tag for the flagd-proxy deployment.                                    | `v0.6.2`                           |
 | `flagdProxyConfiguration.debugLogging`     | Controls the addition of the `--debug` flag to the container startup arguments. | `false`                            |

 ### Flagd configuration
@ -171,25 +153,27 @@ The command removes all the Kubernetes components associated with the chart and
 | `flagdConfiguration.syncPort`         | Sets the port to expose the sync API on.                                        | `8015`                       |
 | `flagdConfiguration.managementPort`   | Sets the port to expose the management API on.                                  | `8014`                       |
 | `flagdConfiguration.image.repository` | Sets the image for the flagd deployment.                                        | `ghcr.io/open-feature/flagd` |
-| `flagdConfiguration.image.tag`        | Sets the tag for the flagd deployment.                                          | `v0.12.4`                    |
+| `flagdConfiguration.image.tag`        | Sets the tag for the flagd deployment.                                          | `v0.10.3`                    |
 | `flagdConfiguration.debugLogging`     | Controls the addition of the `--debug` flag to the container startup arguments. | `false`                      |

 ### Operator resource configuration

-| Name                                                                      | Description                                                                                                      | Value                                        |
-| ------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | -------------------------------------------- |
-| `controllerManager.manager.image.repository`                              | Sets the image for the operator.                                                                                 | `ghcr.io/open-feature/open-feature-operator` |
-| `controllerManager.manager.image.tag`                                     | Sets the version tag for the operator.                                                                           | `v0.8.7`                                     |
-| `controllerManager.manager.resources.limits.cpu`                          | Sets cpu resource limits for operator.                                                                           | `500m`                                       |
-| `controllerManager.manager.resources.limits.memory`                       | Sets memory resource limits for operator.                                                                        | `128Mi`                                      |
-| `controllerManager.manager.resources.requests.cpu`                        | Sets cpu resource requests for operator.                                                                         | `10m`                                        |
-| `controllerManager.manager.resources.requests.memory`                     | Sets memory resource requests for operator.                                                                      | `64Mi`                                       |
-| `controllerManager.manager.hostNetwork`                                   | Should the injector pods run on the host network (useful when using an alternate CNI in EKS)                     | `false`                                      |
-| `controllerManager.manager.dnsPolicy`                                     | Pod DNS resolution scheme. Should be `ClusterFirstWithHostNet` if hostNetwork is true, `ClusterFirst` otherwise. | `ClusterFirst`                               |
-| `controllerManager.replicas`                                              | Sets number of replicas of the OpenFeature operator pod.                                                         | `1`                                          |
-| `managerConfig.flagsValidationEnabled`                                    | Enables the validating webhook for FeatureFlag CR.                                                               | `true`                                       |
-| `managerConfig.controllerManagerConfigYaml.health.healthProbeBindAddress` | Sets the bind address for health probes.                                                                         | `:8081`                                      |
-| `managerConfig.controllerManagerConfigYaml.metrics.bindAddress`           | Sets the bind address for metrics (combined with bindPort).                                                      | `127.0.0.1`                                  |
-| `managerConfig.controllerManagerConfigYaml.metrics.bindPort`              | Sets the bind port for metrics.                                                                                  | `8080`                                       |
-| `managerConfig.controllerManagerConfigYaml.webhook.port`                  | Sets the bind address for webhook.                                                                               | `9443`                                       |
-
+| Name                                                                      | Description                                              | Value                                        |
+| ------------------------------------------------------------------------- | -------------------------------------------------------- | -------------------------------------------- |
+| `controllerManager.kubeRbacProxy.image.repository`                        | Sets the image for the kube-rbac-proxy.                  | `gcr.io/kubebuilder/kube-rbac-proxy`         |
+| `controllerManager.kubeRbacProxy.image.tag`                               | Sets the version tag for the kube-rbac-proxy.            | `v0.14.1`                                    |
+| `controllerManager.kubeRbacProxy.resources.limits.cpu`                    | Sets cpu resource limits for kube-rbac-proxy.            | `500m`                                       |
+| `controllerManager.kubeRbacProxy.resources.limits.memory`                 | Sets memory resource limits for kube-rbac-proxy.         | `128Mi`                                      |
+| `controllerManager.kubeRbacProxy.resources.requests.cpu`                  | Sets cpu resource requests for kube-rbac-proxy.          | `5m`                                         |
+| `controllerManager.kubeRbacProxy.resources.requests.memory`               | Sets memory resource requests for kube-rbac-proxy.       | `64Mi`                                       |
+| `controllerManager.manager.image.repository`                              | Sets the image for the operator.                         | `ghcr.io/open-feature/open-feature-operator` |
+| `controllerManager.manager.image.tag`                                     | Sets the version tag for the operator.                   | `v0.6.0`                                     |
+| `controllerManager.manager.resources.limits.cpu`                          | Sets cpu resource limits for operator.                   | `500m`                                       |
+| `controllerManager.manager.resources.limits.memory`                       | Sets memory resource limits for operator.                | `128Mi`                                      |
+| `controllerManager.manager.resources.requests.cpu`                        | Sets cpu resource requests for operator.                 | `10m`                                        |
+| `controllerManager.manager.resources.requests.memory`                     | Sets memory resource requests for operator.              | `64Mi`                                       |
+| `controllerManager.replicas`                                              | Sets number of replicas of the OpenFeature operator pod. | `1`                                          |
+| `managerConfig.flagsValidatonEnabled`                                     | Enables the validating webhook for FeatureFlag CR.       | `true`                                       |
+| `managerConfig.controllerManagerConfigYaml.health.healthProbeBindAddress` | Sets the bind address for health probes.                 | `:8081`                                      |
+| `managerConfig.controllerManagerConfigYaml.metrics.bindAddress`           | Sets the bind address for metrics.                       | `127.0.0.1:8080`                             |
+| `managerConfig.controllerManagerConfigYaml.webhook.port`                  | Sets the bind address for webhook.                       | `9443`                                       |
--- a/chart/open-feature-operator/templates/admissionregistration.k8s.io_v1_validatingwebhookconfiguration_open-feature-operator-validating-webhook-configuration.yaml
+++ b/chart/open-feature-operator/templates/admissionregistration.k8s.io_v1_validatingwebhookconfiguration_open-feature-operator-validating-webhook-configuration.yaml
@ -1,4 +1,4 @@
-{{ if eq .Values.managerConfig.flagsValidationEnabled "true" }}
+{{ if eq .Values.managerConfig.flagsValidatonEnabled "true" }}
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
--- a/chart/open-feature-operator/templates/namespace.yaml
+++ b/chart/open-feature-operator/templates/namespace.yaml
@ -1,17 +1,10 @@
 # Only deploy the namespace if the default is being used (helm install should fail if the namespace isnt present)
 # when one is defined with -n
-{{- if and (eq (include "chart.namespace" .) .Values.defaultNamespace) .Values.namespace.create }}
+{{ if eq ( include "chart.namespace" . ) .Values.defaultNamespace }}
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: '{{ include "chart.namespace" . }}'
  labels:
    control-plane: controller-manager
-    {{- range $key, $value := $.Values.namespace.labels }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  annotations:
-    {{- range $key, $value := $.Values.namespace.annotations }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-{{ end }}
+  name: '{{ include "chart.namespace" . }}'
+{{ end }}
--- a/chart/open-feature-operator/values.yaml
+++ b/chart/open-feature-operator/values.yaml
@ -2,28 +2,9 @@
 ## @section Global
 ## @param  defaultNamespace To override the namespace use the `--namespace` flag. This default is provided to ensure that the kustomize build charts in `/templates` deploy correctly when no `namespace` is provided via the `-n` flag.
 defaultNamespace: open-feature-operator-system
-## @section namespace
-namespace:
-  ## @param namespace.create Whether to create the namespace as part of this chart.
-  create: true
-  ## @param namespace.labels Labels for the namespace if created as part of the chart.
-  labels: {}
-  ## @param namespace.annotations Annotations for the namespace if created as part of the chart.
-  annotations: {}
-
-## @param imagePullSecrets Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image). Example: imagePullSecrets: [{"name": "my-secret"}] 
+## @param imagePullSecrets Array of ImagePullSecret objects containing credentials for images pulled by the operator (flagdProxyConfiguration.image, flagdConfiguration.image, controllerManager.manager.image, controllerManager.kubeRbacProxy.image). Example: imagePullSecrets: [{"name": "my-secret"}] 
 imagePullSecrets: []
-## @param labels Labels to apply to all of the pods in the operator.
-labels: {}
-## @param annotations Annotations to apply to all of the pods in the operator.
-annotations: {}

-## @section Mutating Webhook configuration
-mutatingWebhook:
-  ## @param mutatingWebhook.failurePolicy FailurePolicy when the webhook does not respond
-  failurePolicy: Ignore
-  ## @param mutatingWebhook.objectSelector ObjectSelector on which pods the mutatingWebhook will run
-  objectSelector: {}
 ## @section Sidecar configuration
 sidecarConfiguration:
  ## @param sidecarConfiguration.port Sets the value of the `XXX_PORT` environment variable for the injected sidecar.
@ -37,7 +18,7 @@ sidecarConfiguration:
    ## @param sidecarConfiguration.image.repository Sets the image for the injected sidecar.
    repository: "ghcr.io/open-feature/flagd"
    ## @param sidecarConfiguration.image.tag Sets the version tag for the injected sidecar.
-    tag: v0.12.4
+    tag: v0.10.3
  ## @param sidecarConfiguration.providerArgs Used to append arguments to the sidecar startup command. This value is a comma separated string of key values separated by '=', e.g. `key=value,key2=value2` results in the appending of `--sync-provider-args key=value --sync-provider-args key2=value2`.
  providerArgs: ""
  ## @param sidecarConfiguration.envVarPrefix Sets the prefix for all environment variables set in the injected sidecar.
@ -90,8 +71,6 @@ inProcessConfiguration:

 ## @section Flagd-proxy configuration
 flagdProxyConfiguration:
-  ## @param flagdProxyConfiguration.replicaCount sets the number of replicas for the flagd-proxy deployment.
-  replicaCount: 1
  ## @param flagdProxyConfiguration.port Sets the port to expose the sync API on.
  port: 8015
  ## @param flagdProxyConfiguration.managementPort Sets the port to expose the management API on.
@ -100,7 +79,7 @@ flagdProxyConfiguration:
    ## @param flagdProxyConfiguration.image.repository Sets the image for the flagd-proxy deployment.
    repository: "ghcr.io/open-feature/flagd-proxy"
    ## @param flagdProxyConfiguration.image.tag Sets the tag for the flagd-proxy deployment.
-    tag: v0.7.4
+    tag: v0.6.2
  ## @param flagdProxyConfiguration.debugLogging Controls the addition of the `--debug` flag to the container startup arguments.
  debugLogging: false

@ -118,18 +97,35 @@ flagdConfiguration:
    ## @param flagdConfiguration.image.repository Sets the image for the flagd deployment.
    repository: "ghcr.io/open-feature/flagd"
    ## @param flagdConfiguration.image.tag Sets the tag for the flagd deployment.
-    tag: v0.12.4
+    tag: v0.10.3
  ## @param flagdConfiguration.debugLogging Controls the addition of the `--debug` flag to the container startup arguments.
  debugLogging: false

 ## @section Operator resource configuration
 controllerManager:
+  kubeRbacProxy:
+    image:
+      ## @param controllerManager.kubeRbacProxy.image.repository Sets the image for the kube-rbac-proxy.
+      repository: gcr.io/kubebuilder/kube-rbac-proxy
+      ## @param controllerManager.kubeRbacProxy.image.tag Sets the version tag for the kube-rbac-proxy.
+      tag: "v0.14.1"
+    resources:
+      limits:
+        ## @param controllerManager.kubeRbacProxy.resources.limits.cpu Sets cpu resource limits for kube-rbac-proxy.
+        cpu: 500m
+        ## @param controllerManager.kubeRbacProxy.resources.limits.memory Sets memory resource limits for kube-rbac-proxy.
+        memory: 128Mi
+      requests:
+        ## @param controllerManager.kubeRbacProxy.resources.requests.cpu Sets cpu resource requests for kube-rbac-proxy.
+        cpu: 5m
+        ## @param controllerManager.kubeRbacProxy.resources.requests.memory Sets memory resource requests for kube-rbac-proxy.
+        memory: 64Mi
  manager:
    image:
      ## @param controllerManager.manager.image.repository Sets the image for the operator.
      repository: ghcr.io/open-feature/open-feature-operator
      ## @param controllerManager.manager.image.tag Sets the version tag for the operator.
-      tag: v0.8.7 # x-release-please-version
+      tag: v0.6.0 # x-release-please-version
    resources:
      limits:
        ## @param controllerManager.manager.resources.limits.cpu Sets cpu resource limits for operator.
@ -141,25 +137,19 @@ controllerManager:
        cpu: 10m
        ## @param controllerManager.manager.resources.requests.memory Sets memory resource requests for operator.
        memory: 64Mi
-    ## @param controllerManager.manager.hostNetwork Should the injector pods run on the host network (useful when using an alternate CNI in EKS)
-    hostNetwork: false
-    ## @param controllerManager.manager.dnsPolicy Pod DNS resolution scheme. Should be `ClusterFirstWithHostNet` if hostNetwork is true, `ClusterFirst` otherwise.
-    dnsPolicy: ClusterFirst
  ## @param controllerManager.replicas Sets number of replicas of the OpenFeature operator pod.
  replicas: 1

 managerConfig:
-  ## @param managerConfig.flagsValidationEnabled Enables the validating webhook for FeatureFlag CR.
-  flagsValidationEnabled: "true"
+  ## @param managerConfig.flagsValidatonEnabled Enables the validating webhook for FeatureFlag CR.
+  flagsValidatonEnabled: "true"
  controllerManagerConfigYaml:
    health:
      ## @param managerConfig.controllerManagerConfigYaml.health.healthProbeBindAddress Sets the bind address for health probes.
      healthProbeBindAddress: :8081
-    metrics: 
-      ## @param managerConfig.controllerManagerConfigYaml.metrics.bindAddress Sets the bind address for metrics (combined with bindPort).
-      bindAddress: 127.0.0.1
-      ## @param managerConfig.controllerManagerConfigYaml.metrics.bindPort Sets the bind port for metrics.
-      bindPort: 8080
+    metrics:
+      ## @param managerConfig.controllerManagerConfigYaml.metrics.bindAddress Sets the bind address for metrics.
+      bindAddress: 127.0.0.1:8080
    webhook:
      ## @param managerConfig.controllerManagerConfigYaml.webhook.port Sets the bind address for webhook.
      port: 9443
--- a/internal/common/common.go
+++ b/internal/common/common.go
@ -34,11 +34,6 @@ const (
 	ManagedByAnnotationValue                           = "open-feature-operator"
 	OperatorDeploymentName                             = "open-feature-operator-controller-manager"
 	InProcessConfigurationAnnotation                   = "inprocessconfiguration"
-	FlagdGrpcService                                   = "flagd.evaluation.v1.Service"
-	FlagdGrpcServicePath                               = "/" + FlagdGrpcService
-	SyncGrpcService                                    = "flagd.sync.v1.Service"
-	SyncGrpcServicePath                                = "/" + SyncGrpcService
-	OFREPHttpServicePath                               = "/ofrep"
 )

 var ErrFlagdProxyNotReady = errors.New("flagd-proxy is not ready, deferring pod admission")
--- a/internal/common/common_test.go
+++ b/internal/common/common_test.go
--- a/internal/common/flagdinjector/fake/flagdinjector_mock.go
+++ b/internal/common/flagdinjector/fake/flagdinjector_mock.go
--- a/internal/common/flagdinjector/flagdinjector.go
+++ b/internal/common/flagdinjector/flagdinjector.go
@ -9,10 +9,10 @@ import (
 	"github.com/go-logr/logr"
 	api "github.com/open-feature/open-feature-operator/apis/core/v1beta1"
 	apicommon "github.com/open-feature/open-feature-operator/apis/core/v1beta1/common"
-	"github.com/open-feature/open-feature-operator/internal/common"
-	"github.com/open-feature/open-feature-operator/internal/common/flagdproxy"
-	"github.com/open-feature/open-feature-operator/internal/common/types"
-	"github.com/open-feature/open-feature-operator/internal/common/utils"
+	"github.com/open-feature/open-feature-operator/common"
+	"github.com/open-feature/open-feature-operator/common/flagdproxy"
+	"github.com/open-feature/open-feature-operator/common/types"
+	"github.com/open-feature/open-feature-operator/common/utils"
 	appsV1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
@ -230,8 +230,6 @@ func (fi *FlagdContainerInjector) newSourceConfig(ctx context.Context, source ap
 		sourceCfg, err = fi.toFilepathProviderConfig(ctx, objectMeta, podSpec, sidecar, source)
 	case source.Provider.IsHttp():
 		sourceCfg = fi.toHttpProviderConfig(source)
-	case source.Provider.IsGcs():
-		sourceCfg = fi.toGcsConfig(source)
 	case source.Provider.IsGrpc():
 		sourceCfg = fi.toGrpcProviderConfig(source)
 	case source.Provider.IsFlagdProxy():
@ -308,14 +306,6 @@ func (fi *FlagdContainerInjector) toHttpProviderConfig(source api.Source) types.
 	}
 }

