From d401b2d1a72c53dfacb4856cc40666cc1ab52300 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Fri, 10 Feb 2023 17:02:59 +0000
Subject: [PATCH 01/25] change odf channel

---
 values-hub.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/values-hub.yaml b/values-hub.yaml
index a34db075..9a698fcd 100644
--- a/values-hub.yaml
+++ b/values-hub.yaml
@@ -37,7 +37,7 @@ clusterGroup:
     odf:
       name: odf-operator
       namespace: openshift-storage
-      channel: stable-4.10
+      channel: stable-4.12
 
     quay:
       name: quay-operator

From 01cbd5bef77f63797dc7dd3fd2c66598bf0d07cf Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Mon, 13 Feb 2023 23:13:19 +0000
Subject: [PATCH 02/25] change odf channel

---
 values-global.yaml | 12 ++++++------
 values-hub.yaml    |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/values-global.yaml b/values-global.yaml
index 141c2da6..6b515371 100644
--- a/values-global.yaml
+++ b/values-global.yaml
@@ -14,23 +14,23 @@ global:
     namespace: "openshift-storage"
 
   imageregistry:
-    account: PLAINTEXT
+    account: mbuenviaje44
     hostname: quay.io
     type: quay
 
   git:
     hostname: github.com
-    account: PLAINTEXT
-    username: PLAINTEXT
-    email: SOMEWHERE@EXAMPLE.COM
+    account: migbuen44
+    username: migbuen44
+    email: migbuen44@gmail.com
     dev_revision: main
 
   quay:
     # Needs to be set consistently between hub and spoke clusters
     # TODO: Move back to the hub chart, store in a configmap, have an ACM policy distribute to spoke clusters, have spoke look up from configmap
     org:
-      name: devel
-      email: devel@myorg.com
+      name: mbuenviaje44
+      email: mbuenviaje@deloitte.com
     repo: example
   opp: false
 
diff --git a/values-hub.yaml b/values-hub.yaml
index 9a698fcd..a34db075 100644
--- a/values-hub.yaml
+++ b/values-hub.yaml
@@ -37,7 +37,7 @@ clusterGroup:
     odf:
       name: odf-operator
       namespace: openshift-storage
-      channel: stable-4.12
+      channel: stable-4.10
 
     quay:
       name: quay-operator

From f8e8da576caeee73c6fa4fc22c47d32d1c987627 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Tue, 21 Feb 2023 17:34:59 +0000
Subject: [PATCH 03/25] add dynatrace subscription

---
 values-hub.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/values-hub.yaml b/values-hub.yaml
index a34db075..f7e469cd 100644
--- a/values-hub.yaml
+++ b/values-hub.yaml
@@ -15,6 +15,7 @@ clusterGroup:
   - devsecops-ci
   - openshift-storage
   - quay-enterprise
+  - dynatrace
 
 #  subscriptions:  OpenShift Operator subscriptions from OLM/OperatorHub
 #  - name: the Operator package name (required)
@@ -44,6 +45,11 @@ clusterGroup:
       namespace: openshift-operators
       channel: stable-3.7
 
+    dynatrace:
+      name: dynatrace-operator
+      namespace: dynatrace
+      channel: alpha
+
 # The following section is used by
 # OpenShift GitOps (ArgoCD)
 # Projects are just ArgoCD groupings that can be filtered on.

From 81f43c2c33afad3b91308ea7747831752daecaaa Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Tue, 21 Feb 2023 17:45:23 +0000
Subject: [PATCH 04/25] update dynatrace sub channel

---
 values-hub.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/values-hub.yaml b/values-hub.yaml
index f7e469cd..d2861299 100644
--- a/values-hub.yaml
+++ b/values-hub.yaml
@@ -48,7 +48,7 @@ clusterGroup:
     dynatrace:
       name: dynatrace-operator
       namespace: dynatrace
-      channel: alpha
+      channel: alpha-0.10.2
 
 # The following section is used by
 # OpenShift GitOps (ArgoCD)

From 906d36ca9049b8a7c5dbc58b9e652cb4fc66ae51 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Tue, 21 Feb 2023 20:39:12 +0000
Subject: [PATCH 05/25] update dynatrace subscription channel

---
 values-hub.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/values-hub.yaml b/values-hub.yaml
index d2861299..f7e469cd 100644
--- a/values-hub.yaml
+++ b/values-hub.yaml
@@ -48,7 +48,7 @@ clusterGroup:
     dynatrace:
       name: dynatrace-operator
       namespace: dynatrace
-      channel: alpha-0.10.2
+      channel: alpha
 
 # The following section is used by
 # OpenShift GitOps (ArgoCD)

From e934d795afac44f0ddd6e7beb4d926c14d1f06b9 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Tue, 21 Feb 2023 20:48:21 +0000
Subject: [PATCH 06/25] change dynatrace subscription package name

---
 values-hub.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/values-hub.yaml b/values-hub.yaml
index f7e469cd..d3b9abbf 100644
--- a/values-hub.yaml
+++ b/values-hub.yaml
@@ -46,7 +46,7 @@ clusterGroup:
       channel: stable-3.7
 
     dynatrace:
-      name: dynatrace-operator
+      name: dynatrace
       namespace: dynatrace
       channel: alpha
 

From 8246b37cf8e1a6b5c857e5cb07e486bd4c5f3bcc Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Tue, 21 Feb 2023 21:02:31 +0000
Subject: [PATCH 07/25] add dynatrace application