-func (fi *FlagdContainerInjector) toGcsConfig(source api.Source) types.SourceConfig {
-	return types.SourceConfig{
-		URI:      source.Source,
-		Provider: string(apicommon.SyncProviderGcs),
-		Interval: source.Interval,
-	}
-}
-
 func (fi *FlagdContainerInjector) toGrpcProviderConfig(source api.Source) types.SourceConfig {
 	return types.SourceConfig{
 		URI:        source.Source,
@ -404,8 +394,6 @@ func (fi *FlagdContainerInjector) generateBasicFlagdContainer(flagSourceConfig *
 			"start",
 			"--management-port",
 			fmt.Sprintf("%d", flagSourceConfig.ManagementPort),
-			"--port",
-			fmt.Sprintf("%d", flagSourceConfig.Port),
 		},
 		ImagePullPolicy: common.FlagdImagePullPolicy,
 		VolumeMounts:    []corev1.VolumeMount{},
@ -415,10 +403,6 @@ func (fi *FlagdContainerInjector) generateBasicFlagdContainer(flagSourceConfig *
 				Name:          "management",
 				ContainerPort: flagSourceConfig.ManagementPort,
 			},
-			{
-				Name:          "flagd",
-				ContainerPort: flagSourceConfig.Port,
-			},
 		},
 		SecurityContext: getSecurityContext(),
 		Resources:       fi.FlagdResourceRequirements,
--- a/internal/common/flagdinjector/flagdinjector_test.go
+++ b/internal/common/flagdinjector/flagdinjector_test.go
@ -9,9 +9,9 @@ import (
 	"github.com/go-logr/logr/testr"
 	api "github.com/open-feature/open-feature-operator/apis/core/v1beta1"
 	apicommon "github.com/open-feature/open-feature-operator/apis/core/v1beta1/common"
-	"github.com/open-feature/open-feature-operator/internal/common"
-	"github.com/open-feature/open-feature-operator/internal/common/flagdproxy"
-	"github.com/open-feature/open-feature-operator/internal/common/utils"
+	"github.com/open-feature/open-feature-operator/common"
+	"github.com/open-feature/open-feature-operator/common/flagdproxy"
+	"github.com/open-feature/open-feature-operator/common/utils"
 	"github.com/stretchr/testify/require"
 	appsV1 "k8s.io/api/apps/v1"
 	v1 "k8s.io/api/core/v1"
@ -58,7 +58,7 @@ func TestFlagdContainerInjector_InjectDefaultSyncProvider(t *testing.T) {

 	expectedPod.Annotations = nil

-	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--port", "8013", "--sources", "[{\"uri\":\"\",\"provider\":\"grpc\"}]"}
+	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--sources", "[{\"uri\":\"\",\"provider\":\"grpc\"}]"}

 	require.Equal(t, expectedPod, pod)
 }
@ -93,7 +93,7 @@ func TestFlagdContainerInjector_InjectDefaultSyncProvider_WithDebugLogging(t *te

 	expectedPod.Annotations = nil

-	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--port", "8013", "--sources", "[{\"uri\":\"\",\"provider\":\"grpc\"}]", "--debug"}
+	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--sources", "[{\"uri\":\"\",\"provider\":\"grpc\"}]", "--debug"}

 	require.Equal(t, expectedPod, pod)
 }
@ -128,7 +128,7 @@ func TestFlagdContainerInjector_InjectDefaultSyncProvider_WithOtelCollectorUri(t

 	expectedPod.Annotations = nil

-	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--port", "8013", "--sources", "[{\"uri\":\"\",\"provider\":\"grpc\"}]", "--metrics-exporter", "otel", "--otel-collector-uri", "localhost:4317"}
+	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--sources", "[{\"uri\":\"\",\"provider\":\"grpc\"}]", "--metrics-exporter", "otel", "--otel-collector-uri", "localhost:4317"}

 	require.Equal(t, expectedPod, pod)
 }
@ -172,7 +172,7 @@ func TestFlagdContainerInjector_InjectDefaultSyncProvider_WithResources(t *testi

 	expectedPod.Annotations = nil

-	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--port", "8013", "--sources", "[{\"uri\":\"\",\"provider\":\"grpc\"}]"}
+	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--sources", "[{\"uri\":\"\",\"provider\":\"grpc\"}]"}
 	expectedPod.Spec.Containers[1].Resources = flagSourceConfig.Resources

 	require.Equal(t, expectedPod, pod)
@ -208,7 +208,7 @@ func TestFlagdContainerInjector_InjectDefaultSyncProvider_WithSyncProviderArgs(t

 	expectedPod.Annotations = nil

-	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--port", "8013", "--sources", "[{\"uri\":\"\",\"provider\":\"grpc\"}]", "--sync-provider-args", "arg-1", "--sync-provider-args", "arg-2"}
+	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--sources", "[{\"uri\":\"\",\"provider\":\"grpc\"}]", "--sync-provider-args", "arg-1", "--sync-provider-args", "arg-2"}

 	require.Equal(t, expectedPod, pod)
 }
@ -243,7 +243,7 @@ func TestFlagdContainerInjector_InjectFlagdKubernetesSource(t *testing.T) {

 	expectedPod := getExpectedPod(namespace)

-	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--port", "8013", "--sources", "[{\"uri\":\"my-namespace/server-side\",\"provider\":\"kubernetes\"}]"}
+	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--sources", "[{\"uri\":\"my-namespace/server-side\",\"provider\":\"kubernetes\"}]"}

 	require.Equal(t, expectedPod, pod)

@ -305,7 +305,7 @@ func TestFlagdContainerInjector_InjectFlagdFilePathSource(t *testing.T) {
 		},
 	}

-	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--port", "8013", "--sources", "[{\"uri\":\"/etc/flagd/my-namespace_server-side/my-namespace_server-side.flagd.json\",\"provider\":\"file\"}]"}
+	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--sources", "[{\"uri\":\"/etc/flagd/my-namespace_server-side/my-namespace_server-side.flagd.json\",\"provider\":\"file\"}]"}
 	expectedPod.Spec.Containers[1].VolumeMounts = []v1.VolumeMount{
 		{
 			Name:      "server-side",
@ -385,7 +385,7 @@ func TestFlagdContainerInjector_InjectFlagdFilePathSource_UpdateReferencedConfig
 		},
 	}

-	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--port", "8013", "--sources", "[{\"uri\":\"/etc/flagd/my-namespace_server-side/my-namespace_server-side.flagd.json\",\"provider\":\"file\"}]"}
+	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--sources", "[{\"uri\":\"/etc/flagd/my-namespace_server-side/my-namespace_server-side.flagd.json\",\"provider\":\"file\"}]"}
 	expectedPod.Spec.Containers[1].VolumeMounts = []v1.VolumeMount{
 		{
 			Name:      "server-side",
@ -441,7 +441,7 @@ func TestFlagdContainerInjector_InjectHttpSource(t *testing.T) {

 	expectedPod.Annotations = nil

-	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--port", "8013", "--sources", "[{\"uri\":\"http://localhost:8013\",\"provider\":\"http\",\"bearerToken\":\"my-token\",\"interval\":8}]"}
+	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--sources", "[{\"uri\":\"http://localhost:8013\",\"provider\":\"http\",\"bearerToken\":\"my-token\",\"interval\":8}]"}

 	require.Equal(t, expectedPod, pod)
 }
@ -482,7 +482,7 @@ func TestFlagdContainerInjector_InjectGrpcSource(t *testing.T) {

 	expectedPod.Annotations = nil

-	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--port", "8013", "--sources", "[{\"uri\":\"grpc://localhost:8013\",\"provider\":\"grpc\",\"certPath\":\"cert-path\",\"tls\":true,\"providerID\":\"provider-id\",\"selector\":\"selector\"}]"}
+	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--sources", "[{\"uri\":\"grpc://localhost:8013\",\"provider\":\"grpc\",\"certPath\":\"cert-path\",\"tls\":true,\"providerID\":\"provider-id\",\"selector\":\"selector\"}]"}

 	require.Equal(t, expectedPod, pod)
 }
@ -594,7 +594,7 @@ func TestFlagdContainerInjector_InjectProxySource_ProxyIsReady(t *testing.T) {

 	expectedPod.Annotations = nil

-	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--port", "8013", "--sources", "[{\"uri\":\"flagd-proxy-svc.my-namespace.svc.cluster.local:8013\",\"provider\":\"grpc\",\"selector\":\"core.openfeature.dev/my-namespace/\"}]"}
+	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--sources", "[{\"uri\":\"flagd-proxy-svc.my-namespace.svc.cluster.local:8013\",\"provider\":\"grpc\",\"selector\":\"core.openfeature.dev/my-namespace/\"}]"}

 	require.Equal(t, expectedPod, pod)
 }
@ -624,7 +624,7 @@ func TestFlagdContainerInjector_Inject_FlagdContainerAlreadyPresent(t *testing.T
 	expectedPod := getExpectedPod(namespace)

 	expectedPod.Annotations = nil
-	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014", "--port", "8013"}
+	expectedPod.Spec.Containers[1].Args = []string{"start", "--management-port", "8014"}