---
 charts/hub/dynatrace/default/.helmignore      |   25 +
 charts/hub/dynatrace/default/Chart.yaml       |   32 +
 charts/hub/dynatrace/default/README.md        |   33 +
 charts/hub/dynatrace/default/app-readme.md    |    5 +
 charts/hub/dynatrace/default/logo.png         |  Bin 0 -> 9908 bytes
 charts/hub/dynatrace/default/questions.yml    |  250 ++
 .../activegate/clusterrole-activegate.yaml    |   35 +
 .../clusterrolebinding-activegate.yaml        |   32 +
 .../activegate/serviceaccount-activegate.yaml |   23 +
 .../Common/crd/dynatrace-operator-crd.yaml    | 3604 +++++++++++++++++
 .../templates/Common/csi/clusterrole-csi.yaml |   65 +
 .../Common/csi/clusterrolebinding-csi.yaml    |   30 +
 .../templates/Common/csi/csidriver.yaml       |   27 +
 .../templates/Common/csi/daemonset.yaml       |  289 ++
 .../templates/Common/csi/priority-class.yaml  |   24 +
 .../templates/Common/csi/role-csi.yaml        |   70 +
 .../templates/Common/csi/rolebinding-csi.yaml |   31 +
 .../Common/csi/serviceaccount-csi.yaml        |   23 +
 .../clusterrole-kubernetes-monitoring.yaml    |   94 +
 ...sterrolebinding-kubernetes-monitoring.yaml |   30 +
 .../serviceaccount-kubernetes-monitoring.yaml |   23 +
 .../clusterrole-oneagent-privileged.yaml      |   32 +
 .../clusterrole-oneagent-unprivileged.yaml    |   32 +
 ...lusterrolebinding-oneagent-privileged.yaml |   30 +
 ...sterrolebinding-oneagent-unprivileged.yaml |   30 +
 .../serviceaccount-oneagent-privileged.yaml   |   29 +
 .../serviceaccount-oneagent-unprivileged.yaml |   29 +
 .../Common/operator/clusterrole-operator.yaml |  104 +
 .../operator/clusterrolebinding-operator.yaml |   30 +
 .../Common/operator/deployment-operator.yaml  |  141 +
 .../Common/operator/role-operator.yaml        |  165 +
 .../Common/operator/rolebinding-operator.yaml |   30 +
 .../operator/serviceaccount-operator.yaml     |   29 +
 .../Common/webhook/clusterrole-webhook.yaml   |   97 +
 .../webhook/clusterrolebinding-webhook.yaml   |   30 +
 .../Common/webhook/deployment-webhook.yaml    |  154 +
 .../webhook/mutatingwebhookconfiguration.yaml |   61 +
 .../webhook/poddisruptionbudget-webhook.yaml  |   13 +
 .../Common/webhook/role-webhook.yaml          |   74 +
 .../Common/webhook/rolebinding-webhook.yaml   |   31 +
 .../templates/Common/webhook/service.yaml     |   30 +
 .../webhook/serviceaccount-webhook.yaml       |   29 +
 .../validatingwebhookconfiguration.yaml       |   45 +
 .../hub/dynatrace/default/templates/NOTES.txt |   10 +
 .../securitycontextconstraints.yaml           |   49 +
 .../securitycontextconstraints-csidriver.yaml |   49 +
 ...securitycontextconstraints-privileged.yaml |   66 +
 ...curitycontextconstraints-unprivileged.yaml |   66 +
 .../operator/securitycontextconstraints.yaml  |   49 +
 .../webhook/securitycontextconstraints.yaml   |   49 +
 .../default/templates/_csidriver.tpl          |   74 +
 .../dynatrace/default/templates/_helpers.tpl  |   73 +
 .../dynatrace/default/templates/_labels.tpl   |   99 +
 .../default/templates/application.yaml        |   99 +
 .../Common/csi/clusterrole-csi_test.yaml      |   78 +
 .../csi/clusterrolebinding-csi_test.yaml      |   36 +
 .../tests/Common/csi/daemonset_test.yaml      |  489 +++
 .../tests/Common/csi/priority-class_test.yaml |   43 +
 .../tests/Common/csi/role-csi_test.yaml       |   85 +
 .../Common/csi/rolebinding-csi_test.yaml      |   36 +
 ...lusterrole-kubernetes-monitoring_test.yaml |   95 +
 ...olebinding-kubernetes-monitoring_test.yaml |   27 +
 ...iceaccount-kubernetes-monitoring_test.yaml |   18 +
 ...iceaccount-oneagent-unprivileged_test.yaml |   34 +
 .../clusterrolebinding-operator_test.yaml     |   27 +
 .../operator/deployment-operator_test.yaml    |  416 ++
 .../Common/operator/role-operator_test.yaml   |  159 +
 .../operator/rolebinding-operator_test.yaml   |   29 +
 .../serviceaccount-operator_test.yaml         |   38 +
 .../webhook/clusterrole-webhook_test.yaml     |  101 +
 .../clusterrolebinding-webhook_test.yaml      |   27 +
 .../webhook/deployment-webhook_test.yaml      |  477 +++
 .../mutatingwebhookconfiguration_test.yaml    |   56 +
 .../Common/webhook/role-webhook_test.yaml     |  138 +
 .../webhook/rolebinding-webhook_test.yaml     |   28 +
 .../tests/Common/webhook/service_test.yaml    |   43 +
 .../webhook/serviceaccount-webhook_test.yaml  |   34 +
 .../tests/Google/application_test.yaml        |   31 +
 ...ycontextconstraints-unprivileged_test.yaml |  113 +
 charts/hub/dynatrace/default/values.yaml      |  100 +
 values-hub.yaml                               |    6 +
 81 files changed, 9437 insertions(+)
 create mode 100644 charts/hub/dynatrace/default/.helmignore
 create mode 100644 charts/hub/dynatrace/default/Chart.yaml
 create mode 100644 charts/hub/dynatrace/default/README.md
 create mode 100644 charts/hub/dynatrace/default/app-readme.md
 create mode 100644 charts/hub/dynatrace/default/logo.png
 create mode 100644 charts/hub/dynatrace/default/questions.yml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/activegate/clusterrole-activegate.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/activegate/clusterrolebinding-activegate.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/activegate/serviceaccount-activegate.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/crd/dynatrace-operator-crd.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/csi/clusterrole-csi.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/csi/clusterrolebinding-csi.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/csi/csidriver.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/csi/daemonset.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/csi/priority-class.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/csi/role-csi.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/csi/rolebinding-csi.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/csi/serviceaccount-csi.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/oneagent/clusterrole-oneagent-privileged.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/oneagent/clusterrole-oneagent-unprivileged.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/oneagent/clusterrolebinding-oneagent-privileged.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/oneagent/clusterrolebinding-oneagent-unprivileged.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/operator/clusterrole-operator.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/operator/clusterrolebinding-operator.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/operator/deployment-operator.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/operator/role-operator.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/operator/rolebinding-operator.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/operator/serviceaccount-operator.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/webhook/clusterrole-webhook.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/webhook/clusterrolebinding-webhook.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/webhook/deployment-webhook.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/webhook/mutatingwebhookconfiguration.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/webhook/poddisruptionbudget-webhook.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/webhook/role-webhook.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/webhook/rolebinding-webhook.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/webhook/service.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/webhook/serviceaccount-webhook.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Common/webhook/validatingwebhookconfiguration.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/NOTES.txt
 create mode 100644 charts/hub/dynatrace/default/templates/Openshift/activegate/securitycontextconstraints.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Openshift/csi/securitycontextconstraints-csidriver.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Openshift/oneagent/securitycontextconstraints-privileged.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Openshift/operator/securitycontextconstraints.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/Openshift/webhook/securitycontextconstraints.yaml
 create mode 100644 charts/hub/dynatrace/default/templates/_csidriver.tpl
 create mode 100644 charts/hub/dynatrace/default/templates/_helpers.tpl
 create mode 100644 charts/hub/dynatrace/default/templates/_labels.tpl
 create mode 100644 charts/hub/dynatrace/default/templates/application.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/csi/clusterrole-csi_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/csi/clusterrolebinding-csi_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/csi/daemonset_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/csi/priority-class_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/csi/role-csi_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/csi/rolebinding-csi_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/oneagent/serviceaccount-oneagent-unprivileged_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/operator/clusterrolebinding-operator_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/operator/deployment-operator_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/operator/role-operator_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/operator/rolebinding-operator_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/operator/serviceaccount-operator_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/webhook/clusterrole-webhook_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/webhook/clusterrolebinding-webhook_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/webhook/deployment-webhook_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/webhook/mutatingwebhookconfiguration_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/webhook/role-webhook_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/webhook/rolebinding-webhook_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/webhook/service_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Common/webhook/serviceaccount-webhook_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Google/application_test.yaml
 create mode 100644 charts/hub/dynatrace/default/tests/Openshift/oneagent/securitycontextconstraints-unprivileged_test.yaml
 create mode 100644 charts/hub/dynatrace/default/values.yaml

diff --git a/charts/hub/dynatrace/default/.helmignore b/charts/hub/dynatrace/default/.helmignore
new file mode 100644
index 00000000..98229532
--- /dev/null
+++ b/charts/hub/dynatrace/default/.helmignore
@@ -0,0 +1,25 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+
+tests/
diff --git a/charts/hub/dynatrace/default/Chart.yaml b/charts/hub/dynatrace/default/Chart.yaml
new file mode 100644
index 00000000..1a624f48
--- /dev/null
+++ b/charts/hub/dynatrace/default/Chart.yaml
@@ -0,0 +1,32 @@
+# Copyright 2020 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: dynatrace-operator
+description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift
+icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png
+home: https://www.dynatrace.com/
+type: application
+version: 0.0.0-snapshot
+appVersion: 0.0.0-snapshot
+kubeVersion: '>=1.21.0-0'
+maintainers:
+- name: 0sewa0
+  email: marcell.sevcsik@dynatrace.com
+- name: chrismuellner
+  email: christoph.muellner@dynatrace.com
+- name: luhi-DT
+  email: lukas.hinterreiter@dynatrace.com
+sources:
+- https://github.com/Dynatrace/dynatrace-operator
diff --git a/charts/hub/dynatrace/default/README.md b/charts/hub/dynatrace/default/README.md
new file mode 100644
index 00000000..9e21adbd
--- /dev/null
+++ b/charts/hub/dynatrace/default/README.md
@@ -0,0 +1,33 @@
+# Dynatrace Operator Helm Chart
+
+The Dynatrace Operator supports rollout and lifecycle of various Dynatrace components in Kubernetes and OpenShift.
+
+This Helm Chart requires Helm 3.
+
+## Quick Start
+Migration instructions can be found in the [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-dto-helm#migrate).
+
+Install the Dynatrace Operator via Helm by running the following commands.
+
+### Installation
+
+> For instructions on how to install the dynatrace-operator on Openshift, head to the
+> [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-helm)
+
+Add `dynatrace` helm repository:
+```
+helm repo add dynatrace https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/main/config/helm/repos/stable
+```
+
+Install `dynatrace-operator` helm chart and create the corresponding `dynatrace` namespace:
+```console
+helm install dynatrace-operator dynatrace/dynatrace-operator -n dynatrace --create-namespace --atomic
+```
+
+## Uninstall chart
+> Full instructions can be found in the [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-helm#uninstall-dynatrace-operator)
+
+Uninstall the Dynatrace Operator by running the following command:
+```console
+helm uninstall dynatrace-operator -n dynatrace
+```
diff --git a/charts/hub/dynatrace/default/app-readme.md b/charts/hub/dynatrace/default/app-readme.md
new file mode 100644
index 00000000..844c96dd
--- /dev/null
+++ b/charts/hub/dynatrace/default/app-readme.md
@@ -0,0 +1,5 @@
+# Dynatrace Operator
+
+The Dynatrace Operator supports rollout and lifecycle of various Dynatrace components in Kubernetes and OpenShift.
+
+As of launch, the Dynatrace Operator can be used to deploy a containerized ActiveGate for Kubernetes API monitoring. New capabilities will be added to the Dynatrace Operator over time including metric routing, and API monitoring for AWS, Azure, GCP, and vSphere.
diff --git a/charts/hub/dynatrace/default/logo.png b/charts/hub/dynatrace/default/logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..6714eb8a59509d9513133b43b2de290f73be9c18
GIT binary patch
literal 9908
zcmYj%c|27A_y22#u?!l?E=H*kp(IM0@s_kAN~kOqDnhHhJ7sHEy(=UQZ6sT~C83!{
zsqAU7r7>k+r)-1k-tX(`^Lspgf8@^0z305nd7kBUU(eG;M|(RtsyY<_Ah%`nMkfHs
z@FN*WNx;ik=$C1Dkq+MMb`k)Y1;jrRxO-0({-}1!*7cNgkngDw?-M@2`cTjTAMGv2
zy#0Kfe7p~Z9slUF9)M-mTQ*wn3T+*1-+yIalQ&&hT8duR+q=)!<+Ju3i@@m3F{vjs
z$DXdN@;)bV`m#%;^FqZ2g&qD<l;!Ha10c#I^=#QKrppSd*bbQ?^6%(2@)NB~-;4$F
zE{@{IZ|{FdIhGL{mz7ib;LwVt&M!6_6;B%aWqvxr@E!hcd2-l_!(OR%Qz5b1^x+gf
zQqptZvaqBinPfR*jQc$qFUEfQHf;twOdo>l!7q(F9R#1M=tJmAHp5=__ujmogs<n=
zc_WjfWgD~Ak26Uuea+e)hl~hsx|UtWSkAs$diyzc$Qc7#*zw-bE<gd7VzC1w$FsYU
z)Hgr#qwaX;>t%Pp^KO4e(*uuGQNd<B0JBIIIm+IN8xCZ=s3R$Y%m`t;&g`h1MQcL3
zNsL<D_z>faJ6RFPqenFM$+onoTezZ9RIp1K^;W{2e6tv5qD^H|haSJlChGx{0Ac;)
zH4)of{SrA1T;C)r9?j^gIfYbxD=5uSdu6F8vB#Q4W{OoX7LFq=n@wV{0A9z^f44%>
zFNUI?2)kJa4Y{rVMJ-Fm^I7vLV6hY)>mg#BsBdo`*Yu^mxSwMOo$jw-L^f!dsc-Br
zIL{)3t~kUJd8LOQVOsa**}R+_R1~9v!G+l6sn3@;osSzZ-ZjV=zAb)PaVL<+ye7PY
zC%EMrj_~vKd`w9;wdN^B5yUXAM+G1CKApcrPf`!ORmHp+NZT~;l<&NIE{?!!xqx$z
zVdcL>`_hR9_S)VFB*6Ls8Sv<hr=s@iH{Z1i-fB$(0$Sgzb&k{;bv=;pCybApO^jhI
zG57b%IY(yx6wo(F4Gz%y)c5%}c*gXeI!|T^B^8V$W(^cyl^<wWX-I|YHh+#9kX00;
zKvjAYm!MdTfF9UWYKWfGSB~E8FRKWa(J=voSv*QP;PpG5Q1P<o#Dt()>EGt}OcGNh
z_I+fUyWJXjk@gV4n~keO)zkm|8hTQP!dg{<tUPJysomak-rhr^uBj{K{`jj!D5+Ax
zcfG@euS5;dMo9`MmNBM1T_85#h}38Na+t_7yUjconAnThwd}JnGo|B^(%cAXJ)kIu
zchw9<k_4V@S7QhOnFj=Ub2?;kt`AEJVF|L$mZG&pPQ<rO#VO_LUX{2WDl+fZB2hs_
z45ACIVT#QAC9Db8wVw<35X(x(Azt&fdGwC6#%61wbiT8wG}ZX}tJ~{EDk)gvF5;Ps
zu^htn%_gW4vF>>R-Bnx<ZG-rIS8<X-OaYHkCh%OXz~t3+!odCX+(&{^JchMBNeTf1
zdh*G{YxO+|qjT$~3TZNh6`GQ5yRo&BWwe`A{4v@WrbAlNAC6h1#v{6agfzaVYf@Bp
z6{A|6b&ALMuifve`1N2>d`{FJe+4WmVV}k6$2W&Aq>|@WsT0zav!+dzU=X#@U$VHD
z2N9Un#;8hRx%t6o0TSHBTwe)J+Z6ff-s)i^(ZD7xY-a!MuTF$(74eA0AJ2qwjfJaF
zgB9R^2K$K&00dOLf{__u3@B-80=@#q5+-aw6AQ?e&$~H!H{IaRn1Ih;<s=e&>i*PP