 	require.Equal(t, expectedPod, pod)
 }
@ -831,10 +831,6 @@ func getExpectedPod(namespace string) v1.Pod {
 							Name:          "management",
 							ContainerPort: int32(8014),
 						},
-						{
-							Name:          "flagd",
-							ContainerPort: int32(8013),
-						},
 					},
 					Env: []v1.EnvVar{
 						{
--- a/common/flagdproxy/flagdproxy.go
+++ b/common/flagdproxy/flagdproxy.go
@ -0,0 +1,252 @@
+package flagdproxy
+
+import (
+	"context"
+	"fmt"
+	"reflect"
+
+	"github.com/go-logr/logr"
+	"github.com/open-feature/open-feature-operator/common"
+	"github.com/open-feature/open-feature-operator/common/types"
+	appsV1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+const (
+	FlagdProxyDeploymentName     = "flagd-proxy"
+	FlagdProxyServiceAccountName = "open-feature-operator-flagd-proxy"
+	FlagdProxyServiceName        = "flagd-proxy-svc"
+)
+
+type FlagdProxyHandler struct {
+	client.Client
+	config *FlagdProxyConfiguration
+	Log    logr.Logger
+}
+
+type CreateUpdateFunc func(ctx context.Context, obj client.Object) error
+
+type FlagdProxyConfiguration struct {
+	Port                   int
+	ManagementPort         int
+	DebugLogging           bool
+	Image                  string
+	Tag                    string
+	Namespace              string
+	OperatorDeploymentName string
+	ImagePullSecrets       []string
+}
+
+func NewFlagdProxyConfiguration(env types.EnvConfig, imagePullSecrets []string) *FlagdProxyConfiguration {
+	return &FlagdProxyConfiguration{
+		Image:                  env.FlagdProxyImage,
+		Tag:                    env.FlagdProxyTag,
+		Namespace:              env.PodNamespace,
+		OperatorDeploymentName: common.OperatorDeploymentName,
+		Port:                   env.FlagdProxyPort,
+		ManagementPort:         env.FlagdProxyManagementPort,
+		DebugLogging:           env.FlagdProxyDebugLogging,
+		ImagePullSecrets:       imagePullSecrets,
+	}
+}
+
+func NewFlagdProxyHandler(config *FlagdProxyConfiguration, client client.Client, logger logr.Logger) *FlagdProxyHandler {
+	return &FlagdProxyHandler{
+		config: config,
+		Client: client,
+		Log:    logger,
+	}
+}
+
+func (f *FlagdProxyHandler) Config() *FlagdProxyConfiguration {
+	return f.config
+}
+
+func (f *FlagdProxyHandler) createObject(ctx context.Context, obj client.Object) error {
+	return f.Client.Create(ctx, obj)
+}
+
+func (f *FlagdProxyHandler) updateObject(ctx context.Context, obj client.Object) error {
+	return f.Client.Update(ctx, obj)
+}
+
+func (f *FlagdProxyHandler) HandleFlagdProxy(ctx context.Context) error {
+	exists, deployment, err := f.doesFlagdProxyExist(ctx)
+	if err != nil {
+		return err
+	}
+
+	ownerReference, err := f.getOwnerReference(ctx)
+	if err != nil {
+		return err
+	}
+	newDeployment := f.newFlagdProxyManifest(ownerReference)
+	newService := f.newFlagdProxyServiceManifest(ownerReference)
+
+	if !exists {
+		f.Log.Info("flagd-proxy Deployment does not exist, creating")
+		return f.deployFlagdProxy(ctx, f.createObject, newDeployment, newService)
+	}
+	// flagd-proxy exists, need to check if we should update it
+	if f.shouldUpdateFlagdProxy(deployment, newDeployment) {
+		f.Log.Info("flagd-proxy Deployment out of sync, updating")
+		return f.deployFlagdProxy(ctx, f.updateObject, newDeployment, newService)
+	}
+	f.Log.Info("flagd-proxy Deployment up-to-date")
+	return nil
+}
+
+func (f *FlagdProxyHandler) deployFlagdProxy(ctx context.Context, createUpdateFunc CreateUpdateFunc, deployment *appsV1.Deployment, service *corev1.Service) error {
+	f.Log.Info("deploying the flagd-proxy")
+	if err := createUpdateFunc(ctx, deployment); err != nil && !errors.IsAlreadyExists(err) {
+		return err
+	}
+	f.Log.Info("deploying the flagd-proxy service")
+	if err := createUpdateFunc(ctx, service); err != nil && !errors.IsAlreadyExists(err) {
+		return err
+	}
+	return nil
+}
+
+func (f *FlagdProxyHandler) newFlagdProxyServiceManifest(ownerReference *metav1.OwnerReference) *corev1.Service {
+	return &corev1.Service{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:            FlagdProxyServiceName,
+			Namespace:       f.config.Namespace,
+			OwnerReferences: []metav1.OwnerReference{*ownerReference},
+		},
+		Spec: corev1.ServiceSpec{
+			Selector: map[string]string{
+				"app.kubernetes.io/name":      FlagdProxyDeploymentName,
+				common.ManagedByAnnotationKey: common.ManagedByAnnotationValue,
+			},
+			Ports: []corev1.ServicePort{
+				{
+					Name:       "flagd-proxy",
+					Port:       int32(f.config.Port),
+					TargetPort: intstr.FromInt(f.config.Port),
+				},
+			},
+		},
+	}
+}
+
+func (f *FlagdProxyHandler) newFlagdProxyManifest(ownerReference *metav1.OwnerReference) *appsV1.Deployment {
+	replicas := int32(1)
+	args := []string{
+		"start",
+		"--management-port",
+		fmt.Sprintf("%d", f.config.ManagementPort),
+	}
+	if f.config.DebugLogging {
+		args = append(args, "--debug")
+	}
+	imagePullSecrets := []corev1.LocalObjectReference{}
+	for _, secret := range f.config.ImagePullSecrets {
+		imagePullSecrets = append(imagePullSecrets, corev1.LocalObjectReference{
+			Name: secret,
+		})
+	}
+
+	return &appsV1.Deployment{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      FlagdProxyDeploymentName,
+			Namespace: f.config.Namespace,
+			Labels: map[string]string{
+				"app":                          FlagdProxyDeploymentName,
+				"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
+				"app.kubernetes.io/version":    f.config.Tag,
+			},
+			OwnerReferences: []metav1.OwnerReference{*ownerReference},
+		},
+		Spec: appsV1.DeploymentSpec{
+			Replicas: &replicas,
+			Selector: &metav1.LabelSelector{
+				MatchLabels: map[string]string{
+					"app": FlagdProxyDeploymentName,
+				},
+			},
+			Template: corev1.PodTemplateSpec{
+				ObjectMeta: metav1.ObjectMeta{
+					Labels: map[string]string{
+						"app":                          FlagdProxyDeploymentName,
+						"app.kubernetes.io/name":       FlagdProxyDeploymentName,
+						"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
+						"app.kubernetes.io/version":    f.config.Tag,
+					},
+				},
+				Spec: corev1.PodSpec{
+					ServiceAccountName: FlagdProxyServiceAccountName,
+					ImagePullSecrets:   imagePullSecrets,
+					Containers: []corev1.Container{
+						{
+							Image: fmt.Sprintf("%s:%s", f.config.Image, f.config.Tag),
+							Name:  FlagdProxyDeploymentName,
+							Ports: []corev1.ContainerPort{
+								{
+									Name:          "port",
+									ContainerPort: int32(f.config.Port),
+								},
+								{
+									Name:          "management-port",
+									ContainerPort: int32(f.config.ManagementPort),
+								},
+							},
+							Args: args,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func (f *FlagdProxyHandler) doesFlagdProxyExist(ctx context.Context) (bool, *appsV1.Deployment, error) {
+	d := &appsV1.Deployment{}
+	err := f.Client.Get(ctx, client.ObjectKey{Name: FlagdProxyDeploymentName, Namespace: f.config.Namespace}, d)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			// does not exist, is not ready, no error
+			return false, nil, nil
+		}
+		// does not exist, is not ready, is in error
+		return false, nil, err
+	}
+	return true, d, nil
+}
+
+func (f *FlagdProxyHandler) shouldUpdateFlagdProxy(old, new *appsV1.Deployment) bool {
+	if !common.IsManagedByOFO(old) {
+		f.Log.Info("flagd-proxy Deployment not managed by OFO")
+		return false
+	}
+	return !reflect.DeepEqual(old.Spec, new.Spec)
+}
+
+func (f *FlagdProxyHandler) getOperatorDeployment(ctx context.Context) (*appsV1.Deployment, error) {
+	d := &appsV1.Deployment{}
+	if err := f.Client.Get(ctx, client.ObjectKey{Name: f.config.OperatorDeploymentName, Namespace: f.config.Namespace}, d); err != nil {
+		return nil, fmt.Errorf("unable to fetch operator deployment: %w", err)
+	}
+	return d, nil
+
+}
+
+func (f *FlagdProxyHandler) getOwnerReference(ctx context.Context) (*metav1.OwnerReference, error) {
+	operatorDeployment, err := f.getOperatorDeployment(ctx)
+	if err != nil {
+		f.Log.Error(err, "unable to create owner reference for open-feature-operator")
+		return nil, err
+	}
+
+	return &metav1.OwnerReference{
+		UID:        operatorDeployment.GetUID(),
+		Name:       operatorDeployment.GetName(),
+		APIVersion: operatorDeployment.APIVersion,
+		Kind:       operatorDeployment.Kind,
+	}, nil
+}
--- a/internal/common/flagdproxy/flagdproxy_test.go
+++ b/internal/common/flagdproxy/flagdproxy_test.go
@ -6,206 +6,27 @@ import (
 	"testing"

 	"github.com/go-logr/logr/testr"
-	"github.com/open-feature/open-feature-operator/internal/common"
-	"github.com/open-feature/open-feature-operator/internal/common/types"
+	"github.com/open-feature/open-feature-operator/common"
+	"github.com/open-feature/open-feature-operator/common/types"
 	"github.com/stretchr/testify/require"
-	appsv1 "k8s.io/api/apps/v1"
+	appsV1 "k8s.io/api/apps/v1"
+	v1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
-	policyv1 "k8s.io/api/policy/v1"
+	v12 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
-	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 )

-var (
-	pullSecrets = []string{"test-pullSecret"}
-
-	labels = map[string]string{
-		"label1": "labelValue1",
-		"label2": "labelValue2",
-	}
-
-	annotations = map[string]string{
-		"annotation1": "annotationValue1",
-		"annotation2": "annotationValue2",
-	}
-
-	testPort           = 88
-	testManagementPort = 90
-	testReplicaCount   = 1
-	testDebugLogging   = true
-	testNamespace      = "ns"
-	testImage          = "image"
-	testTag            = "tag"
-
-	testEnvConfig = types.EnvConfig{
-		PodNamespace:             testNamespace,
-		FlagdProxyImage:          testImage,
-		FlagdProxyTag:            testTag,
-		FlagdProxyPort:           testPort,
-		FlagdProxyManagementPort: testManagementPort,
-		FlagdProxyReplicaCount:   testReplicaCount,
-		FlagdProxyDebugLogging:   testDebugLogging,
-	}
-
-	expectedDeploymentReplicas = int32(testReplicaCount)
-	expectedDeployment         = &appsv1.Deployment{
-		TypeMeta: metav1.TypeMeta{
-			Kind:       "Deployment",
-			APIVersion: "apps/v1",
-		},
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      FlagdProxyDeploymentName,
-			Namespace: "ns",
-			Labels: map[string]string{
-				"app":                          FlagdProxyDeploymentName,
-				"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
-				"app.kubernetes.io/version":    testTag,
-			},
-			ResourceVersion: "1",
-			OwnerReferences: []metav1.OwnerReference{
-				{
-					APIVersion: "apps/v1",
-					Kind:       "Deployment",
-					Name:       common.OperatorDeploymentName,
-				},
-			},
-		},
-		Spec: appsv1.DeploymentSpec{
-			Replicas: &expectedDeploymentReplicas,
-			Selector: &metav1.LabelSelector{
-				MatchLabels: map[string]string{
-					"app": FlagdProxyDeploymentName,
-				},
-			},
-			Template: corev1.PodTemplateSpec{
-				ObjectMeta: metav1.ObjectMeta{
-					Labels: map[string]string{
-						"app":                          FlagdProxyDeploymentName,
-						"app.kubernetes.io/name":       FlagdProxyDeploymentName,
-						"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
-						"app.kubernetes.io/version":    "tag",
-						"label1":                       "labelValue1",
-						"label2":                       "labelValue2",
-					},
-					Annotations: annotations,
-				},
-				Spec: corev1.PodSpec{
-					ServiceAccountName: FlagdProxyServiceAccountName,
-					ImagePullSecrets: []corev1.LocalObjectReference{
-						{Name: pullSecrets[0]},
-					},
-					Containers: []corev1.Container{
-						{
-							Image: fmt.Sprintf("%s:%s", testImage, testTag),
-							Name:  FlagdProxyDeploymentName,
-							Ports: []corev1.ContainerPort{
-								{
-									Name:          "port",
-									ContainerPort: int32(testPort),
-								},
-								{
-									Name:          "management-port",
-									ContainerPort: int32(testManagementPort),
-								},
-							},
-							Args: []string{"start", "--management-port", fmt.Sprint(testManagementPort), "--debug"},
-						},
-					},
-					TopologySpreadConstraints: []corev1.TopologySpreadConstraint{
-						{
-							MaxSkew:           1,
-							TopologyKey:       "kubernetes.io/hostname",
-							WhenUnsatisfiable: corev1.DoNotSchedule,
-							LabelSelector: &metav1.LabelSelector{
-								MatchLabels: map[string]string{
-									"app.kubernetes.io/name":      FlagdProxyDeploymentName,
-									common.ManagedByAnnotationKey: common.ManagedByAnnotationValue,
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-	}
-	expectedService = &corev1.Service{
-		TypeMeta: metav1.TypeMeta{
-			APIVersion: "v1",
-			Kind:       "Service",
-		},
-		ObjectMeta: metav1.ObjectMeta{
-			Name:            FlagdProxyServiceName,
-			Namespace:       testNamespace,
-			ResourceVersion: "1",
-			Labels: map[string]string{
-				common.ManagedByAnnotationKey: common.ManagedByAnnotationValue,
-			},
-			OwnerReferences: []metav1.OwnerReference{
-				{
-					APIVersion: "apps/v1",
-					Kind:       "Deployment",
-					Name:       common.OperatorDeploymentName,
-				},
-			},
-		},
-		Spec: corev1.ServiceSpec{
-			Selector: map[string]string{
-				"app.kubernetes.io/name":       FlagdProxyDeploymentName,
-				"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
-			},
-			Ports: []corev1.ServicePort{
-				{
-					Name:       "flagd-proxy",
-					Port:       int32(testPort),
-					TargetPort: intstr.FromInt(testPort),
-				},
-			},
-		},
-	}
-
-	expectedPDBminAvailable = intstr.FromInt(0)
-	expectedPDB             = &policyv1.PodDisruptionBudget{
-		TypeMeta: metav1.TypeMeta{
-			Kind:       "PodDisruptionBudget",
-			APIVersion: "policy/v1",
-		},
-		ObjectMeta: metav1.ObjectMeta{
-			Name:            FlagdProxyPodDisruptionBudgetName,
-			Namespace:       "ns",
-			ResourceVersion: "1",
-			Labels: map[string]string{
-				common.ManagedByAnnotationKey: common.ManagedByAnnotationValue,
-			},
-			OwnerReferences: []metav1.OwnerReference{
-				{
-					APIVersion: "apps/v1",
-					Kind:       "Deployment",
-					Name:       common.OperatorDeploymentName,
-				},
-			},
-		},
-		Spec: policyv1.PodDisruptionBudgetSpec{
-			MinAvailable: &expectedPDBminAvailable,
-			Selector: &metav1.LabelSelector{
-				MatchLabels: map[string]string{
-					"app.kubernetes.io/name":      FlagdProxyDeploymentName,
-					common.ManagedByAnnotationKey: common.ManagedByAnnotationValue,
-				},
-			},
-		},
-	}
-)
+var pullSecrets = []string{"test-pullSecret"}

 func TestNewFlagdProxyConfiguration(t *testing.T) {

 	kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{
 		FlagdProxyPort:           8015,
 		FlagdProxyManagementPort: 8016,
-		FlagdProxyReplicaCount:   123,
-	}, pullSecrets, labels, annotations)
+	}, pullSecrets)

 	require.NotNil(t, kpConfig)
 	require.Equal(t, &FlagdProxyConfiguration{
@ -214,9 +35,6 @@ func TestNewFlagdProxyConfiguration(t *testing.T) {
 		DebugLogging:           false,
 		OperatorDeploymentName: common.OperatorDeploymentName,
 		ImagePullSecrets:       pullSecrets,
-		Replicas:               123,
-		Labels:                 labels,
-		Annotations:            annotations,
 	}, kpConfig)
 }

@ -230,7 +48,7 @@ func TestNewFlagdProxyConfiguration_OverrideEnvVars(t *testing.T) {
 		FlagdProxyDebugLogging:   true,
 	}

-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)

 	require.NotNil(t, kpConfig)
 	require.Equal(t, &FlagdProxyConfiguration{
@ -242,13 +60,11 @@ func TestNewFlagdProxyConfiguration_OverrideEnvVars(t *testing.T) {
 		Namespace:              "my-namespace",
 		OperatorDeploymentName: common.OperatorDeploymentName,
 		ImagePullSecrets:       pullSecrets,
-		Labels:                 labels,
-		Annotations:            annotations,
 	}, kpConfig)
 }

 func TestNewFlagdProxyHandler(t *testing.T) {
-	kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{}, pullSecrets, labels, annotations)
+	kpConfig := NewFlagdProxyConfiguration(types.EnvConfig{}, pullSecrets)

 	require.NotNil(t, kpConfig)

@ -261,11 +77,58 @@ func TestNewFlagdProxyHandler(t *testing.T) {
 	require.Equal(t, kpConfig, ph.Config())
 }

+func TestDoesFlagdProxyExist(t *testing.T) {
+	env := types.EnvConfig{
+		PodNamespace: "ns",
+	}
+
+	deployment := &v1.Deployment{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: "ns",
+			Name:      FlagdProxyDeploymentName,
+		},
+		Spec: v1.DeploymentSpec{
+			Template: v12.PodTemplateSpec{
+				Spec: v12.PodSpec{
+					Containers: []v12.Container{
+						{
+							Name: "my-container",
+						},
+					},
+				},
+			},
+		},
+	}
+
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)
+
+	require.NotNil(t, kpConfig)
+
+	fakeClient := fake.NewClientBuilder().WithObjects().Build()
+
+	ph := NewFlagdProxyHandler(kpConfig, fakeClient, testr.New(t))
+
+	require.NotNil(t, ph)
+
+	res, d, err := ph.doesFlagdProxyExist(context.TODO())
+	require.Nil(t, err)
+	require.Nil(t, d)
+	require.False(t, res)
+
+	err = fakeClient.Create(context.TODO(), deployment)
+	require.Nil(t, err)
+
+	res, d, err = ph.doesFlagdProxyExist(context.TODO())
+	require.Nil(t, err)
+	require.NotNil(t, d)
+	require.True(t, res)
+}
+
 func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithBadVersion(t *testing.T) {
 	env := types.EnvConfig{
 		PodNamespace: "ns",
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)

 	require.NotNil(t, kpConfig)

@ -274,7 +137,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithBadVersion(t *testing
 	ownerRef, err := getTestOFODeploymentOwnerRef(fakeClient, env.PodNamespace)
 	require.Nil(t, err)

-	proxyDeployment := &appsv1.Deployment{
+	proxyDeployment := &v1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace:       kpConfig.Namespace,
 			Name:            FlagdProxyDeploymentName,
@ -283,10 +146,10 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithBadVersion(t *testing
 				"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
 			},
 		},
-		Spec: appsv1.DeploymentSpec{
-			Template: corev1.PodTemplateSpec{
-				Spec: corev1.PodSpec{
-					Containers: []corev1.Container{
+		Spec: v1.DeploymentSpec{
+			Template: v12.PodTemplateSpec{
+				Spec: v12.PodSpec{
+					Containers: []v12.Container{
 						{
 							Name: "my-container",
 						},
@ -307,7 +170,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithBadVersion(t *testing

 	require.Nil(t, err)

-	deployment := &appsv1.Deployment{}
+	deployment := &v1.Deployment{}
 	err = fakeClient.Get(context.Background(), client.ObjectKey{
 		Namespace: env.PodNamespace,
 		Name:      FlagdProxyDeploymentName,
@ -324,19 +187,19 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithoutLabel(t *testing.T
 	env := types.EnvConfig{
 		PodNamespace: "ns",
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)

 	require.NotNil(t, kpConfig)

-	proxyDeployment := &appsv1.Deployment{
+	proxyDeployment := &v1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace: kpConfig.Namespace,
 			Name:      FlagdProxyDeploymentName,
 		},
-		Spec: appsv1.DeploymentSpec{
-			Template: corev1.PodTemplateSpec{
-				Spec: corev1.PodSpec{
-					Containers: []corev1.Container{
+		Spec: v1.DeploymentSpec{
+			Template: v12.PodTemplateSpec{
+				Spec: v12.PodSpec{
+					Containers: []v12.Container{
 						{
 							Name: "my-container",
 						},
@ -354,9 +217,9 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithoutLabel(t *testing.T

 	err := ph.HandleFlagdProxy(context.Background())

-	require.ErrorContains(t, err, "not managed by OFO")
+	require.Nil(t, err)

-	deployment := &appsv1.Deployment{}
+	deployment := &v1.Deployment{}
 	err = fakeClient.Get(context.Background(), client.ObjectKey{
 		Namespace: env.PodNamespace,
 		Name:      FlagdProxyDeploymentName,
@ -373,7 +236,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithNewestVersion(t *test
 	env := types.EnvConfig{
 		PodNamespace: "ns",
 	}
-	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets, labels, annotations)
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)

 	require.NotNil(t, kpConfig)

@ -386,7 +249,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithNewestVersion(t *test
 	ownerRef, err := getTestOFODeploymentOwnerRef(fakeClient, env.PodNamespace)
 	require.Nil(t, err)

-	proxy := ph.newFlagdProxyDeployment(ownerRef)
+	proxy := ph.newFlagdProxyManifest(ownerRef)

 	err = fakeClient.Create(context.TODO(), proxy)
 	require.Nil(t, err)
@ -395,7 +258,7 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithNewestVersion(t *test

 	require.Nil(t, err)

-	deployment := &appsv1.Deployment{}
+	deployment := &v1.Deployment{}
 	err = fakeClient.Get(context.Background(), client.ObjectKey{
 		Namespace: env.PodNamespace,
 		Name:      FlagdProxyDeploymentName,
@ -409,20 +272,28 @@ func TestFlagdProxyHandler_HandleFlagdProxy_ProxyExistsWithNewestVersion(t *test
 }

 func TestFlagdProxyHandler_HandleFlagdProxy_CreateProxy(t *testing.T) {
-	kpConfig := NewFlagdProxyConfiguration(testEnvConfig, pullSecrets, labels, annotations)
+	env := types.EnvConfig{
+		PodNamespace:             "ns",
+		FlagdProxyImage:          "image",
+		FlagdProxyTag:            "tag",
+		FlagdProxyPort:           88,
+		FlagdProxyManagementPort: 90,
+		FlagdProxyDebugLogging:   true,
+	}
+	kpConfig := NewFlagdProxyConfiguration(env, pullSecrets)

 	require.NotNil(t, kpConfig)

-	fakeClient := fake.NewClientBuilder().WithObjects(createOFOTestDeployment(testNamespace)).Build()
+	fakeClient := fake.NewClientBuilder().WithObjects(createOFOTestDeployment(env.PodNamespace)).Build()

 	ph := NewFlagdProxyHandler(kpConfig, fakeClient, testr.New(t))

 	require.NotNil(t, ph)

 	// proxy does not exist
-	deployment := &appsv1.Deployment{}
+	deployment := &v1.Deployment{}
 	err := fakeClient.Get(context.Background(), client.ObjectKey{
-		Namespace: testNamespace,
+		Namespace: env.PodNamespace,
 		Name:      FlagdProxyDeploymentName,
 	}, deployment)

@ -433,102 +304,136 @@ func TestFlagdProxyHandler_HandleFlagdProxy_CreateProxy(t *testing.T) {
 	require.Nil(t, err)

 	// proxy should exist
-	deployment = &appsv1.Deployment{}
+	deployment = &v1.Deployment{}
 	err = fakeClient.Get(context.Background(), client.ObjectKey{
-		Namespace: testNamespace,
+		Namespace: env.PodNamespace,
 		Name:      FlagdProxyDeploymentName,
 	}, deployment)

 	require.Nil(t, err)
 	require.NotNil(t, deployment)

+	replicas := int32(1)
+	args := []string{
+		"start",
+		"--management-port",
+		fmt.Sprintf("%d", 90),
+		"--debug",
+	}
+
+	expectedDeployment := &appsV1.Deployment{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "Deployment",
+			APIVersion: "apps/v1",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      FlagdProxyDeploymentName,
+			Namespace: "ns",
+			Labels: map[string]string{
+				"app":                          FlagdProxyDeploymentName,
+				"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
+				"app.kubernetes.io/version":    "tag",
+			},
+			ResourceVersion: "1",
+			OwnerReferences: []metav1.OwnerReference{
+				{
+					APIVersion: "apps/v1",
+					Kind:       "Deployment",
+					Name:       common.OperatorDeploymentName,
+				},
+			},
+		},
+		Spec: appsV1.DeploymentSpec{
+			Replicas: &replicas,
+			Selector: &metav1.LabelSelector{
+				MatchLabels: map[string]string{
+					"app": FlagdProxyDeploymentName,
+				},
+			},
+			Template: corev1.PodTemplateSpec{
+				ObjectMeta: metav1.ObjectMeta{
+					Labels: map[string]string{
+						"app":                          FlagdProxyDeploymentName,
+						"app.kubernetes.io/name":       FlagdProxyDeploymentName,
+						"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
+						"app.kubernetes.io/version":    "tag",
+					},
+				},
+				Spec: corev1.PodSpec{
+					ServiceAccountName: FlagdProxyServiceAccountName,
+					ImagePullSecrets: []corev1.LocalObjectReference{
+						{Name: pullSecrets[0]},
+					},
+					Containers: []corev1.Container{
+						{
+							Image: "image:tag",
+							Name:  FlagdProxyDeploymentName,
+							Ports: []corev1.ContainerPort{
+								{
+									Name:          "port",
+									ContainerPort: int32(88),
+								},
+								{
+									Name:          "management-port",
+									ContainerPort: int32(90),
+								},
+							},
+							Args: args,
+						},
+					},
+				},
+			},
+		},
+	}
+
 	require.Equal(t, expectedDeployment, deployment)

 	service := &corev1.Service{}
 	err = fakeClient.Get(context.Background(), client.ObjectKey{
-		Namespace: testNamespace,
+		Namespace: env.PodNamespace,
 		Name:      FlagdProxyServiceName,
 	}, service)

 	require.Nil(t, err)
 	require.NotNil(t, service)

-	require.Equal(t, expectedService, service)
-
-	pdb := &policyv1.PodDisruptionBudget{}
-	err = fakeClient.Get(context.Background(), client.ObjectKey{
-		Namespace: testNamespace,
-		Name:      FlagdProxyPodDisruptionBudgetName,
-	}, pdb)
-	require.Nil(t, err)
-	require.NotNil(t, pdb)
-
-	require.Equal(t, expectedPDB, pdb)
-}
-
-func TestFlagdProxyHandler_HandleFlagdProxy_UpdateAllComponents(t *testing.T) {
-	kpConfig := NewFlagdProxyConfiguration(testEnvConfig, pullSecrets, labels, annotations)
-	require.NotNil(t, kpConfig)
-
-	fakeClient := fake.NewClientBuilder().WithObjects(createOFOTestDeployment(testNamespace)).Build()
-
-	ph := NewFlagdProxyHandler(kpConfig, fakeClient, testr.New(t))
-	require.NotNil(t, ph)
-
-	// Seed with slightly different values
-	deploy := expectedDeployment.DeepCopy()
-	deploy.ResourceVersion = ""
-	deploy.Spec.Replicas = ptr.To[int32](100000)
-	require.Nil(t, fakeClient.Create(context.Background(), deploy))
-
-	svc := expectedService.DeepCopy()
-	svc.ResourceVersion = ""
-	svc.Spec.Ports[0].Port = 100000
-	require.Nil(t, fakeClient.Create(context.Background(), svc))
-
-	pdb := expectedPDB.DeepCopy()
-	pdb.ResourceVersion = ""
-	minAvailable := intstr.FromInt(100000)
-	pdb.Spec.MinAvailable = &minAvailable
-	require.Nil(t, fakeClient.Create(context.Background(), pdb))
-
-	// Run
-	err := ph.HandleFlagdProxy(context.Background())
-	require.Nil(t, err)
-
-	// Get the updated resources
-	require.Nil(t, fakeClient.Get(context.Background(), client.ObjectKey{
-		Namespace: testNamespace,
-		Name:      FlagdProxyDeploymentName,
-	}, deploy))
-	updatedExpectedDeployment := expectedDeployment.DeepCopy()
-	updatedExpectedDeployment.ResourceVersion = "2"
-	require.Equal(t, updatedExpectedDeployment, deploy)
-
-	require.Nil(t, fakeClient.Get(context.Background(), client.ObjectKey{
-		Namespace: testNamespace,
-		Name:      FlagdProxyServiceName,
-	}, svc))
-	updatedExpectedService := expectedService.DeepCopy()
-	updatedExpectedService.ResourceVersion = "2"
-	require.Equal(t, updatedExpectedService, svc)
-
-	// pdb := expectedPDB.DeepCopy()
-	require.Nil(t, fakeClient.Get(context.Background(), client.ObjectKey{
-		Namespace: testNamespace,
-		Name:      FlagdProxyPodDisruptionBudgetName,
-	}, pdb))
-	updatedExpectedPDB := expectedPDB.DeepCopy()
-	updatedExpectedPDB.ResourceVersion = "2"
-	require.Equal(t, updatedExpectedPDB, pdb)
-}
-
-func createOFOTestDeployment(ns string) *appsv1.Deployment {
-	return &appsv1.Deployment{
+	expectedService := &corev1.Service{
 		TypeMeta: metav1.TypeMeta{
-			Kind:       "Deployment",
-			APIVersion: "apps/v1",
+			APIVersion: "v1",
+			Kind:       "Service",
 		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:            FlagdProxyServiceName,
+			Namespace:       "ns",
+			ResourceVersion: "1",
+			OwnerReferences: []metav1.OwnerReference{
+				{
+					APIVersion: "apps/v1",
+					Kind:       "Deployment",
+					Name:       common.OperatorDeploymentName,
+				},
+			},
+		},
+		Spec: corev1.ServiceSpec{
+			Selector: map[string]string{
+				"app.kubernetes.io/name":       FlagdProxyDeploymentName,
+				"app.kubernetes.io/managed-by": common.ManagedByAnnotationValue,
+			},
+			Ports: []corev1.ServicePort{
+				{
+					Name:       "flagd-proxy",
+					Port:       int32(88),
+					TargetPort: intstr.FromInt(88),
+				},
+			},
+		},
+	}
+
+	require.Equal(t, expectedService, service)
+}
+
+func createOFOTestDeployment(ns string) *v1.Deployment {
+	return &v1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace: ns,
 			Name:      common.OperatorDeploymentName,
@ -537,7 +442,7 @@ func createOFOTestDeployment(ns string) *appsv1.Deployment {
 }

 func getTestOFODeploymentOwnerRef(c client.Client, ns string) (*metav1.OwnerReference, error) {
-	d := &appsv1.Deployment{}
+	d := &appsV1.Deployment{}
 	if err := c.Get(context.TODO(), client.ObjectKey{Name: common.OperatorDeploymentName, Namespace: ns}, d); err != nil {
 		return nil, err
 	}
--- a/internal/common/types/envconfig.go
+++ b/internal/common/types/envconfig.go
@ -4,16 +4,15 @@ type EnvConfig struct {
 	PodNamespace           string `envconfig:"POD_NAMESPACE" default:"open-feature-operator-system"`
 	FlagdProxyImage        string `envconfig:"FLAGD_PROXY_IMAGE" default:"ghcr.io/open-feature/flagd-proxy"`
 	FlagsValidationEnabled bool   `envconfig:"FLAGS_VALIDATION_ENABLED" default:"true"`
-	FlagdProxyReplicaCount int    `envconfig:"FLAGD_PROXY_REPLICA_COUNT" default:"1"`
 	// renovate: datasource=github-tags depName=open-feature/flagd/flagd-proxy
-	FlagdProxyTag            string `envconfig:"FLAGD_PROXY_TAG" default:"v0.7.4"`
+	FlagdProxyTag            string `envconfig:"FLAGD_PROXY_TAG" default:"v0.6.2"`
 	FlagdProxyPort           int    `envconfig:"FLAGD_PROXY_PORT" default:"8015"`
 	FlagdProxyManagementPort int    `envconfig:"FLAGD_PROXY_MANAGEMENT_PORT" default:"8016"`
 	FlagdProxyDebugLogging   bool   `envconfig:"FLAGD_PROXY_DEBUG_LOGGING" default:"false"`