zWbF4Y<Ur0N;41El3u$(k9Yp`AsOJqwb=16B20w1}aTxiQLYTHh0kdA3Lehs(V2a*r
zV6$qh#<dhjj*u24S}LGP;fJF+gU<?<CzBjOzY1ooF0JkD_ebbyuZJ3>kb<dDg%lnN
zZ97!C=P%Gdgd@moqaW-h1O__u@cWHTBt39E9xo6|#voq=^lLSxZsRG>Z*LIun(y^p
zfM?$T3a70~OH27jJK<ea_xSERYID*HWbm!N;IF1%^N7#)$QN`)6_-nwpd^7Ys=HDw
z4ZK}|3FNx2orRc~L!A3o)EJcqTToy|KRLDn`7Z{4&9~V`*tUa;2X}Ie(8<RTP#|Et
zLS*Hn@%*HNyG3F=Pm#kj2$%)T2|FyXM}}|<S$laT%a8({{PJz97J7Ll5`7~M>7#J<
z{|1<br+ukq{m(w)%jturDJdyG?tG0yLMuui(qR(FVe5w8PJf7X-m}%s(pv)RdZdM=
zW^ZWAPkga7pA5~+I`L$gfZe&Yg$ffpb2*wAi}bZpnPmdRWzMembsLC22Nk9o6AEz`
z?9}s0foH2Mix97p5A2Cp^G6u6<puF|>pc8SXYuH<t)kMu(GgETx6N2KOJ#-%<87A+
z);Df>2unf0ux7su?%&!Z%N^r!bReAc)1u-+-}|FMw}0CzvVIB>-eGX@m3y?%vxaTt
zQ@c;Nr)tMJ!dH_^Md)+KXkpNwvxbii#dpCv<mwTDYdSb9u|NuM)B_c<$l<;FVg4Wj
z`neZmlM({dHP=84QYHw}n3&%pwOJ%K*mVN4&<umwdSvLmQ<XX(fFAT++TAv_OdWG`
zE9q3^)(QB^FxyqI`FQ(YDsxIe{~_E_ent^CkBVj(2i8mlf3X6Qx~Smh;Nu!A*UBHV
zA7mkry%FgW0{(n#Z>5LSVFGq>B5!l8MQsU>mwc=Tusi%sBL64HB)rOC!iPF<Ay)E*
z{=i&Xf~v&ex!FYG=#<`PD31y`uF(+WiMmRy#N^uA9Rk{Q7g4beCpAw<uhUVn->+Y0
zdvcX2fVrcMYCK`M#4dSGtSf~m7{KyMQx+iZqJ-=mqMF;YziOi@qZvU`_{XDz>a6wX
z-l@;FM7`CHyK>%mh}y2?B;6qgBO=QLaR_1_7)(E&F=v>=Th|crfL(-LMN;@EkE3`n
z^=IIA;(N<BGby|a?W^|4>hphV&k7U8SKHl*Wn9lEI_N=6B0><P`|U*3H1DZFY_2eK
zR+gy+YiH!oe5ObSS5)$lbQ~Zz$RIs804y#g*8Hy%tC#|sd<bkEbe?_;{@Ej|DrP(=
zcDUcQnyAq0QIF>^{+-n>%Yseq(Eo$@;%Nv(?3bf|{on9t>N1Fhpz1y+GV}orH&H5I
zj_T$LL+#2X(n2ixu+=OX{Qr6`d)D>nlGaoZA>e;ncJ6HjBVedheZX7~edu`DoU7+B
z*URf0s5xR6a_5TK;lNy#E=E;ikzLdwiu?|e>Pr|INv9&^4K@Dqm@yTfzWj4J>zr^h
zj_fp#=mZ|o!uLd`$Ya~xX1~p;sXw)SE<Wxt_)THLkB_a2tRF*>5W#}m>M{5UY^*FX
zD|y-L1zyHz(H8AKVSO~RvO6eW1$*J0mtbdf@6{@&<a@n;mF_ywX+T=$G8Z&mtpzQT
z+BCdy>hp+tAX8)q)77cqvfCSq&&HKv4HvUuI_B*lKb`qU3)^-h9+9G1KL6JAA%e8a
z9m?OJM&!^6zxGdG$34D!9xQ&rV01SfrcI?UR;)a^jE4IN90HcZ9Ahg~gcZvVO=wMi
zWCUBv(KGb0vr|Y<4*JyWpEpVM!=Bk+I&UsQlW$FAas*6UIu&k<Bkkc95ko@`?K4v;
z=34c+?V$(WBbewQG982u=b``N_n406?%4E@JFik-zf|$^gcc*=`9>+^flL1eP!2bD
zbM$lEi`PHOe*Z>)zb$WgJw1{4ea0^@2U#95(p@om_H5TxPlJidh>kb>(9z5EsaKzT
z$)*e1{4^yl+la=OuUT^03LSdey51j_kXoM;w~@+(=zf%nn!L&>IOs)-oBEnVcNi}0
z$U&x?uk4BYu(hJ&)uoAfUEWCr^7h`T*TQ_aiOlzSfKAi;tQ;E=3m$S_BBN0<qa{PF
z*D)mQFfG@#Z*Vls+?CoLQ79)kex|KyKDN<+5N5FF{Wni1u^Zu1BH`g(nf0}^V>x`R
zM91T}Ja(&p0W_%3{)B|r77-13``S5Q#VWyr-@116bqGZY+1gZf#`D(RKvI4y9{q6Q
z&ASt`Cx@R1LaOnW;w$9shNy~ZTfVa|sds3I-zyxUm&i;uYH(??WGMvhrkO9mm`n9H
zY{z)(v~KY~W%TaZBUAaAxeP0~Y3>9C5tlKeZ!0@yo^@)LJG2ZA+D60h_AOr}mVb|N
z?VYf8vYsOo3Iq;o8aFX@lvrplernC*{TQ!gQhrcyFA`6Fb$9B;O4e2$V_{lLoYj7v
zcI|*(vPpjJ$i|qync%SR1`JU^c;ZL1?<t;<y*>{K?dm=f9g!}-%^ocp<BazQ9m0P}
zBA*wp2ZH*;RSZf)>GR6b+Y9A>h(fid*=^Lb>Fj^H*5?PxGeyo9Z_I0qPbIk;&6LXa
zjB%!B>wD~G*yA^0nJx?9N02)0@FBF%$qnhK&f8FU`oEE~vstD<5+BSluEo!vV?965
zw{mT+%`k=q^hNGzTr$bR^V@vf9P42yqfgE2T3SZbDDv1Y-(CaKyup)W{3^Enwb9g=
zlc?v+zle7he0N!JW7Zc`uA9cYC-FDmc5-%vsV0#{BNC(-#_c}-)bmhM@BT^TRqsxG
zWcCwhWqbWRiuTM6Yu1el&h7U0^ZP}GY$tnCjF3LnFngPhT^;0i2}UyMX}4hLK2143
z-Zi7dx)C|#fVoZ7jzs;)EO=(l5#3ly09PejuGVmkl4d^3XuOYeChhR>fj=8y-8!32
z=(ExjFn;NH@Pskmalk65&eT#Ra7P5+xV~lx9k|`v{9(<=_m(MktS6^Xa7^xqn*z4$
zNHMt~cfW{k5o%s$6C4jXGykIR>8O(5yiUgb<ckyURHrQ4UZy6-9n)Cb{<<XO`3J<|
zMSZu!*YZs-ND`T@{);Icu|YZ8m!UR?d#ukIe~);x!PIgzo#kM!8eMXXb4J)9e7D$`
zoKhSVWFQ$bY&`F?p&YpK(^WujXhZ$@#`1MjiD#2N8NC&-GA3F|dJ|gxSJ0c1-|+Ht
z*4GT04>YiksTwLo+=)$QtDRDH*VQ<wvqtr_gcn~a#ygtrq>O4p+ga1;49gy+r=PPc
znBGY({$~U~j$BNxmXJ?#_x_wIlaV_ZQFXeLEI%=Zw;JGO9iO_>X|WqF))+-PD!%sj
z0?W<61hQam=l2Hnb=?+lVohQZJ=$z^JY)S=S+M=9J;kfZU#j8(Cn`iV5R26aBo}rS
z?td@OZE%qz{c8j)>%d@$0YBL$zR(Z}uo5#dO00F-WoZyf?Rag2Hhp81>;`9KF?2K1
z{YFPwNMhFdf#C&#!#X0hrlOvEWRSUoB$bFp9WG>xNfx%mZ}^FB0B?_EYLJJLe|mq#
zJHFsGHxdq+($*h7Ov>_;1GaLfZPKhpLKoyt^4-T7mWj1mQ5!|3*UW4{MQL#VrDq`X
zORgyh`XLgvw`1M&4i(bs+pekDnF9S95IH)-R>6QHLzk+;3LeJy=AAW4neDCMu?tSg
zk(lex7=k>sqp-z+#t<kl6aniIm79QFE1w~yJ*nHj?)AuH)}#{4WEQWQHr+(?g00YI
z=ZukfSsp0+gJUnAB3TV9#Z6Z2sdr4Cp>jiz$i_^-JZcJzIlm|6G{Bd(UVo6b_{l2L
z;s?NFe$)Nx0Do#406^)eJ^*Pz4{U$8+Xl$1P*_`f)yaBqTh*Wq;w9m65B5n&0qJ$_
zk3e(8-Gbyw@e4Kf6z;7BKBM=^neb!`js|k}k_`Z8*bWa}pTC)jgX24aBY>~<AZ?L5
zWO?)e6)fmk#bkZZ1G|P>Pp%=8;ceEIU^Q*9<ijQ=;9?Z+`4v^CzRH6y4}ojGZSt!)
zKt0K<+$aOU@nB}9h5d3U09hi)O+53Lf~ukNWu4z2|5`x-pz$H}V{RSCMH<QA%Oh|~
zR%U6z4QcM!e>H?0^pjZy-3eWx3ds)ESd9j}0IyvuD6FS1C+<DlN~qJOS}FmJVh9?g
z1KJo!Vk!DTVc(=Z@Sc^fB6uQrwFq4Jm(0AKtqV^}05UKDzMbqdTMZnM9wSXp)yLqJ
zoElioL-pXT!zS<#)C)O{-_4Ss(lkiQ5oGFw+==;Zs7lTXr<XvJ?;d;fjCkm<Ne1!c
z{{$eW8IK9W^ZiJ@s>a~3ktqOXmM6q0tme~lq$^!Xi<l(%^#26B{BqJ|xJ5nt;DU0;
zYh;Od5@<136N%%c2yJbIt0%dTUIvB&?Q(Md(YXr%tGOlH-nT(J{wHAA8pk@K#JVOR
z0k|Sm0b@s8xUK<|?aA&B6<ODQlatiV#SR>WYaJ%sB#;{?=M##blY@uW7K=$FJ@^-@
zsf7sr)eNq#0DI)-gD)QbU&sw+zTn@}!;QaR?DT3SlxP!5SToJCQb55FtPvw8mEBo1
zcZ&kxEh1AkDYLFEIv~5k2E@Y9)qpg>3|E$gOauG`z*iM80|0Y2b>UO6FQU$#1y)A7
zRy=~iBjh(f2H9%MSRXAy`d(Ur3r~QnBrsV!0krRuf$iFxFp$AZ#F(j6=6e&;_U+a3
zUJ?YXP%vp9DOd@BC9dE*4S1a}yuTDma64Z{DpOdkCv6t6)Kvfs+OiBEsS6Ll%cUmV
zjhd$7Z&!&y8F!GYu^ep9gNrd2B}9F_<g5CPKzh@;W-3tZy6em8+v^O0vl_6KVZLuB
z?W((?w%g5249FY%`(|$4L-J~Lj{|A1O~L+y@nmrOB$c(5AR=I*zpd5>S;1i$o~NMu
zcXLebNx=+o>8Ki6^{zA6B{(1;f?!E<+T8q4_(v0N!!>ns6}IqoaDP?5g(+}cg0@xZ
zFeB~ohswZQ{DAA8SjLrZSVvFrr#vS$3O9ajh1ARrV<|*6*#PLxdIc2s;X7r3EIfmM
z;6K>O>a*lDF$khYKK{j`w2gxQX5SS+>_Qi#q@&(_@Z2%r3o;vh1hmKb60B7T*krl*
z4D0v-S%Wa4vATp_>@$$m{0YxA1)2vh2_-MIehv5_*L;u66xl3vk7Fs^)9mi`guI2#
z`fF<B%2R7;_~i<$+D3(i+HejA{5yFb$~d`-%o}?OZCSDd+qJOjI8s%}-*npU-OsVC
z3Q`@1=|mhLeiqz}$3L(?L04x=WstPU6*f$3Z=Dx~wr3yOvZN4Lju|EfNO<#Z{FgE)
zEq^@vL;(ZG{S(4}Aos`}icEFlaB9**J7L4UP&at`8Gkty9EssPkc20ugsAIl`h8gY
ze;J_}U4x#};mrn7D@!AmXSGFS8%Oo1#m2t!S0gV|!>Hgi6+d%k^2ay35Ru<3J$Jmy
zI&=&-dRET%3)|Tn`t;(h{UG_UNRnU{Z1C!YsM7=Mzb?(Qei+lR@5*|#VkdriDbi9c
z#?Ug9n55e1m4zK~41f9s=2OKn7JrSx_EqR*MG*9*I~LMQ2^0O-F7Y^58ci&!^FP<u
zTI4_DhyP(jF2e_Bs|D}l;a1E!)tS5vZ^$(HD5RHwv8~)EP5+2=RWTo_;=b=29yZjT
z*--T2V3_0bC-UDo=m`5GW9+Q=OkNK=mEBsi207AZtkvFJ_PKRpMDxeXlQVDHUt@v{
zk9w`y#%&UJQv*`(YlajN9G=6k)9oW>`)fDx>kk&+Ty<oK%*nVt#Nis%1l;e%JBKua
z{EF8E+7B9!H{>C@meVDSv0<MF0=i;}nq!iLRbSD3OeqeZnmg{^NLBsG|IHuX;OpnR
zY^FyujGt!uTgVR|QR{hBwhK}i%GmbL=Sn{QSaN#!;E4LEWm=f69|(}#=RhQ0B`P<;
z!`+OPwkXY`u=Hb)Pii0~7aqH5OOuaNS*5(bme?(^#IG?NVf@X7k?4wOuKUOb<bmm+
zEtT2izZBg@#qy`u5hvv352QOwY^HF&iTvtyX!PO?*uBC<TjdCnWs6(07!WY73XRu^
zG10oWk(T^(LWbZmIR-y<Wxd#S$!+fkmZ7nXTfyQJZ&M@|?J(Y933*V$66Zq;(w5|O
zLJIHQOkT%G>9Cn1rW1#s7iP?xSEqUJJ9|9F0MaY7R8~3oIlrn|UqI_hO73vsLOKIq
z4JkcH1n!;LwD*Gq56?`L*-*2F%j3&JUc$)`BrFHgp^GYobUz91Ea9W19X>cj6wmXs
zCm~Ld^x^Cgv6Zp>`cH}Q1n=(-dAOu&IVrXqwFsu&Jcd!UVI4d58CoB_KwH2VSLi>T
zwObUggCF+u3>V-J5-+_<NlmU^^9SGEm$riy!+}ULmbk9E_I<S!k8_ry-L0*F@#y_r
zS?0r-A~$xfvnat-tO1wNK_QQRrB0o-DHdsN;+!%4^-B?Ckg|%LqJ^|$lVQe6ib<r<
z@6Z?Il_B}cYIL;2^U9RQU@Ttfv0N{>v#ZxrMDUz8=k4%7@)FeF0~m@cVhx*jkBD`k
zNKTH~A~gEAJ>(~)V-YQMbn5dv^myYo+ff;Az++Fo5-6hKn>yLf;JE0Yxd^5|I`6IF
zCGZ?o169Z2(Yp)M0@B7xx5nN)15)@pNGqj({e52^W5L5E+m&EgDKgxLROXI-fk#D>
zzwVP?-ep`1OIU4$suYyUU}Y~ldKtTk99%PHY!OK6rCz)du-{UBYA8}Ae2#|P9of4a
z($@-5G*~}PD7i@=7?Bh)Ie4KcVq87?t2HDA;;R(mCH{h>jP1||nj^`r@%RIwq$#*)
z`LDZ3at%4F&RrQFimcGUY>kz+*QM)vnoIqT#ZTPyIaR~wkN=pDu^u9X#UI4%A(h0v
zeh*i{cHAXN<wnq@5icZA%n(g+0sE+~Y@(P<YSlml*zRWGWwjI?DUixvXt0uB7ov@_
z$DQ7cHA{r{3+NN$Ar0<7Wtny&8N};?ju9ki%(LfmS=Jfmk31%40G`gvf-cQ)ql8ba
z<+0z2jS8<fT{0KHv<?Q6T|a#P?pnc$dB-i#TXL*rhK4mBir80WR^WkyXXaQB+7;eX
z)&d&jaz?HdMX1gwG7qGXq>(iFL_ozWm00%`*N7=#Om70P9V@^N#{0$Sx#us%9Yy9v
zVD)KkUK1qY3Q7k|Vi<4tL6eA$$+N@C?WZjFvz#oRUljCTp+@-}fnI)l(VvGa5`l})
zQW|DkVN$NfTBbDxHx0!(<wiggGG^yeOQ7x)h@VdkvR7nNKDSf}SS?u2dIqUEVH~6!
z(*r3TE26d06gTjvA$z8(I(X^>%q`qD$SqSKnd1z6*6N_YQb@h=hxb=-G*4cfk2wa#
z-~Uf4|B=vhjqGt{*19^#A#gu&;LxP<ixT!Y9(NPa#=B9D5KagcI4<yIrP-|i6y(x>
z2<yWy^E%sqyxjjIJ{$H24q5){|G2<d#`dPv+S<m~cbq|N%(eoD9sz%)B0)hP{b<CB
z<uL{aI7jueZa1n!qHp`XHXwsn60B)!)ZjB7$BUTj7)c|Cy-1-17g@`Osj^8Fg8prE
z>0tpRL)3XWX#aqng`^<EGaB}}94Wc=)9{ph#Z17^l-!DiuiWpV!b99dVh>*xmUv5e
z6$m(idi@MB`EAh)VB9o9s`LTuU&vO9cAUzp31N^lvbll;6X`vQ1vJPqT{jja#pCZT
zR3Pap1ZOWzv>&z;De0TctD^I(|Flg}k<AzSaLr@KDvVGKSMU#T@HU42-104abd0qF
z=ljitQ$C@E`nvlx3}Je1;IZ$^y9O49_s2^(i*)yZWlEK&rSQ)@y25O*)rrsAQg|no
zyQFT2U~pkMX~03?AsP?_NocnVkxy+hji;Fq4_~lc8b7?}Iu*$*-mCG;p}k%!jFA#$
z(&r5Pi1r8h&Yq41L62dN{XsbbbNYb*@eqkw^FHG|Mi=>d{HYd7$7A&v$oeBKZPNXD
zSE7JIyBJf{l#}T)b~>*+;o#E9)VWY<aXmzgfgJJLVE<ne&7L}Mh&ZdUBC3)gWx}*d
z$ZpgJ-i$lWJWrBdA*{c&`}C~7eWd&%wY^%HW?uM?%SU4<+WiEVxdEXH@c)WwtLtAT
zl9rvIFd68c@`H-3p-ZpzUtf>MonTJ24oe4VdcCK8?RLOr5Q>+Bt;-<$V+9e#BFypF
zgc9I!th3z3O!`x7L}Jb%qZ6W@VU0)%_b$xW3A3MOGd%j?I$5Tv3=96S=|l-hz|lq*
zX{NM<rU0`sD(kE$FCu<*cD8+Ay<E=?dzhARq6J4EOMXsN<~%=(h~>f8OJ6|k8=Q|F
z6VO%<U&wNUs6p=nq7sA&6YFmZ<8S$a$~K9Y)_cG{WlUP}8<jHw8%=*_U6MKZ=m#Z0
zblh<BB$BFKv9Exmhc1Fgl$GB`7-O9SJUYdz;{_MaN#?3jKs(a*(zy)Od_|@`;lQZt
zbvkU!?dou7oL{>#1NT3Rd5Uy18>@kTupL7{3n($`UdoEUKb;QAWu~SS(qUr?T3*Tk
z{}M^A8YJ=`DP!Asbk)_v%a|wW5gFG6oWa`;P3OK~JV@7@qlF&fgv2iovM4l%7)8K?
z5^U|}#g)zCnZ8XB@<zBH(3`6*BEXkScx!mePeoX?6Q6}v;KiDQaIkt)AA||(dmL0o
z-)}KC%TGBzLJAf=%?tsG*rVMbT)_WG*Db5z-nYXK29g&3hHSOpo~!%Bw9#{)e8DA8
zvPDGaY{2j*Js2R}9Jt+|`y|7)*aJ3(O|k#?!{W-d6nTL%cdxnE0&IyhfP<9}Y!^tA
z3uTG-BF?~WAI4QzaX4y(t@+Gr?pq!nNV?!ln~Ux4EeD9Pz(FOJ<vSG+_Z7ck_}8)+
zhDq-6HDKMs_fv?#!JQ!VeO`u@ie$NBoYvHdVo1qnWV+{)KKz|#r-}c9Zy|sF7fi|)
zUqb8SSiEwGS4=wFvB$I4mtLk1$y6As#!rYIM2+ILN<d#TB^@;V%wtVjwi@d$oYXoT
z@x5e^*g8t^7IV*xl-zCsQmUU4g35MhiZ7h12`QZ7gdAz)56gs!*yC9@PLY})s{R+@
z<K^8USWfELASfJZEe%qfE~n27B^KB?*pDf5i7CiLRyw%iLUk{9@_GSY_RO}8_%-o0
zX8TL>r|RqRXM7b*56C60P&JhFmC>Hhm})6)i7@ADOigOe)-r0erU&5Y3O->#nJuEo
zh!s+Fugb1=xG{<s+Wn}<zQ^*}U%C+JkoNflCKk>OPO@n~coUqU*+XL~qR6o^x*t7i
z8V<!N%$1^W<c?QxC3l*9;d_1H?COY~jFGpYV+b6$7L8=>k%o_eD*KknZ^g=_O=rf8
zAz%vn5;-+b#gi_X|CrhtV22ayd^*rzEH-rRKu4B%Ci6x$-i-{<3UoLVR)PdF_wA)O
z9lNDR#VCTLPv;KsO7MIMFV}c>xK+g1He+c-5j@bB9P-dtHI%Z~<!bSI+EW-MYsNG|
z#TWb_XOvw~V#m+<+2&SF&lnYsg!?!GJ&17u&3;jm8H@BV7t0I&%r5$I1An!L0{N#~
z(L;~ZJQcIew55aip_ZjZE5HBqnwo*dGN@qZ?dUTTZ}cf$tV%VXQ8snYtPEWKmRQoG
zof8-`7=j%<Bm7+)1D}+2n<ugDyqV<2gSXxxO8ft))Galn!e^cIC1u*GtV<^o_T_Ll
zwuj=nQ@<+z;~~UGkw>P2L-f{P+(FW9nI5cy*cz$ew@Qr5#GCNwAsXeJQ^K4XUpU$^
z$>Qc72dYhaFas)5JZcO7zm8H2rXQPDKGdQld$HNS3wilvqzC(iRL`@T3QtB3HMg1%
z4mYiw)&ugmA<y2&dP`<Wn?`XVo!>m=^g7z1tV9W08uZ)W-%}AB4&Bmg>@Ld*wE8E8
z*VEcIG8_6#JYe$EXXIYgSYJ@$tle2?@aQHj3TQN-4jt?Aitsi`F|oF6{~ZKRK;3q;
zc+sHTS>8_kLFrUF01>xi-Z(X|-K1K@IKG>_w_COgGtNK6f^+dmEp*$ag%qGyXgKDl
zAR)t>Ag3D+!t;LI1{&U7?L!~uz>#6;G*t5GR&44en+8$4iev?2`(*sysSU!uJ=Lg=
zOZXf9c&-fz^t-A`Tz=D$P^@yXHG6Nb=dg;)Bx7uVuRr<<dp31&En>L#ryU768OY`g
zMvqgYGZwu_j1!J*AN%iZZJT+a#>pUGNeA@EnNCx_!N6TC_$+=Pv@;#~WC<CWG|~17
zk9XdkYVms!tSI1@F*-8HHOBb`Po^r4V)mg@QIOlSsIti)AHC`sIdsvIjd~*ETwQFi
z$1magz2vpQJ+sM@d{1^*XKF>uV5;ZBpWEW~XNS2uF<4d~6b9PTxF?GQu78W$e<0Z|
R5fVsXi>>{}+<&~z{~v%ki3tDz