 	FlagdImage string `envconfig:"FLAGD_IMAGE" default:"ghcr.io/open-feature/flagd"`
 	// renovate: datasource=github-tags depName=open-feature/flagd/flagd
-	FlagdTag            string `envconfig:"FLAGD_TAG" default:"v0.12.4"`
+	FlagdTag            string `envconfig:"FLAGD_TAG" default:"v0.10.3"`
 	FlagdPort           int    `envconfig:"FLAGD_PORT" default:"8013"`
 	FlagdOFREPPort      int    `envconfig:"FLAGD_OFREP_PORT" default:"8016"`
 	FlagdSyncPort       int    `envconfig:"FLAGD_SYNC_PORT" default:"8015"`
@ -25,7 +24,7 @@ type EnvConfig struct {
 	SidecarPort           int    `envconfig:"SIDECAR_PORT" default:"8013"`
 	SidecarImage          string `envconfig:"SIDECAR_IMAGE" default:"ghcr.io/open-feature/flagd"`
 	// renovate: datasource=github-tags depName=open-feature/flagd/flagd
-	SidecarTag           string `envconfig:"SIDECAR_TAG" default:"v0.12.4"`
+	SidecarTag           string `envconfig:"SIDECAR_TAG" default:"v0.10.3"`
 	SidecarSocketPath    string `envconfig:"SIDECAR_SOCKET_PATH" default:""`
 	SidecarEvaluator     string `envconfig:"SIDECAR_EVALUATOR" default:"json"`
 	SidecarProviderArgs  string `envconfig:"SIDECAR_PROVIDER_ARGS" default:""`
--- a/internal/common/types/sourceconfig.go
+++ b/internal/common/types/sourceconfig.go
--- a/internal/common/utils/utils.go
+++ b/internal/common/utils/utils.go
@ -3,8 +3,6 @@ package utils
 import (
 	"fmt"
 	"strings"
-	"sync/atomic"
-	"time"
 )

 func TrueVal() *bool {
@ -43,23 +41,3 @@ func FeatureFlagId(namespace, name string) string {
 func FeatureFlagConfigMapKey(namespace, name string) string {
 	return fmt.Sprintf("%s.flagd.json", FeatureFlagId(namespace, name))
 }
-
-type ExponentialBackoff struct {
-	StartDelay time.Duration
-	MaxDelay   time.Duration
-	counter    int64
-}
-
-func (e *ExponentialBackoff) Next() time.Duration {
-	val := atomic.AddInt64(&e.counter, 1)
-
-	delay := e.StartDelay * (1 << (val - 1))
-	if delay > e.MaxDelay {
-		delay = e.MaxDelay
-	}
-	return delay
-}
-
-func (e *ExponentialBackoff) Reset() {
-	e.counter = 0
-}
--- a/common/utils/utils_test.go
+++ b/common/utils/utils_test.go
@ -0,0 +1,41 @@
+package utils
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func Test_FeatureFlagId(t *testing.T) {
+	require.Equal(t, "namespace_name", FeatureFlagId("namespace", "name"))
+}
+
+func Test_FeatureFlagConfigMapKey(t *testing.T) {
+	require.Equal(t, "namespace_name.flagd.json", FeatureFlagConfigMapKey("namespace", "name"))
+}
+
+func Test_FalseVal(t *testing.T) {
+	f := false
+	require.Equal(t, &f, FalseVal())
+}
+
+func Test_TrueVal(t *testing.T) {
+	tt := true
+	require.Equal(t, &tt, TrueVal())
+}
+
+func Test_ContainsString(t *testing.T) {
+	slice := []string{"str1", "str2"}
+	require.True(t, ContainsString(slice, "str1"))
+	require.False(t, ContainsString(slice, "some"))
+}
+
+func Test_ParseAnnotations(t *testing.T) {
+	s1, s2 := ParseAnnotation("some/anno", "default")
+	require.Equal(t, "some", s1)
+	require.Equal(t, "anno", s2)
+
+	s1, s2 = ParseAnnotation("anno", "default")
+	require.Equal(t, "default", s1)
+	require.Equal(t, "anno", s2)
+}
--- a/config/certmanager/certificate.yaml
+++ b/config/certmanager/certificate.yaml
@ -5,9 +5,6 @@ apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: selfsigned-issuer
-  labels:
-    app.kubernetes.io/name: open-feature-operator
-    app.kubernetes.io/managed-by: kustomize
 spec:
  selfSigned: {}
 ---
@ -15,35 +12,12 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: serving-cert  # this name should match the one appeared in kustomizeconfig.yaml
-  labels:
-    app.kubernetes.io/name: open-feature-operator
-    app.kubernetes.io/managed-by: kustomize
 spec:
-  # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
+  # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
  dnsNames:
-  - SERVICE_NAME.SERVICE_NAMESPACE.svc
-  - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local
+  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
+  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
  issuerRef:
    kind: Issuer
    name: selfsigned-issuer
  secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize
---
-# The following manifests contain a self-signed issuer CR and a metrics certificate CR.
-# More document can be found at https://docs.cert-manager.io
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: metrics-certs  # this name should match the one appeared in kustomizeconfig.yaml
-  labels:
-    app.kubernetes.io/name: open-feature-operator
-    app.kubernetes.io/managed-by: kustomize
-spec:
-  dnsNames:
-    # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
-    # replacements in the config/default/kustomization.yaml file.
-    - SERVICE_NAME.SERVICE_NAMESPACE.svc
-    - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local
-  issuerRef:
-    kind: Issuer
-    name: selfsigned-issuer
-  secretName: metrics-server-cert
--- a/config/certmanager/kustomizeconfig.yaml
+++ b/config/certmanager/kustomizeconfig.yaml
@ -6,3 +6,11 @@ nameReference:
  - kind: Certificate
    group: cert-manager.io
    path: spec/issuerRef/name
+
+varReference:
+- kind: Certificate
+  group: cert-manager.io
+  path: spec/commonName
+- kind: Certificate
+  group: cert-manager.io
+  path: spec/dnsNames
--- a/config/crd/bases/core.openfeature.dev_featureflagconfigurations.yaml
+++ b/config/crd/bases/core.openfeature.dev_featureflagconfigurations.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: featureflagconfigurations.core.openfeature.dev
 spec:
  group: core.openfeature.dev
@ -83,13 +83,10 @@ spec:
                                  description: The key to select.
                                  type: string
                                name:
-                                  default: ""
                                  description: |-
                                    Name of the referent.
-                                    This field is effectively required, but due to backwards compatibility is
-                                    allowed to be empty. Instances of this type with an empty value here are
-                                    almost certainly wrong.
                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind, uid?
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
@ -149,13 +146,10 @@ spec:
                                    be a valid secret key.
                                  type: string
                                name:
-                                  default: ""
                                  description: |-
                                    Name of the referent.
-                                    This field is effectively required, but due to backwards compatibility is
-                                    allowed to be empty. Instances of this type with an empty value here are
-                                    almost certainly wrong.
                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind, uid?
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
@ -179,8 +173,24 @@ spec:
                nullable: true
                properties:
                  credentials:
-                    description: ObjectReference contains enough information to let
-                      you inspect or modify the referred object.
+                    description: |-
+                      ObjectReference contains enough information to let you inspect or modify the referred object.
+                      ---
+                      New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.
+                       1. Ignored fields.  It includes many fields which are not generally honored.  For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.
+                       2. Invalid usage help.  It is impossible to add specific help for individual usage.  In most embedded usages, there are particular
+                          restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted".
+                          Those cannot be well described when embedded.
+                       3. Inconsistent validation.  Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.
+                       4. The fields are both imprecise and overly precise.  Kind is not a precise mapping to a URL. This can produce ambiguity
+                          during interpretation and require a REST mapping.  In most cases, the dependency is on the group,resource tuple
+                          and the version of the actual struct is irrelevant.
+                       5. We cannot easily change it.  Because this type is embedded in many locations, updates to this type
+                          will affect numerous schemas.  Don't make new APIs embed an underspecified API type they do not control.
+
+
+                      Instead of using this type, create a locally provided and used type that is well-focused on your reference.
+                      For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
                    nullable: true
                    properties:
                      apiVersion:
@ -195,6 +205,7 @@ spec:
                          the event) or if no container name is specified "spec.containers[2]" (container with
                          index 2 in this pod). This syntax is chosen only to have some well-defined way of
                          referencing a part of an object.
+                          TODO: this design is not final and this field is subject to change in the future.
                        type: string
                      kind:
                        description: |-
@ -358,13 +369,10 @@ spec:
                                  description: The key to select.
                                  type: string
                                name:
-                                  default: ""
                                  description: |-
                                    Name of the referent.
-                                    This field is effectively required, but due to backwards compatibility is
-                                    allowed to be empty. Instances of this type with an empty value here are
-                                    almost certainly wrong.
                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind, uid?
                                  type: string
                                optional:
                                  description: Specify whether the ConfigMap or its
@ -424,13 +432,10 @@ spec:
                                    be a valid secret key.
                                  type: string
                                name:
-                                  default: ""
                                  description: |-
                                    Name of the referent.
-                                    This field is effectively required, but due to backwards compatibility is
-                                    allowed to be empty. Instances of this type with an empty value here are
-                                    almost certainly wrong.
                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind, uid?
                                  type: string
                                optional:
                                  description: Specify whether the Secret or its key
@ -455,9 +460,11 @@ spec:
                      Claims lists the names of resources, defined in spec.resourceClaims,
                      that are used by this container.

+
                      This is an alpha field and requires enabling the
                      DynamicResourceAllocation feature gate.

+
                      This field is immutable. It can only be set for containers.
                    items:
                      description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@ -468,12 +475,6 @@ spec:
                            the Pod where this field is used. It makes that resource available
                            inside a container.
                          type: string
-                        request:
-                          description: |-
-                            Request is the name chosen for a request in the referenced claim.
-                            If empty, everything from the claim is made available, otherwise
-                            only the result of this request.
-                          type: string
                      required:
                      - name
                      type: object
@ -511,8 +512,24 @@ spec:
                nullable: true
                properties:
                  credentials:
-                    description: ObjectReference contains enough information to let
-                      you inspect or modify the referred object.
+                    description: |-
+                      ObjectReference contains enough information to let you inspect or modify the referred object.
+                      ---
+                      New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.
+                       1. Ignored fields.  It includes many fields which are not generally honored.  For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.
+                       2. Invalid usage help.  It is impossible to add specific help for individual usage.  In most embedded usages, there are particular
+                          restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted".
+                          Those cannot be well described when embedded.
+                       3. Inconsistent validation.  Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.
+                       4. The fields are both imprecise and overly precise.  Kind is not a precise mapping to a URL. This can produce ambiguity
+                          during interpretation and require a REST mapping.  In most cases, the dependency is on the group,resource tuple
+                          and the version of the actual struct is irrelevant.
+                       5. We cannot easily change it.  Because this type is embedded in many locations, updates to this type
+                          will affect numerous schemas.  Don't make new APIs embed an underspecified API type they do not control.
+
+
+                      Instead of using this type, create a locally provided and used type that is well-focused on your reference.
+                      For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
                    nullable: true
                    properties:
                      apiVersion:
@ -527,6 +544,7 @@ spec:
                          the event) or if no container name is specified "spec.containers[2]" (container with
                          index 2 in this pod). This syntax is chosen only to have some well-defined way of
                          referencing a part of an object.
+                          TODO: this design is not final and this field is subject to change in the future.
                        type: string
                      kind:
                        description: |-
--- a/config/crd/bases/core.openfeature.dev_featureflags.yaml
+++ b/config/crd/bases/core.openfeature.dev_featureflags.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: featureflags.core.openfeature.dev
 spec:
  group: core.openfeature.dev
--- a/config/crd/bases/core.openfeature.dev_featureflagsources.yaml
+++ b/config/crd/bases/core.openfeature.dev_featureflagsources.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: featureflagsources.core.openfeature.dev
 spec:
  group: core.openfeature.dev
@ -49,7 +49,6 @@ spec:
                description: DefaultSyncProvider defines the default sync provider
                type: string
              envVarPrefix:
-                default: FLAGD
                description: EnvVarPrefix defines the prefix to be applied to all
                  environment variables applied to the sidecar, default FLAGD
                type: string
@ -87,13 +86,10 @@ spec:
                              description: The key to select.
                              type: string
                            name:
-                              default: ""
                              description: |-
                                Name of the referent.
-                                This field is effectively required, but due to backwards compatibility is
-                                allowed to be empty. Instances of this type with an empty value here are
-                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the ConfigMap or its key
@ -152,13 +148,10 @@ spec:
                                be a valid secret key.
                              type: string
                            name:
-                              default: ""
                              description: |-
                                Name of the referent.
-                                This field is effectively required, but due to backwards compatibility is
-                                allowed to be empty. Instances of this type with an empty value here are
-                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
@ -174,16 +167,13 @@ spec:
                  type: object
                type: array
              evaluator:
-                default: json
                description: Evaluator sets an evaluator, defaults to 'json'
                type: string
              logFormat:
-                default: json
                description: LogFormat allows for the sidecar log format to be overridden,
                  defaults to 'json'
                type: string
              managementPort:
-                default: 8014
                description: ManagemetPort defines the port to serve management on,
                  defaults to 8014
                format: int32
@ -193,7 +183,6 @@ spec:
                  flag of flagd sidecar. Default false (disabled).
                type: string
              port:
-                default: 8013
                description: Port defines the port to listen on, defaults to 8013
                format: int32
                type: integer
@ -210,9 +199,11 @@ spec:
                      Claims lists the names of resources, defined in spec.resourceClaims,
                      that are used by this container.

+
                      This is an alpha field and requires enabling the
                      DynamicResourceAllocation feature gate.

+
                      This field is immutable. It can only be set for containers.
                    items:
                      description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@ -223,12 +214,6 @@ spec:
                            the Pod where this field is used. It makes that resource available
                            inside a container.
                          type: string
-                        request:
-                          description: |-
-                            Request is the name chosen for a request in the referenced claim.
-                            If empty, everything from the claim is made available, otherwise
-                            only the result of this request.
-                          type: string
                      required:
                      - name
                      type: object
--- a/config/crd/bases/core.openfeature.dev_flagds.yaml
+++ b/config/crd/bases/core.openfeature.dev_flagds.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: flagds.core.openfeature.dev
 spec:
  group: core.openfeature.dev
@ -44,180 +44,6 @@ spec:
                  FeatureFlagSource references to a FeatureFlagSource from which the created flagd instance retrieves
                  the feature flag configurations
                type: string
-              gatewayApiRoutes:
-                description: GatewayApiRoutes
-                properties:
-                  annotations:
-                    additionalProperties:
-                      type: string
-                    description: Annotations to be added to the Gateway API routes
-                    type: object
-                  enabled:
-                    description: Enabled enables/disables the Gateway API routes for
-                      flagd
-                    type: boolean
-                  hosts:
-                    description: |-
-                      Hosts list of hosts to be added to the ingress.
-                      Empty string corresponds to rule with no host.
-                    items:
-                      type: string
-                    type: array
-                  parentRefs:
-                    description: |-
-                      ParentRefs references the resources (usually Gateways) that the Routes should
-                      be attached to.
-                    items:
-                      description: |-
-                        ParentReference identifies an API object (usually a Gateway) that can be considered
-                        a parent of this resource (usually a route). There are two kinds of parent resources
-                        with "Core" support:
-
-                        * Gateway (Gateway conformance profile)
-                        * Service (Mesh conformance profile, ClusterIP Services only)
-
-                        This API may be extended in the future to support additional kinds of parent
-                        resources.
-
-                        The API object must be valid in the cluster; the Group and Kind must
-                        be registered in the cluster for this reference to be valid.
-                      properties:
-                        group:
-                          default: gateway.networking.k8s.io
-                          description: |-
-                            Group is the group of the referent.
-                            When unspecified, "gateway.networking.k8s.io" is inferred.
-                            To set the core API group (such as for a "Service" kind referent),
-                            Group must be explicitly set to "" (empty string).
-
-                            Support: Core
-                          maxLength: 253
-                          pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
-                          type: string
-                        kind:
-                          default: Gateway
-                          description: |-
-                            Kind is kind of the referent.
-
-                            There are two kinds of parent resources with "Core" support:
-
-                            * Gateway (Gateway conformance profile)
-                            * Service (Mesh conformance profile, ClusterIP Services only)
-
-                            Support for other resources is Implementation-Specific.
-                          maxLength: 63
-                          minLength: 1
-                          pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
-                          type: string
-                        name:
-                          description: |-
-                            Name is the name of the referent.
-
-                            Support: Core
-                          maxLength: 253
-                          minLength: 1
-                          type: string
-                        namespace:
-                          description: |-
-                            Namespace is the namespace of the referent. When unspecified, this refers
-                            to the local namespace of the Route.
-
-                            Note that there are specific rules for ParentRefs which cross namespace
-                            boundaries. Cross-namespace references are only valid if they are explicitly
-                            allowed by something in the namespace they are referring to. For example:
-                            Gateway has the AllowedRoutes field, and ReferenceGrant provides a
-                            generic way to enable any other kind of cross-namespace reference.
-
-                            <gateway:experimental:description>
-                            ParentRefs from a Route to a Service in the same namespace are "producer"
-                            routes, which apply default routing rules to inbound connections from
-                            any namespace to the Service.
-
-                            ParentRefs from a Route to a Service in a different namespace are
-                            "consumer" routes, and these routing rules are only applied to outbound
-                            connections originating from the same namespace as the Route, for which
-                            the intended destination of the connections are a Service targeted as a
-                            ParentRef of the Route.
-                            </gateway:experimental:description>
-
-                            Support: Core
-                          maxLength: 63
-                          minLength: 1
-                          pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
-                          type: string
-                        port:
-                          description: |-
-                            Port is the network port this Route targets. It can be interpreted
-                            differently based on the type of parent resource.
-
-                            When the parent resource is a Gateway, this targets all listeners
-                            listening on the specified port that also support this kind of Route(and
-                            select this Route). It's not recommended to set `Port` unless the
-                            networking behaviors specified in a Route must apply to a specific port
-                            as opposed to a listener(s) whose port(s) may be changed. When both Port
-                            and SectionName are specified, the name and port of the selected listener
-                            must match both specified values.
-
-                            <gateway:experimental:description>
-                            When the parent resource is a Service, this targets a specific port in the
-                            Service spec. When both Port (experimental) and SectionName are specified,
-                            the name and port of the selected port must match both specified values.
-                            </gateway:experimental:description>
-
-                            Implementations MAY choose to support other parent resources.
-                            Implementations supporting other types of parent resources MUST clearly
-                            document how/if Port is interpreted.
-
-                            For the purpose of status, an attachment is considered successful as
-                            long as the parent resource accepts it partially. For example, Gateway
-                            listeners can restrict which Routes can attach to them by Route kind,
-                            namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
-                            from the referencing Route, the Route MUST be considered successfully
-                            attached. If no Gateway listeners accept attachment from this Route,
-                            the Route MUST be considered detached from the Gateway.
-
-                            Support: Extended
-                          format: int32
-                          maximum: 65535
-                          minimum: 1
-                          type: integer
-                        sectionName:
-                          description: |-
-                            SectionName is the name of a section within the target resource. In the
-                            following resources, SectionName is interpreted as the following:
-
-                            * Gateway: Listener name. When both Port (experimental) and SectionName
-                            are specified, the name and port of the selected listener must match
-                            both specified values.
-                            * Service: Port name. When both Port (experimental) and SectionName
-                            are specified, the name and port of the selected listener must match
-                            both specified values.
-
-                            Implementations MAY choose to support attaching Routes to other resources.
-                            If that is the case, they MUST clearly document how SectionName is
-                            interpreted.
-
-                            When unspecified (empty string), this will reference the entire resource.
-                            For the purpose of status, an attachment is considered successful if at
-                            least one section in the parent resource accepts it. For example, Gateway
-                            listeners can restrict which Routes can attach to them by Route kind,
-                            namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
-                            the referencing Route, the Route MUST be considered successfully
-                            attached. If no Gateway listeners accept attachment from this Route, the
-                            Route MUST be considered detached from the Gateway.
-
-                            Support: Core
-                          maxLength: 253
-                          minLength: 1
-                          pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
-                          type: string
-                      required:
-                      - name
-                      type: object
-                    type: array
-                required:
-                - parentRefs
-                type: object
              ingress:
                description: Ingress
                properties:
--- a/config/crd/bases/core.openfeature.dev_flagsourceconfigurations.yaml
+++ b/config/crd/bases/core.openfeature.dev_flagsourceconfigurations.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: flagsourceconfigurations.core.openfeature.dev
 spec:
  group: core.openfeature.dev
@ -88,13 +88,10 @@ spec:
                              description: The key to select.
                              type: string
                            name:
-                              default: ""
                              description: |-
                                Name of the referent.
-                                This field is effectively required, but due to backwards compatibility is
-                                allowed to be empty. Instances of this type with an empty value here are
-                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the ConfigMap or its key
@ -153,13 +150,10 @@ spec:
                                be a valid secret key.
                              type: string
                            name:
-                              default: ""
                              description: |-
                                Name of the referent.
-                                This field is effectively required, but due to backwards compatibility is
-                                allowed to be empty. Instances of this type with an empty value here are
-                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
@ -211,9 +205,11 @@ spec:
                      Claims lists the names of resources, defined in spec.resourceClaims,
                      that are used by this container.

+
                      This is an alpha field and requires enabling the
                      DynamicResourceAllocation feature gate.

+
                      This field is immutable. It can only be set for containers.
                    items:
                      description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@ -224,12 +220,6 @@ spec:
                            the Pod where this field is used. It makes that resource available
                            inside a container.
                          type: string
-                        request:
-                          description: |-
-                            Request is the name chosen for a request in the referenced claim.
-                            If empty, everything from the claim is made available, otherwise
-                            only the result of this request.
-                          type: string
                      required:
                      - name
                      type: object
@ -481,13 +471,10 @@ spec:
                              description: The key to select.
                              type: string
                            name:
-                              default: ""
                              description: |-
                                Name of the referent.
-                                This field is effectively required, but due to backwards compatibility is
-                                allowed to be empty. Instances of this type with an empty value here are
-                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the ConfigMap or its key
@ -546,13 +533,10 @@ spec:
                                be a valid secret key.
                              type: string
                            name:
-                              default: ""
                              description: |-
                                Name of the referent.
-                                This field is effectively required, but due to backwards compatibility is
-                                allowed to be empty. Instances of this type with an empty value here are
-                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
@ -604,9 +588,11 @@ spec:
                      Claims lists the names of resources, defined in spec.resourceClaims,
                      that are used by this container.

+
                      This is an alpha field and requires enabling the
                      DynamicResourceAllocation feature gate.

+
                      This field is immutable. It can only be set for containers.
                    items:
                      description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@ -617,12 +603,6 @@ spec:
                            the Pod where this field is used. It makes that resource available
                            inside a container.
                          type: string
-                        request:
-                          description: |-
-                            Request is the name chosen for a request in the referenced claim.
-                            If empty, everything from the claim is made available, otherwise
-                            only the result of this request.
-                          type: string
                      required:
                      - name
                      type: object
--- a/config/crd/bases/core.openfeature.dev_inprocessconfigurations.yaml
+++ b/config/crd/bases/core.openfeature.dev_inprocessconfigurations.yaml
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.5
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: inprocessconfigurations.core.openfeature.dev
 spec:
  group: core.openfeature.dev
@ -86,13 +86,10 @@ spec:
                              description: The key to select.
                              type: string
                            name:
-                              default: ""
                              description: |-
                                Name of the referent.
-                                This field is effectively required, but due to backwards compatibility is
-                                allowed to be empty. Instances of this type with an empty value here are
-                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the ConfigMap or its key
@ -151,13 +148,10 @@ spec:
                                be a valid secret key.
                              type: string
                            name:
-                              default: ""
                              description: |-
                                Name of the referent.
-                                This field is effectively required, but due to backwards compatibility is
-                                allowed to be empty. Instances of this type with an empty value here are
-                                almost certainly wrong.
                                More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                TODO: Add other useful fields. apiVersion, kind, uid?
                              type: string
                            optional:
                              description: Specify whether the Secret or its key must
--- a/config/crd/kustomization.yaml
+++ b/config/crd/kustomization.yaml
@ -8,7 +8,7 @@ resources:
 - bases/core.openfeature.dev_inprocessconfigurations.yaml
 #+kubebuilder:scaffold:crdkustomizeresource

-patches:
+patchesStrategicMerge:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
 #- patches/webhook_in_featureflags.yaml
@ -17,6 +17,14 @@ patches:
 #- patches/webhook_in_inprocessconfigurations.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch

+# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
+# patches here are for enabling the CA injection for each CRD
+#- patches/cainjection_in_featureflags.yaml
+#- patches/cainjection_in_featureflagsources.yaml
+#- patches/cainjection_in_flagds.yaml
+#- patches/cainjection_in_inprocessconfigurations.yaml
+#+kubebuilder:scaffold:crdkustomizecainjectionpatch
+
 # the following config is for teaching kustomize how to do kustomization for CRDs.
 configurations:
 - kustomizeconfig.yaml
--- a/config/crd/kustomizeconfig.yaml
+++ b/config/crd/kustomizeconfig.yaml
@ -1,19 +1,19 @@
 # This file is for teaching kustomize how to substitute name and namespace reference in CRD
 nameReference:
-  - kind: Service
-    version: v1
-    fieldSpecs:
-      - kind: CustomResourceDefinition
-        version: v1
-        group: apiextensions.k8s.io
-        path: spec/conversion/webhook/clientConfig/service/name
-
-namespace:
+- kind: Service
+  version: v1
+  fieldSpecs:
  - kind: CustomResourceDefinition
    version: v1
    group: apiextensions.k8s.io
-    path: spec/conversion/webhook/clientConfig/service/namespace
-    create: false
+    path: spec/conversion/webhook/clientConfig/service/name
+
+namespace:
+- kind: CustomResourceDefinition
+  version: v1
+  group: apiextensions.k8s.io
+  path: spec/conversion/webhook/clientConfig/service/namespace
+  create: false

 varReference:
-  - path: metadata/annotations
+- path: metadata/annotations
--- a/config/crd/patches/cainjection_in_core_featureflags.yaml
+++ b/config/crd/patches/cainjection_in_core_featureflags.yaml
@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: featureflags.core.openfeature.dev
--- a/config/crd/patches/cainjection_in_core_featureflagsources.yaml
+++ b/config/crd/patches/cainjection_in_core_featureflagsources.yaml
@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: featureflagsources.core.openfeature.dev
--- a/config/crd/patches/cainjection_in_core_flagds.yaml
+++ b/config/crd/patches/cainjection_in_core_flagds.yaml
@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: flagds.core.openfeature.dev
--- a/config/crd/patches/cainjection_in_core_inprocessconfigurations.yaml
+++ b/config/crd/patches/cainjection_in_core_inprocessconfigurations.yaml
@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: inprocessconfigurations.core.openfeature.dev
--- a/config/default/cert_metrics_manager_patch.yaml
+++ b/config/default/cert_metrics_manager_patch.yaml
@ -1,30 +0,0 @@
-# This patch adds the args, volumes, and ports to allow the manager to use the metrics-server certs.
-
-# Add the volumeMount for the metrics-server certs
- op: add
-  path: /spec/template/spec/containers/0/volumeMounts/-
-  value:
-    mountPath: /tmp/k8s-metrics-server/metrics-certs
-    name: metrics-certs
-    readOnly: true
-
-# Add the --metrics-cert-path argument for the metrics server
- op: add
-  path: /spec/template/spec/containers/0/args/-
-  value: --metrics-cert-path=/tmp/k8s-metrics-server/metrics-certs
-
-# Add the metrics-server certs volume configuration
- op: add
-  path: /spec/template/spec/volumes/-
-  value:
-    name: metrics-certs
-    secret:
-      secretName: metrics-server-cert
-      optional: false
-      items:
-        - key: ca.crt
-          path: ca.crt
-        - key: tls.crt
-          path: tls.crt
-        - key: tls.key
-          path: tls.key
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@ -12,206 +12,63 @@ namePrefix: open-feature-operator-
 #commonLabels:
 #  someName: someValue

-resources:
+bases:
 - ../crd
 - ../rbac
 - ../manager
-
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 - ../webhook
-
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
 - ../certmanager
-
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus

-# [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy.
-# Only Pod(s) running a namespace labeled with 'metrics: enabled' will be able to gather the metrics.
-# Only CR(s) which requires webhooks and are applied on namespaces labeled with 'webhooks: enabled' will
-# be able to communicate with the Webhook Server.
-#- ../network-policy
+patchesStrategicMerge:
+# Protect the /metrics endpoint by putting it behind auth.
+# If you want your controller-manager to expose the /metrics
+# endpoint w/o any authn/z, please comment the following line.
+- manager_auth_proxy_patch.yaml

-
-patches:
 # Mount the controller config file for loading manager configurations
 # through a ComponentConfig type
 #- manager_config_patch.yaml

-# [METRICS] The following patch will enable the metrics endpoint using HTTPS and the port :8443.
-# More info: https://book.kubebuilder.io/reference/metrics
- path: manager_metrics_patch.yaml
-  target:
-    kind: Deployment
-
-# Uncomment the patches line if you enable Metrics and CertManager
-# [METRICS-WITH-CERTS] To enable metrics protected with certManager, uncomment the following line.
-# This patch will protect the metrics with certManager self-signed certs.
- path: cert_metrics_manager_patch.yaml
-  target:
-    kind: Deployment
-
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
- path: manager_webhook_patch.yaml
-  target:
-    kind: Deployment
+- manager_webhook_patch.yaml