literal 0
HcmV?d00001

diff --git a/charts/hub/dynatrace/default/questions.yml b/charts/hub/dynatrace/default/questions.yml
new file mode 100644
index 00000000..0792ef84
--- /dev/null
+++ b/charts/hub/dynatrace/default/questions.yml
@@ -0,0 +1,250 @@
+categories:
+  - APM
+  - Monitoring
+questions:
+
+  #################### Global Configuration ####################
+  - variable: installCRD
+    label: "Install Custom Resource Definitions"
+    description: "Installs the Custom Resource Definitions for the Dynakube. This is recommended if you haven't installed it manually yet. Default: true"
+    default: true
+    type: boolean
+    group: "Global Configuration"
+
+  - variable: image
+    label: "Set a custom image for operator components"
+    description: "Set a custom image for operator. Defaults to docker.io/dynatrace/dynatrace-operator"
+    default: ""
+    type: string
+    group: "Global Configuration"
+
+  - variable: customPullSecret
+    label: "Set a custom pull secret for operator image"
+    description: "Set a custom pull secret for the operator image"
+    default: ""
+    type: string
+    group: "Global Configuration"
+
+  #################### Operator Deployment Configuration ####################
+  - variable: operator.nodeSelector
+    label: "Assign the Dynatrace Operator's pod to certain nodes"
+    description: "Defines a NodeSelector to customize to which nodes the Dynatrace Operator can be deployed on - Please edit as Yaml for the best experience - see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector"
+    default: ""
+    type: string
+    group: "Operator Deployment Configuration"
+
+  - variable: operator.tolerations
+    label: "Custom tolerations for the Dynatrace Operator's pod"
+    description: "Defines custom tolerations to the Dynatrace Operator - Please edit as Yaml for the best experience - see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/"
+    default: ""
+    type: string
+    group: "Operator Deployment Configuration"
+
+  - variable: operator.apparmor
+    label: "Enable AppArmor for the Dynatrace Operator's pod"
+    description: "Adds AppArmor security annotations to the Dynatrace Operator's pod. Default: false"
+    default: false
+    type: boolean
+    group: "Operator Deployment Configuration"
+
+  - variable: operator.requests.cpu
+    label: "CPU resource requests settings for Dynatrace Operator's pods"
+    description: "The minimum amount of CPU resources that the Dynatrace Operator's pods should request. Affects scheduling. Default: 50m"
+    default: "50m"
+    type: string
+    group: "Operator Deployment Configuration"
+
+  - variable: operator.requests.memory
+    label: "Memory resource requests settings for Dynatrace Operator's pods"
+    description: "The minimum amount of memory that the Dynatrace Operator's pods should request. Affects scheduling. Default: 64Mi"
+    default: "64Mi"
+    type: string
+    group: "Operator Deployment Configuration"
+
+  - variable: operator.limits.cpu
+    label: "CPU resource limits settings for Dynatrace Operator's pods"
+    description: "The maximum amount of CPU resources that the Dynatrace Operator's pods can use. Default: 100m"
+    default: "100m"
+    type: string
+    group: "Operator Deployment Configuration"
+
+  - variable: operator.limits.memory
+    label: "Memory resource limits settings for Dynatrace Operator's pods"
+    description: "The maximum amount of memory that the Dynatrace Operator's pods can use. Pod restarted if exceeded. Default: 128Mi"
+    default: "128Mi"
+    type: string
+    group: "Operator Deployment Configuration"
+
+
+  #################### Webhook Deployment Configuration ####################
+
+  - variable: webhook.apparmor
+    label: "Enable AppArmor for the Dynatrace Webhook's pod"
+    description: "Adds AppArmor security annotations to the Dynatrace Webhook's pod. Default: false"
+    default: false
+    type: boolean
+    group: "Webhook Deployment Configuration"
+
+  - variable: webhook.highAvailability
+    label: "Enable high availability for the Dynatrace Webhook's pod"
+    description: "Adds topologySpreadConstraints and increases the replicas to 2 for the Dynatrace Webhook's pod. Default: false"
+    default: false
+    type: boolean
+    group: "Webhook Deployment Configuration"
+
+  - variable: webhook.hostNetwork
+    label: "Enable hostNetwork for the Dynatrace Webhook's pod"
+    description: "Enables hostNetwork for the Dynatrace Webhook's pod. Default: false"
+    default: false
+    type: boolean
+    group: "Webhook Deployment Configuration"
+
+  - variable: webhook.requests.cpu
+    label: "CPU resource requests settings for Dynatrace Webhook's pods"
+    description: "The minimum amount of CPU resources that the Dynatrace Webhook's pods should request. Affects scheduling. Default: 300m"
+    default: "300m"
+    type: string
+    group: "Webhook Deployment Configuration"
+
+  - variable: webhook.requests.memory
+    label: "Memory resource requests settings for Dynatrace Webhook's pods"
+    description: "The minimum amount of memory that the Dynatrace Webhook's pods should request. Affects scheduling. Default: 128Mi"
+    default: "128Mi"
+    type: string
+    group: "Webhook Deployment Configuration"
+
+  - variable: webhook.limits.cpu
+    label: "CPU resource limits settings for Dynatrace Webhook's pods"
+    description: "The maximum amount of CPU resources that the Dynatrace Webhook's pods can use. Default: 300m"
+    default: "300m"
+    type: string
+    group: "Webhook Deployment Configuration"
+
+  - variable: webhook.limits.memory
+    label: "Memory resource limits settings for Dynatrace Webhook's pods"
+    description: "The maximum amount of memory that the Dynatrace Webhook's pods can use. Pod restarted if exceeded. Default: 128Mi"
+    default: "128Mi"
+    type: string
+    group: "Webhook Deployment Configuration"
+
+
+  #################### CSI Driver Deployment Configuration ####################
+
+  - variable: csidriver.enabled
+    label: "Deploy the Dynatrace CSI Driver"
+    description: "Deploys the Dynatrace CSI Driver via a DaemonSet to enable Cloud Native FullStack. Default: false"
+    default: false
+    type: boolean
+    group: "CSI Driver Deployment Configuration"
+
+  - variable: csidriver.server.requests.cpu
+    label: "CPU resource requests settings for Dynatrace CSI Driver's server container"
+    description: "The minimum amount of CPU resources that the Dynatrace CSI Driver's server container should request. Affects scheduling. Default: 50m"
+    default: "50m"
+    type: string
+    group: "CSI Driver Deployment Configuration"
+
+  - variable: csidriver.server.requests.memory
+    label: "Memory resource requests settings for Dynatrace CSI Driver's server container"
+    description: "The minimum amount of memory that the Dynatrace CSI Driver's server container should request. Affects scheduling. Default: 100Mi"
+    default: "100Mi"
+    type: string
+    group: "CSI Driver Deployment Configuration"
+
+  - variable: csidriver.server.limits.cpu
+    label: "CPU resource limits settings for Dynatrace CSI Driver's server container"
+    description: "The maximum amount of CPU resources that the Dynatrace CSI Driver's server container can use. Default: 50m"
+    default: "50m"
+    type: string
+    group: "CSI Driver Deployment Configuration"
+
+  - variable: csidriver.server.limits.memory
+    label: "Memory resource limits settings for Dynatrace CSI Driver's server container"
+    description: "The maximum amount of memory that the Dynatrace CSI Driver's server container can use. Pod restarted if exceeded. Default: 100Mi"
+    default: "100Mi"
+    type: string
+    group: "CSI Driver Deployment Configuration"
+
+  - variable: csidriver.provisioner.requests.cpu
+    label: "CPU resource requests settings for Dynatrace CSI Driver's provisioner container"
+    description: "The minimum amount of CPU resources that the Dynatrace CSI Driver's provisioner container should request. Affects scheduling. Default: 300m"
+    default: "300m"
+    type: string
+    group: "CSI Driver Deployment Configuration"
+
+  - variable: csidriver.provisioner.requests.memory
+    label: "Memory resource requests settings for Dynatrace CSI Driver's provisioner container"
+    description: "The minimum amount of memory that the Dynatrace CSI Driver's provisioner container should request. Affects scheduling. Default: 100Mi"
+    default: "100Mi"
+    type: string
+    group: "CSI Driver Deployment Configuration"
+
+  - variable: csidriver.provisioner.limits.cpu
+    label: "CPU resource limits settings for Dynatrace CSI Driver's provisioner container"
+    description: "The maximum amount of CPU resources that the Dynatrace CSI Driver's provisioner container can use. Default: 300m"
+    default: "300m"
+    type: string
+    group: "CSI Driver Deployment Configuration"
+
+  - variable: csidriver.provisioner.limits.memory
+    label: "Memory resource limits settings for Dynatrace CSI Driver's provisioner container"
+    description: "The maximum amount of memory that the Dynatrace CSI Driver's provisioner container can use. Pod restarted if exceeded. Default: 100Mi"
+    default: "100Mi"
+    type: string
+    group: "CSI Driver Deployment Configuration"
+
+  - variable: csidriver.registrar.requests.cpu
+    label: "CPU resource requests settings for Dynatrace CSI Driver's registrar container"
+    description: "The minimum amount of CPU resources that the Dynatrace CSI Driver's registrar container should request. Affects scheduling. Default: 20m"
+    default: "20m"
+    type: string
+    group: "CSI Driver Deployment Configuration"
+
+  - variable: csidriver.registrar.requests.memory
+    label: "Memory resource requests settings for Dynatrace CSI Driver's registrar container"
+    description: "The minimum amount of memory that the Dynatrace CSI Driver's registrar container should request. Affects scheduling. Default: 30Mi"
+    default: "30Mi"
+    type: string
+    group: "CSI Driver Deployment Configuration"
+
+  - variable: csidriver.registrar.limits.cpu
+    label: "CPU resource limits settings for Dynatrace CSI Driver's registrar container"
+    description: "The maximum amount of CPU resources that the Dynatrace CSI Driver's registrar container can use. Default: 20m"
+    default: "20m"
+    type: string
+    group: "CSI Driver Deployment Configuration"
+
+  - variable: csidriver.registrar.limits.memory
+    label: "Memory resource limits settings for Dynatrace CSI Driver's registrar container"
+    description: "The maximum amount of memory that the Dynatrace CSI Driver's registrar container can use. Pod restarted if exceeded. Default: 30Mi"
+    default: "30Mi"
+    type: string
+    group: "CSI Driver Deployment Configuration"
+
+  - variable: csidriver.livenessprobe.requests.cpu