+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
+# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
+# 'CERTMANAGER' needs to be enabled to use ca injection
+- webhookcainjection_patch.yaml
+
+# the following config is for teaching kustomize how to do var substitution
+vars:
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
-# Uncomment the following replacements to add the cert-manager CA injection annotations
-replacements:
- - source: # Uncomment the following block to enable certificates for metrics
-     kind: Service
-     version: v1
-     name: controller-manager-metrics-service
-     fieldPath: metadata.name
-   targets:
-     - select:
-         kind: Certificate
-         group: cert-manager.io
-         version: v1
-         name: metrics-certs
-       fieldPaths:
-         - spec.dnsNames.0
-         - spec.dnsNames.1
-       options:
-         delimiter: '.'
-         index: 0
-         create: true
-
- - source:
-     kind: Service
-     version: v1
-     name: controller-manager-metrics-service
-     fieldPath: metadata.namespace
-   targets:
-     - select:
-         kind: Certificate
-         group: cert-manager.io
-         version: v1
-         name: metrics-certs
-       fieldPaths:
-         - spec.dnsNames.0
-         - spec.dnsNames.1
-       options:
-         delimiter: '.'
-         index: 1
-         create: true
-
- - source: # Uncomment the following block if you have any webhook
-     kind: Service
-     version: v1
-     name: webhook-service
-     fieldPath: .metadata.name # Name of the service
-   targets:
-     - select:
-         kind: Certificate
-         group: cert-manager.io
-         version: v1
-         name: serving-cert
-       fieldPaths:
-         - .spec.dnsNames.0
-         - .spec.dnsNames.1
-       options:
-         delimiter: '.'
-         index: 0
-         create: true
- - source:
-     kind: Service
-     version: v1
-     name: webhook-service
-     fieldPath: .metadata.namespace # Namespace of the service
-   targets:
-     - select:
-         kind: Certificate
-         group: cert-manager.io
-         version: v1
-         name: serving-cert
-       fieldPaths:
-         - .spec.dnsNames.0
-         - .spec.dnsNames.1
-       options:
-         delimiter: '.'
-         index: 1
-         create: true
-
- - source: # Uncomment the following block if you have a ValidatingWebhook (--programmatic-validation)
-     kind: Certificate
-     group: cert-manager.io
-     version: v1
-     name: serving-cert # This name should match the one in certificate.yaml
-     fieldPath: .metadata.namespace # Namespace of the certificate CR
-   targets:
-     - select:
-         kind: ValidatingWebhookConfiguration
-       fieldPaths:
-         - .metadata.annotations.[cert-manager.io/inject-ca-from]
-       options:
-         delimiter: '/'
-         index: 0
-         create: true
- - source:
-     kind: Certificate
-     group: cert-manager.io
-     version: v1
-     name: serving-cert
-     fieldPath: .metadata.name
-   targets:
-     - select:
-         kind: ValidatingWebhookConfiguration
-       fieldPaths:
-         - .metadata.annotations.[cert-manager.io/inject-ca-from]
-       options:
-         delimiter: '/'
-         index: 1
-         create: true
-
- - source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting )
-     kind: Certificate
-     group: cert-manager.io
-     version: v1
-     name: serving-cert
-     fieldPath: .metadata.namespace # Namespace of the certificate CR
-   targets:
-     - select:
-         kind: MutatingWebhookConfiguration
-       fieldPaths:
-         - .metadata.annotations.[cert-manager.io/inject-ca-from]
-       options:
-         delimiter: '/'
-         index: 0
-         create: true
-
- - source:
-     kind: Certificate
-     group: cert-manager.io
-     version: v1
-     name: serving-cert
-     fieldPath: .metadata.name
-   targets:
-     - select:
-         kind: MutatingWebhookConfiguration
-       fieldPaths:
-         - .metadata.annotations.[cert-manager.io/inject-ca-from]
-       options:
-         delimiter: '/'
-         index: 1
-         create: true
-
-# - source: # Uncomment the following block if you have a ConversionWebhook (--conversion)
-#     kind: Certificate
-#     group: cert-manager.io
-#     version: v1
-#     name: serving-cert
-#     fieldPath: .metadata.namespace # Namespace of the certificate CR
-#   targets: # Do not remove or uncomment the following scaffold marker; required to generate code for target CRD.
-# +kubebuilder:scaffold:crdkustomizecainjectionns
-# - source:
-#     kind: Certificate
-#     group: cert-manager.io
-#     version: v1
-#     name: serving-cert
-#     fieldPath: .metadata.name
-#   targets: # Do not remove or uncomment the following scaffold marker; required to generate code for target CRD.
-# +kubebuilder:scaffold:crdkustomizecainjectionname
+- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
+  objref:
+    kind: Certificate
+    group: cert-manager.io
+    version: v1
+    name: serving-cert # this name should match the one in certificate.yaml
+  fieldref:
+    fieldpath: metadata.namespace
+- name: CERTIFICATE_NAME
+  objref:
+    kind: Certificate
+    group: cert-manager.io
+    version: v1
+    name: serving-cert # this name should match the one in certificate.yaml
+- name: SERVICE_NAMESPACE # namespace of the service
+  objref:
+    kind: Service
+    version: v1
+    name: webhook-service
+  fieldref:
+    fieldpath: metadata.namespace
+- name: SERVICE_NAME
+  objref:
+    kind: Service
+    version: v1
+    name: webhook-service
--- a/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@ -0,0 +1,42 @@
+# This patch inject a sidecar container which is a HTTP proxy for the
+# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: kube-rbac-proxy
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.0
+        args:
+        - "--secure-listen-address=0.0.0.0:8443"
+        - "--upstream=http://127.0.0.1:8080/"
+        - "--logtostderr=true"
+        - "--v=0"
+        ports:
+        - containerPort: 8443
+          protocol: TCP
+          name: https
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 5m
+            memory: 64Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsNonRoot: true
+      - name: manager
+        args:
+        - "--health-probe-bind-address=:8081"
+        - "--metrics-bind-address=127.0.0.1:8080"
+        - "--leader-elect"
+        - "--sidecar-cpu-limit=0.5" # cores
+        - "--sidecar-ram-limit=64M"
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsNonRoot: true
--- a/config/default/manager_metrics_patch.yaml
+++ b/config/default/manager_metrics_patch.yaml
@ -1,4 +0,0 @@
-# This patch adds the args to allow exposing the metrics endpoint using HTTPS
- op: add
-  path: /spec/template/spec/containers/0/args/0
-  value: --metrics-bind-address=:8443
--- a/config/default/manager_webhook_patch.yaml
+++ b/config/default/manager_webhook_patch.yaml
@ -1,31 +1,23 @@
-# This patch ensures the webhook certificates are properly mounted in the manager container.
-# It configures the necessary arguments, volumes, volume mounts, and container ports.
-
-# Add the --webhook-cert-path argument for configuring the webhook certificate path
- op: add
-  path: /spec/template/spec/containers/0/args/-
-  value: --webhook-cert-path=/tmp/k8s-webhook-server/serving-certs
-
-# Add the volumeMount for the webhook certificates
- op: add
-  path: /spec/template/spec/containers/0/volumeMounts/-
-  value:
-    mountPath: /tmp/k8s-webhook-server/serving-certs
-    name: webhook-certs
-    readOnly: true
-
-# Add the port configuration for the webhook server
- op: add
-  path: /spec/template/spec/containers/0/ports/-
-  value:
-    containerPort: 9443
-    name: webhook-server
-    protocol: TCP
-
-# Add the volume configuration for the webhook certificates
- op: add
-  path: /spec/template/spec/volumes/-
-  value:
-    name: webhook-certs
-    secret:
-      secretName: webhook-server-cert
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
+        ports:
+        - containerPort: 9443
+          name: webhook-server
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /tmp/k8s-webhook-server/serving-certs
+          name: cert
+          readOnly: true
+      volumes:
+      - name: cert
+        secret:
+          defaultMode: 420
+          secretName: webhook-server-cert
--- a/config/default/metrics_service.yaml
+++ b/config/default/metrics_service.yaml
@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    control-plane: controller-manager
-    app.kubernetes.io/name: open-feature-operator
-    app.kubernetes.io/managed-by: kustomize
-  name: controller-manager-metrics-service
-  namespace: system
-spec:
-  ports:
-  - name: https
-    port: 8443
-    protocol: TCP
-    targetPort: 8443
-  selector:
-    control-plane: controller-manager
-    app.kubernetes.io/name: open-feature-operator
--- a/config/default/webhookcainjection_patch.yaml
+++ b/config/default/webhookcainjection_patch.yaml
@ -0,0 +1,16 @@
+# This patch add annotation to admission webhook config and
+# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: mutating-webhook-configuration
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: validating-webhook-configuration
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@ -1,18 +1,14 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
 resources:
 - manager.yaml
-
 generatorOptions:
  disableNameSuffixHash: true
-
 configMapGenerator:
 - files:
  - controller_manager_config.yaml
  name: manager-config
-
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
 images:
 - name: controller
-  newName: open-feature-operator-local
-  newTag: validate
+  newName: controller
+  newTag: latest
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@ -3,7 +3,6 @@ kind: Namespace
 metadata:
  labels:
    control-plane: controller-manager
-    app.kubernetes.io/name: open-feature-operator
  name: system
 ---
 apiVersion: apps/v1
@ -13,13 +12,10 @@ metadata:
  namespace: system
  labels:
    control-plane: controller-manager
-    app.kubernetes.io/name: open-feature-operator
-    app.kubernetes.io/managed-by: kustomize
 spec:
  selector:
    matchLabels:
      control-plane: controller-manager
-      app.kubernetes.io/name: open-feature-operator
  replicas: 1
  template:
    metadata:
@ -27,8 +23,6 @@ spec:
        kubectl.kubernetes.io/default-container: manager
      labels:
        control-plane: controller-manager
-        app.kubernetes.io/name: open-feature-operator
-        app.kubernetes.io/managed-by: kustomize
    spec:
      securityContext:
        runAsNonRoot: true
@ -49,7 +43,6 @@ spec:
        imagePullPolicy: IfNotPresent
        image: controller:main
        name: manager
-        ports: []
        securityContext:
          allowPrivilegeEscalation: false
          runAsNonRoot: true
@ -74,7 +67,5 @@ spec:
          requests:
            cpu: 10m
            memory: 64Mi
-        volumeMounts: []
-      volumes: []
      serviceAccountName: controller-manager
      terminationGracePeriodSeconds: 10
--- a/config/network-policy/allow-metrics-traffic.yaml
+++ b/config/network-policy/allow-metrics-traffic.yaml
@ -1,27 +0,0 @@
-# This NetworkPolicy allows ingress traffic
-# with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those
-# namespaces are able to gather data from the metrics endpoint.
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  labels:
-    app.kubernetes.io/name: open-feature-operator
-    app.kubernetes.io/managed-by: kustomize
-  name: allow-metrics-traffic
-  namespace: system
-spec:
-  podSelector:
-    matchLabels:
-      control-plane: controller-manager
-      app.kubernetes.io/name: open-feature-operator
-  policyTypes:
-    - Ingress
-  ingress:
-    # This allows ingress traffic from any namespace with the label metrics: enabled
-    - from:
-      - namespaceSelector:
-          matchLabels:
-            metrics: enabled  # Only from namespaces with this label
-      ports:
-        - port: 8443
-          protocol: TCP
--- a/config/network-policy/allow-webhook-traffic.yaml
+++ b/config/network-policy/allow-webhook-traffic.yaml
@ -1,27 +0,0 @@
-# This NetworkPolicy allows ingress traffic to your webhook server running
-# as part of the controller-manager from specific namespaces and pods. CR(s) which uses webhooks
-# will only work when applied in namespaces labeled with 'webhook: enabled'
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  labels:
-    app.kubernetes.io/name: open-feature-operator
-    app.kubernetes.io/managed-by: kustomize
-  name: allow-webhook-traffic
-  namespace: system
-spec:
-  podSelector:
-    matchLabels:
-      control-plane: controller-manager
-      app.kubernetes.io/name: open-feature-operator
-  policyTypes:
-    - Ingress
-  ingress:
-    # This allows ingress traffic from any namespace with the label webhook: enabled
-    - from:
-        - namespaceSelector:
-            matchLabels:
-              webhook: enabled # Only from namespaces with this label
-      ports:
-        - port: 443
-          protocol: TCP
--- a/config/network-policy/kustomization.yaml
+++ b/config/network-policy/kustomization.yaml
@ -1,2 +0,0 @@
-resources:
- allow-metrics-traffic.yaml
--- a/config/overlays/helm/certificate-patch.yaml
+++ b/config/overlays/helm/certificate-patch.yaml
@ -1,21 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: serving-cert  # this name should match the one appeared in kustomizeconfig.yaml
-spec:
-  dnsNames:
-    - SERVICE_NAME.{{ include "chart.namespace" . }}.svc
-    - SERVICE_NAME.{{ include "chart.namespace" . }}.svc.cluster.local
---
-# The following manifests contain a self-signed issuer CR and a metrics certificate CR.
-# More document can be found at https://docs.cert-manager.io
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: metrics-certs  # this name should match the one appeared in kustomizeconfig.yaml
-spec:
-  dnsNames:
-    # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
-    # replacements in the config/default/kustomization.yaml file.
-    - SERVICE_NAME.{{ include "chart.namespace" . }}.svc
-    - SERVICE_NAME.{{ include "chart.namespace" . }}.svc.cluster.local
--- a/config/overlays/helm/controller_manager_config.yaml
+++ b/config/overlays/helm/controller_manager_config.yaml
@ -3,6 +3,6 @@ kind: ControllerManagerConfig
 health:
  healthProbeBindAddress: "{{ .Values.managerConfig.controllerManagerConfigYaml.health.healthProbeBindAddress }}"
 metrics:
-  bindAddress: "{{ .Values.managerConfig.controllerManagerConfigYaml.metrics.bindAddress }}:{{ .Values.managerConfig.controllerManagerConfigYaml.metrics.bindPort }}"
+  bindAddress: "{{ .Values.managerConfig.controllerManagerConfigYaml.metrics.bindAddress }}"
 webhook:
  port: 0{{ .Values.managerConfig.controllerManagerConfigYaml.webhook.port }}
--- a/config/overlays/helm/exclude-webhook-server-container-port.yaml
+++ b/config/overlays/helm/exclude-webhook-server-container-port.yaml
@ -1,16 +0,0 @@
-# delete the default webhook-server port (to avoid duplicate) since we build it from helm
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: controller-manager
-  namespace: system
-spec:
-  template:
-    spec:
-      containers:
-      - name: manager
-        ports:
-        - containerPort: 9443
-          name: webhook-server
-          protocol: TCP
-          $patch: delete
--- a/config/overlays/helm/kustomization.yaml
+++ b/config/overlays/helm/kustomization.yaml
@ -1,5 +1,5 @@
 # import the default deployment as the base
-resources:
+bases:
  - ../../default

 # replace the default namespace with {{ include "chart.namespace" . }}
@ -11,55 +11,13 @@ namespace: |-
 # merge the exclude-ns.yaml with the existing namespace definition, this contains the `$patch: delete` directive allowing 
 # for the helm chart to define the namespace conditionally (only deploys when no namespace is provided and the default 
 # (open-feature-operator-system) is used
-patches:
-  - path: exclude-ns.yaml
-  - path: manager.yaml
-  - path: exclude-webhook-server-container-port.yaml
-  - path: exclude-validatingwebhook.yaml
-  - path: mutatingwebhook.yaml
-  - path: certificate-patch.yaml
+patchesStrategicMerge:
+  - exclude-ns.yaml
+  - manager.yaml
+  - exclude-validatingwebhook.yaml

 configMapGenerator:
 - name: manager-config
  behavior: merge
  files:
    - controller_manager_config.yaml
-
-replacements:
-  - source: # Uncomment the following block to enable certificates for metrics
-      kind: Service
-      version: v1
-      name: controller-manager-metrics-service
-      fieldPath: metadata.name
-    targets:
-      - select:
-          kind: Certificate
-          group: cert-manager.io
-          version: v1
-          name: metrics-certs
-        fieldPaths:
-          - spec.dnsNames.0
-          - spec.dnsNames.1
-        options:
-          delimiter: '.'
-          index: 0
-          create: true
-
-  - source: # Uncomment the following block if you have any webhook
-      kind: Service
-      version: v1
-      name: webhook-service
-      fieldPath: .metadata.name # Name of the service
-    targets:
-      - select:
-          kind: Certificate
-          group: cert-manager.io
-          version: v1
-          name: serving-cert
-        fieldPaths:
-          - spec.dnsNames.0
-          - spec.dnsNames.1
-        options:
-          delimiter: '.'
-          index: 0
-          create: true
--- a/config/overlays/helm/manager.yaml
+++ b/config/overlays/helm/manager.yaml
@ -6,19 +6,9 @@ metadata:
 spec:
  replicas: 0{{ .Values.controllerManager.replicas }}
  template:
-    metadata:
-      # this is transformed by .github/scripts/strip-kustomize-helm.sh
-      annotations:
-        ___delete_me___: "___ ___newline___{{ if .Values.annotations }}{{___space___toYaml___space___.Values.annotations___space___|___space___indent___space___8___space___}}{{ end }}___"
-      # this is transformed by .github/scripts/strip-kustomize-helm.sh
-      labels:
-        ___delete_me___: "___ ___newline___{{ if .Values.labels }}___newline___{{___space___toYaml___space___.Values.labels___space___|___space___indent___space___8___space___}}{{ end }}___"
    spec:
      # this is transformed by .github/scripts/strip-kustomize-helm.sh
-      ___imagePullSecrets___: "___ ___newline___        {{ toYaml .Values.imagePullSecrets___space___|___space___indent___space___8___space___}}___"
-      # this is transformed by .github/scripts/strip-kustomize-helm.sh
-      hostNetwork: "___{{ .Values.controllerManager.manager.hostNetwork }}___"
-      dnsPolicy: "{{ .Values.controllerManager.manager.dnsPolicy }}"
+      ___imagePullSecrets___: "___ ___newline___{{ toYaml .Values.imagePullSecrets | indent 8 }}___"
      containers:
        - name: manager
          image: "{{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag }}"
@ -29,82 +19,73 @@ spec:
            requests:
              cpu: "{{ .Values.controllerManager.manager.resources.requests.cpu }}"
              memory: "{{ .Values.controllerManager.manager.resources.requests.memory }}"
-          ports:
-            - containerPort: "___ {{ .Values.managerConfig.controllerManagerConfigYaml.webhook.port }} ___"
-              name: webhook-server
-              protocol: TCP
-            - containerPort: "___ {{ .Values.managerConfig.controllerManagerConfigYaml.metrics.bindPort }} ___"
-              name: metrics-server
-              protocol: TCP
          env:
-            - name: SIDECAR_MANAGEMENT_PORT
-              value: "{{ .Values.sidecarConfiguration.managementPort }}"
-            - name: SIDECAR_PORT
-              value: "{{ .Values.sidecarConfiguration.port }}"
-            - name: SIDECAR_SOCKET_PATH
-              value: "{{ .Values.sidecarConfiguration.socketPath }}"
-            - name: SIDECAR_IMAGE
-              value: "{{ .Values.sidecarConfiguration.image.repository }}"
-            - name: SIDECAR_TAG
-              value: "{{ .Values.sidecarConfiguration.image.tag }}"
-            - name: SIDECAR_PROVIDER_ARGS
-              value: "{{ .Values.sidecarConfiguration.providerArgs }}"
-            - name: SIDECAR_ENV_VAR_PREFIX
-              value: "{{ .Values.sidecarConfiguration.envVarPrefix }}"
-            - name: SIDECAR_SYNC_PROVIDER
-              value: "{{ .Values.sidecarConfiguration.defaultSyncProvider }}"
-            - name: SIDECAR_EVALUATOR
-              value: "{{ .Values.sidecarConfiguration.evaluator }}"
-            - name: SIDECAR_LOG_FORMAT
-              value: "{{ .Values.sidecarConfiguration.logFormat }}"
-            - name: SIDECAR_PROBES_ENABLED
-              value: "{{ .Values.sidecarConfiguration.probesEnabled }}"
-            - name: FLAGD_PROXY_IMAGE
-              value: "{{ .Values.flagdProxyConfiguration.image.repository }}"
-            - name: FLAGD_PROXY_REPLICA_COUNT
-              value: "{{ .Values.flagdProxyConfiguration.replicaCount }}"
-            - name: FLAGD_PROXY_TAG
-              value: "{{ .Values.flagdProxyConfiguration.image.tag }}"
-            - name: FLAGD_PROXY_PORT
-              value: "{{ .Values.flagdProxyConfiguration.port }}"
-            - name: FLAGD_PROXY_MANAGEMENT_PORT
-              value: "{{ .Values.flagdProxyConfiguration.managementPort }}"
-            - name: FLAGD_PROXY_DEBUG_LOGGING
-              value: "{{ .Values.flagdProxyConfiguration.debugLogging }}"
-            - name: FLAGD_IMAGE
-              value: "{{ .Values.flagdConfiguration.image.repository }}"
-            - name: FLAGD_TAG
-              value: "{{ .Values.flagdConfiguration.image.tag }}"
-            - name: FLAGD_PORT
-              value: "{{ .Values.flagdConfiguration.port }}"
-            - name: FLAGD_OFREP_PORT
-              value: "{{ .Values.flagdConfiguration.ofrepPort }}"
-            - name: FLAGD_SYNC_PORT
-              value: "{{ .Values.flagdConfiguration.syncPort }}"
-            - name: FLAGD_MANAGEMENT_PORT
-              value: "{{ .Values.flagdConfiguration.managementPort }}"
-            - name: FLAGD_DEBUG_LOGGING
-              value: "{{ .Values.flagdConfiguration.debugLogging }}"
-            - name: FLAGS_VALIDATION_ENABLED
-              value: "{{ .Values.managerConfig.flagsValidationEnabled }}"
-            - name: IN_PROCESS_PORT
-              value: "{{ .Values.inProcessConfiguration.port }}"
-            - name: IN_PROCESS_HOST
-              value: "{{ .Values.inProcessConfiguration.host }}"
-            - name: IN_PROCESS_SOCKET_PATH
-              value: "{{ .Values.inProcessConfiguration.socketPath }}"
-            - name: IN_PROCESS_TLS
-              value: "{{ .Values.inProcessConfiguration.tls }}"
-            - name: IN_PROCESS_OFFLINE_FLAG_SOURCE_PATH
-              value: "{{ .Values.inProcessConfiguration.offlineFlagSourcePath }}"
-            - name: IN_PROCESS_SELECTOR
-              value: "{{ .Values.inProcessConfiguration.selector }}"
-            - name: IN_PROCESS_CACHE
-              value: "{{ .Values.inProcessConfiguration.cache.type }}"
-            - name: IN_PROCESS_ENV_VAR_PREFIX
-              value: "{{ .Values.inProcessConfiguration.envVarPrefix }}"
-            - name: IN_PROCESS_CACHE_MAX_SIZE
-              value: "{{ .Values.inProcessConfiguration.cache.size }}"
+          - name: SIDECAR_MANAGEMENT_PORT
+            value: "{{ .Values.sidecarConfiguration.managementPort }}"
+          - name: SIDECAR_PORT
+            value: "{{ .Values.sidecarConfiguration.port }}"
+          - name: SIDECAR_SOCKET_PATH
+            value: "{{ .Values.sidecarConfiguration.socketPath }}"
+          - name: SIDECAR_IMAGE
+            value: "{{ .Values.sidecarConfiguration.image.repository }}"
+          - name: SIDECAR_TAG
+            value: "{{ .Values.sidecarConfiguration.image.tag }}"
+          - name: SIDECAR_PROVIDER_ARGS
+            value: "{{ .Values.sidecarConfiguration.providerArgs }}"
+          - name: SIDECAR_ENV_VAR_PREFIX
+            value: "{{ .Values.sidecarConfiguration.envVarPrefix }}"
+          - name: SIDECAR_SYNC_PROVIDER
+            value: "{{ .Values.sidecarConfiguration.defaultSyncProvider }}"
+          - name: SIDECAR_EVALUATOR
+            value: "{{ .Values.sidecarConfiguration.evaluator }}"
+          - name: SIDECAR_LOG_FORMAT
+            value: "{{ .Values.sidecarConfiguration.logFormat }}"
+          - name: SIDECAR_PROBES_ENABLED
+            value: "{{ .Values.sidecarConfiguration.probesEnabled }}"
+          - name: FLAGD_PROXY_IMAGE
+            value: "{{ .Values.flagdProxyConfiguration.image.repository }}"
+          - name: FLAGD_PROXY_TAG
+            value: "{{ .Values.flagdProxyConfiguration.image.tag }}"
+          - name: FLAGD_PROXY_PORT
+            value: "{{ .Values.flagdProxyConfiguration.port }}"
+          - name: FLAGD_PROXY_MANAGEMENT_PORT
+            value: "{{ .Values.flagdProxyConfiguration.managementPort }}"
+          - name: FLAGD_PROXY_DEBUG_LOGGING
+            value: "{{ .Values.flagdProxyConfiguration.debugLogging }}"
+          - name: FLAGD_IMAGE
+            value: "{{ .Values.flagdConfiguration.image.repository }}"
+          - name: FLAGD_TAG
+            value: "{{ .Values.flagdConfiguration.image.tag }}"
+          - name: FLAGD_PORT
+            value: "{{ .Values.flagdConfiguration.port }}"
+          - name: FLAGD_OFREP_PORT
+            value: "{{ .Values.flagdConfiguration.ofrepPort }}"
+          - name: FLAGD_SYNC_PORT
+            value: "{{ .Values.flagdConfiguration.syncPort }}"
+          - name: FLAGD_MANAGEMENT_PORT
+            value: "{{ .Values.flagdConfiguration.managementPort }}"
+          - name: FLAGD_DEBUG_LOGGING
+            value: "{{ .Values.flagdConfiguration.debugLogging }}"
+          - name: FLAGS_VALIDATION_ENABLED
+            value: "{{ .Values.managerConfig.flagsValidatonEnabled }}"
+          - name: IN_PROCESS_PORT
+            value: "{{ .Values.inProcessConfiguration.port }}"
+          - name: IN_PROCESS_HOST
+            value: "{{ .Values.inProcessConfiguration.host }}"
+          - name: IN_PROCESS_SOCKET_PATH
+            value: "{{ .Values.inProcessConfiguration.socketPath }}"
+          - name: IN_PROCESS_TLS
+            value: "{{ .Values.inProcessConfiguration.tls }}"
+          - name: IN_PROCESS_OFFLINE_FLAG_SOURCE_PATH
+            value: "{{ .Values.inProcessConfiguration.offlineFlagSourcePath }}"
+          - name: IN_PROCESS_SELECTOR
+            value: "{{ .Values.inProcessConfiguration.selector }}"
+          - name: IN_PROCESS_CACHE
+            value: "{{ .Values.inProcessConfiguration.cache.type }}"
+          - name: IN_PROCESS_ENV_VAR_PREFIX
+            value: "{{ .Values.inProcessConfiguration.envVarPrefix }}"
+          - name: IN_PROCESS_CACHE_MAX_SIZE
+            value: "{{ .Values.inProcessConfiguration.cache.size }}"
          args:
            - --leader-elect
            - --sidecar-cpu-limit={{ .Values.sidecarConfiguration.resources.limits.cpu }}
@ -112,6 +93,12 @@ spec:
            - --sidecar-cpu-request={{ .Values.sidecarConfiguration.resources.requests.cpu }}
            - --sidecar-ram-request={{ .Values.sidecarConfiguration.resources.requests.memory }}
            - --image-pull-secrets={{ range .Values.imagePullSecrets }}{{ .name }},{{- end }}
-            - --metrics-bind-address=:{{ .Values.managerConfig.controllerManagerConfigYaml.metrics.bindPort }}
-            - --labels={{ $labelKeys := keys .Values.labels -}}{{- $labelPairs := list -}}{{- range $key := $labelKeys -}}{{- $labelPairs = append $labelPairs (printf "%s:%s" $key (index $.Values.labels $key)) -}}{{- end -}}{{- join "," $labelPairs }}
-            - --annotations={{ $annotationKeys := keys .Values.annotations -}}{{- $annotationPairs := list -}}{{- range $key := $annotationKeys -}}{{- $annotationPairs = append $annotationPairs (printf "%s:%s" $key (index $.Values.annotations $key)) -}}{{- end -}}{{- join "," $annotationPairs }}
+        - name: kube-rbac-proxy
+          image: "{{ .Values.controllerManager.kubeRbacProxy.image.repository }}:{{ .Values.controllerManager.kubeRbacProxy.image.tag }}"
+          resources:
+            limits:
+              cpu: "{{ .Values.controllerManager.kubeRbacProxy.resources.limits.cpu }}"
+              memory: "{{ .Values.controllerManager.kubeRbacProxy.resources.limits.memory }}"
+            requests:
+              cpu: "{{ .Values.controllerManager.kubeRbacProxy.resources.requests.cpu }}"
+              memory: "{{ .Values.controllerManager.kubeRbacProxy.resources.requests.memory }}"
--- a/config/overlays/helm/mutatingwebhook.yaml
+++ b/config/overlays/helm/mutatingwebhook.yaml
@ -1,10 +0,0 @@
-apiVersion: admissionregistration.k8s.io/v1
-kind: MutatingWebhookConfiguration
-metadata:
-  name: mutating-webhook-configuration
-  annotations:
-    cert-manager.io/inject-ca-from: "___'{{ include \"chart.namespace\" . }}/open-feature-operator-serving-cert'___"
-webhooks:
-  - name: mutate.openfeature.dev
-    failurePolicy: "___{{ .Values.mutatingWebhook.failurePolicy }}___"
-    objectSelector: "___{{ toYaml .Values.mutatingWebhook.objectSelector | nindent 4 }}___"
--- a/config/prometheus/kustomization.yaml
+++ b/config/prometheus/kustomization.yaml
@ -1,11 +1,2 @@
 resources:
 - monitor.yaml
-
-# [PROMETHEUS-WITH-CERTS] The following patch configures the ServiceMonitor in ../prometheus
-# to securely reference certificates created and managed by cert-manager.
-# Additionally, ensure that you uncomment the [METRICS WITH CERTMANAGER] patch under config/default/kustomization.yaml
-# to mount the "metrics-server-cert" secret in the Manager Deployment.
-patches:
-  - path: monitor_tls_patch.yaml
-    target:
-      kind: ServiceMonitor
--- a/config/prometheus/monitor.yaml
+++ b/config/prometheus/monitor.yaml
@ -1,27 +1,20 @@
+
 # Prometheus Monitor Service (Metrics)
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  labels:
    control-plane: controller-manager
-    app.kubernetes.io/name: open-feature-operator
-    app.kubernetes.io/managed-by: kustomize
  name: controller-manager-metrics-monitor
  namespace: system
 spec:
  endpoints:
    - path: /metrics
-      port: https # Ensure this is the name of the port that exposes HTTPS metrics
+      port: https
      scheme: https
      bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
      tlsConfig:
-        # TODO(user): The option insecureSkipVerify: true is not recommended for production since it disables
-        # certificate verification, exposing the system to potential man-in-the-middle attacks.
-        # For production environments, it is recommended to use cert-manager for automatic TLS certificate management.
-        # To apply this configuration, enable cert-manager and use the patch located at config/prometheus/servicemonitor_tls_patch.yaml,
-        # which securely references the certificate from the 'metrics-server-cert' secret.
        insecureSkipVerify: true
  selector:
    matchLabels:
      control-plane: controller-manager
-      app.kubernetes.io/name: open-feature-operator
--- a/config/prometheus/monitor_tls_patch.yaml
+++ b/config/prometheus/monitor_tls_patch.yaml
@ -1,22 +0,0 @@
-# Patch for Prometheus ServiceMonitor to enable secure TLS configuration
-# using certificates managed by cert-manager
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: controller-manager-metrics-monitor
-  namespace: system
-spec:
-  endpoints:
-    - tlsConfig:
-        insecureSkipVerify: false
-        ca:
-          secret:
-            name: metrics-server-cert
-            key: ca.crt
-        cert:
-          secret:
-            name: metrics-server-cert
-            key: tls.crt
-        keySecret:
-          name: metrics-server-cert
-          key: tls.key
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@ -8,9 +8,18 @@ rules:
  - ""
  resources:
  - configmaps
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
  - pods
-  - services
-  - services/finalizers
  verbs:
  - create
  - delete
@ -27,6 +36,14 @@ rules:
  - get
  - list
  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - create
+  - get
+  - list
 - apiGroups:
  - apps
  resources:
@ -39,12 +56,23 @@ rules:
  - patch
  - update
  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  - services/finalizers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
  - core.openfeature.dev
  resources:
  - featureflagsources
-  - flagds
-  - inprocessconfigurations
  verbs:
  - create
  - delete
@ -68,6 +96,18 @@ rules:
  - get
  - patch
  - update
+- apiGroups:
+  - core.openfeature.dev
+  resources:
+  - flagds
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
  - core.openfeature.dev
  resources:
@ -75,9 +115,9 @@ rules:
  verbs:
  - update
 - apiGroups:
-  - gateway.networking.k8s.io
+  - core.openfeature.dev
  resources:
-  - httproutes
+  - inprocessconfigurations
  verbs:
  - create
  - delete
@ -98,18 +138,6 @@ rules:
  - patch
  - update
  - watch
- apiGroups:
-  - policy
-  resources:
-  - poddisruptionbudgets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
  - rbac.authorization.k8s.io
  resourceNames:
--- a/Show More
+++ b/Show More