+    label: "CPU resource requests settings for Dynatrace CSI Driver's livenessprobe container"
+    description: "The minimum amount of CPU resources that the Dynatrace CSI Driver's livenessprobe container should request. Affects scheduling. Default: 20m"
+    default: "20m"
+    type: string
+    group: "CSI Driver Deployment Configuration"
+
+  - variable: csidriver.livenessprobe.requests.memory
+    label: "Memory resource requests settings for Dynatrace CSI Driver's livenessprobe container"
+    description: "The minimum amount of memory that the Dynatrace CSI Driver's livenessprobe container should request. Affects scheduling. Default: 30Mi"
+    default: "30Mi"
+    type: string
+    group: "CSI Driver Deployment Configuration"
+
+  - variable: csidriver.livenessprobe.limits.cpu
+    label: "CPU resource limits settings for Dynatrace CSI Driver's livenessprobe container"
+    description: "The maximum amount of CPU resources that the Dynatrace CSI Driver's livenessprobe container can use. Default: 20m"
+    default: "20m"
+    type: string
+    group: "CSI Driver Deployment Configuration"
+
+  - variable: csidriver.livenessprobe.limits.memory
+    label: "Memory resource limits settings for Dynatrace CSI Driver's livenessprobe container"
+    description: "The maximum amount of memory that the Dynatrace CSI Driver's livenessprobe container can use. Pod restarted if exceeded. Default: 30Mi"
+    default: "30Mi"
+    type: string
+    group: "CSI Driver Deployment Configuration"
diff --git a/charts/hub/dynatrace/default/templates/Common/activegate/clusterrole-activegate.yaml b/charts/hub/dynatrace/default/templates/Common/activegate/clusterrole-activegate.yaml
new file mode 100644
index 00000000..ed8feb1b
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/activegate/clusterrole-activegate.yaml
@@ -0,0 +1,35 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{- if eq (default false .Values.olm) true}}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: dynatrace-activegate
+  labels:
+  {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - security.openshift.io
+    resourceNames:
+      - host
+      - privileged
+    resources:
+      - securitycontextconstraints
+    verbs:
+      - use
+{{- end -}}
+{{- end -}}
diff --git a/charts/hub/dynatrace/default/templates/Common/activegate/clusterrolebinding-activegate.yaml b/charts/hub/dynatrace/default/templates/Common/activegate/clusterrolebinding-activegate.yaml
new file mode 100644
index 00000000..c36e1099
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/activegate/clusterrolebinding-activegate.yaml
@@ -0,0 +1,32 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{- if eq (default false .Values.olm) true}}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: dynatrace-activegate
+  labels:
+    {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: dynatrace-activegate
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: dynatrace-activegate
+  apiGroup: rbac.authorization.k8s.io
+{{- end -}}
+{{- end -}}
diff --git a/charts/hub/dynatrace/default/templates/Common/activegate/serviceaccount-activegate.yaml b/charts/hub/dynatrace/default/templates/Common/activegate/serviceaccount-activegate.yaml
new file mode 100644
index 00000000..45adc0fc
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/activegate/serviceaccount-activegate.yaml
@@ -0,0 +1,23 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: dynatrace-activegate
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/crd/dynatrace-operator-crd.yaml b/charts/hub/dynatrace/default/templates/Common/crd/dynatrace-operator-crd.yaml
new file mode 100644
index 00000000..bbf313ba
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/crd/dynatrace-operator-crd.yaml
@@ -0,0 +1,3604 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if and .Values.installCRD (or (eq (include "dynatrace-operator.partial" .) "false") (eq (include "dynatrace-operator.partial" .) "crd")) }}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.1
+  name: dynakubes.dynatrace.com
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          name: dynatrace-webhook
+          namespace: {{.Release.Namespace}}
+          path: /convert
+      conversionReviewVersions:
+      - v1beta1
+  group: dynatrace.com
+  names:
+    categories:
+    - dynatrace
+    kind: DynaKube
+    listKind: DynaKubeList
+    plural: dynakubes
+    singular: dynakube
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.apiUrl
+      name: ApiUrl
+      type: string
+    - jsonPath: .status.tokens
+      name: Tokens
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: DynaKube is the Schema for the DynaKube API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: DynaKubeSpec defines the desired state of DynaKube
+            properties:
+              activeGate:
+                description: General configuration about ActiveGate instances
+                properties:
+                  autoUpdate:
+                    description: Disable automatic restarts of OneAgent pods in case
+                      a new version is available
+                    type: boolean
+                  image:
+                    description: 'Optional: the ActiveGate container image. Defaults
+                      to the latest ActiveGate image provided by the Docker Registry
+                      implementation from the Dynatrace environment set as API URL.'
+                    type: string
+                type: object
+              apiUrl:
+                description: Location of the Dynatrace API to connect to, including
+                  your specific environment UUID
+                type: string
+              classicFullStack:
+                description: Configuration for ClassicFullStack Monitoring
+                properties:
+                  args:
+                    description: 'Optional: Arguments to the OneAgent installer'
+                    items:
+                      type: string
+                    type: array
+                  dnsPolicy:
+                    description: 'Optional: Sets DNS Policy for the OneAgent pods'
+                    type: string
+                  enabled:
+                    description: Enables FullStack Monitoring
+                    type: boolean
+                  env:
+                    description: 'Optional: List of environment variables to set for
+                      the installer'
+                    items:
+                      description: EnvVar represents an environment variable present
+                        in a Container.
+                      properties:
+                        name:
+                          description: Name of the environment variable. Must be a
+                            C_IDENTIFIER.
+                          type: string
+                        value:
+                          description: 'Variable references $(VAR_NAME) are expanded
+                            using the previously defined environment variables in
+                            the container and any service environment variables. If
+                            a variable cannot be resolved, the reference in the input
+                            string will be unchanged. Double $$ are reduced to a single
+                            $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                            Escaped references will never be expanded, regardless
+                            of whether the variable exists or not. Defaults to "".'
+                          type: string
+                        valueFrom:
+                          description: Source for the environment variable's value.
+                            Cannot be used if value is not empty.
+                          properties:
+                            configMapKeyRef:
+                              description: Selects a key of a ConfigMap.
+                              properties:
+                                key:
+                                  description: The key to select.
+                                  type: string
+                                name:
+                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind,
+                                    uid?'
+                                  type: string
+                                optional:
+                                  description: Specify whether the ConfigMap or its
+                                    key must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            fieldRef:
+                              description: 'Selects a field of the pod: supports metadata.name,
+                                metadata.namespace, `metadata.labels[''<KEY>'']`,
+                                `metadata.annotations[''<KEY>'']`, spec.nodeName,
+                                spec.serviceAccountName, status.hostIP, status.podIP,
+                                status.podIPs.'
+                              properties:
+                                apiVersion:
+                                  description: Version of the schema the FieldPath
+                                    is written in terms of, defaults to "v1".
+                                  type: string
+                                fieldPath:
+                                  description: Path of the field to select in the
+                                    specified API version.
+                                  type: string
+                              required:
+                              - fieldPath
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            resourceFieldRef:
+                              description: 'Selects a resource of the container: only
+                                resources limits and requests (limits.cpu, limits.memory,
+                                limits.ephemeral-storage, requests.cpu, requests.memory
+                                and requests.ephemeral-storage) are currently supported.'
+                              properties:
+                                containerName:
+                                  description: 'Container name: required for volumes,
+                                    optional for env vars'
+                                  type: string
+                                divisor:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: Specifies the output format of the
+                                    exposed resources, defaults to "1"
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                resource:
+                                  description: 'Required: resource to select'
+                                  type: string
+                              required:
+                              - resource
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            secretKeyRef:
+                              description: Selects a key of a secret in the pod's
+                                namespace
+                              properties:
+                                key:
+                                  description: The key of the secret to select from.  Must
+                                    be a valid secret key.
+                                  type: string
+                                name:
+                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind,
+                                    uid?'
+                                  type: string
+                                optional:
+                                  description: Specify whether the Secret or its key
+                                    must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  labels:
+                    additionalProperties:
+                      type: string
+                    description: 'Optional: Adds additional labels for the OneAgent
+                      pods'
+                    type: object
+                  nodeSelector:
+                    additionalProperties:
+                      type: string
+                    description: Node selector to control the selection of nodes (optional)
+                    type: object
+                  priorityClassName:
+                    description: 'Optional: If specified, indicates the pod''s priority.
+                      Name must be defined by creating a PriorityClass object with
+                      that name. If not specified the setting will be removed from
+                      the DaemonSet.'
+                    type: string
+                  resources:
+                    description: 'Optional: define resources requests and limits for
+                      single pods'
+                    properties:
+                      claims:
+                        description: "Claims lists the names of resources, defined
+                          in spec.resourceClaims, that are used by this container.
+                          \n This is an alpha field and requires enabling the DynamicResourceAllocation
+                          feature gate. \n This field is immutable."
+                        items:
+                          description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                          properties:
+                            name:
+                              description: Name must match the name of one entry in
+                                pod.spec.resourceClaims of the Pod where this field
+                                is used. It makes that resource available inside a
+                                container.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      limits:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Limits describes the maximum amount of compute
+                          resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                        type: object
+                      requests:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Requests describes the minimum amount of compute
+                          resources required. If Requests is omitted for a container,
+                          it defaults to Limits if that is explicitly specified, otherwise
+                          to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                        type: object
+                    type: object
+                  serviceAccountName:
+                    description: 'Optional: set custom Service Account Name used with
+                      OneAgent pods'
+                    type: string
+                  tolerations:
+                    description: 'Optional: set tolerations for the OneAgent pods'
+                    items:
+                      description: The pod this Toleration is attached to tolerates
+                        any taint that matches the triple <key,value,effect> using
+                        the matching operator <operator>.
+                      properties:
+                        effect:
+                          description: Effect indicates the taint effect to match.
+                            Empty means match all taint effects. When specified, allowed
+                            values are NoSchedule, PreferNoSchedule and NoExecute.
+                          type: string
+                        key:
+                          description: Key is the taint key that the toleration applies
+                            to. Empty means match all taint keys. If the key is empty,
+                            operator must be Exists; this combination means to match
+                            all values and all keys.
+                          type: string
+                        operator:
+                          description: Operator represents a key's relationship to
+                            the value. Valid operators are Exists and Equal. Defaults
+                            to Equal. Exists is equivalent to wildcard for value,
+                            so that a pod can tolerate all taints of a particular
+                            category.
+                          type: string
+                        tolerationSeconds:
+                          description: TolerationSeconds represents the period of
+                            time the toleration (which must be of effect NoExecute,
+                            otherwise this field is ignored) tolerates the taint.
+                            By default, it is not set, which means tolerate the taint
+                            forever (do not evict). Zero and negative values will
+                            be treated as 0 (evict immediately) by the system.
+                          format: int64
+                          type: integer
+                        value:
+                          description: Value is the taint value the toleration matches
+                            to. If the operator is Exists, the value should be empty,
+                            otherwise just a regular string.
+                          type: string
+                      type: object
+                    type: array
+                  useImmutableImage:
+                    description: Defines if you want to use the immutable image or
+                      the installer
+                    type: boolean
+                  useUnprivilegedMode:
+                    description: 'Optional: Runs the OneAgent Pods as unprivileged
+                      (Early Adopter)'
+                    type: boolean
+                  waitReadySeconds:
+                    description: 'Optional: Defines the time to wait until OneAgent
+                      pod is ready after update - default 300 sec'
+                    minimum: 0
+                    type: integer
+                type: object
+              customPullSecret:
+                description: 'Optional: Pull secret for your private registry'
+                type: string
+              enableIstio:
+                description: If enabled, Istio on the cluster will be configured automatically
+                  to allow access to the Dynatrace environment
+                type: boolean
+              kubernetesMonitoring:
+                description: Configuration for Kubernetes Monitoring
+                properties:
+                  args:
+                    description: 'Optional: Adds additional arguments for the ActiveGate
+                      instances'
+                    items:
+                      type: string
+                    type: array
+                  customProperties:
+                    description: 'Optional: Add a custom properties file by providing
+                      it as a value or reference it from a secret If referenced from
+                      a secret, make sure the key is called ''customProperties'''
+                    properties:
+                      value:
+                        type: string
+                      valueFrom:
+                        type: string
+                    type: object
+                  enabled:
+                    description: Enables Capability
+                    type: boolean
+                  env:
+                    description: 'Optional: List of environment variables to set for
+                      the ActiveGate'
+                    items:
+                      description: EnvVar represents an environment variable present
+                        in a Container.
+                      properties:
+                        name:
+                          description: Name of the environment variable. Must be a
+                            C_IDENTIFIER.
+                          type: string
+                        value:
+                          description: 'Variable references $(VAR_NAME) are expanded
+                            using the previously defined environment variables in
+                            the container and any service environment variables. If
+                            a variable cannot be resolved, the reference in the input
+                            string will be unchanged. Double $$ are reduced to a single
+                            $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                            Escaped references will never be expanded, regardless
+                            of whether the variable exists or not. Defaults to "".'
+                          type: string
+                        valueFrom:
+                          description: Source for the environment variable's value.
+                            Cannot be used if value is not empty.
+                          properties:
+                            configMapKeyRef:
+                              description: Selects a key of a ConfigMap.
+                              properties:
+                                key:
+                                  description: The key to select.
+                                  type: string
+                                name:
+                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind,
+                                    uid?'
+                                  type: string
+                                optional:
+                                  description: Specify whether the ConfigMap or its
+                                    key must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            fieldRef:
+                              description: 'Selects a field of the pod: supports metadata.name,
+                                metadata.namespace, `metadata.labels[''<KEY>'']`,
+                                `metadata.annotations[''<KEY>'']`, spec.nodeName,
+                                spec.serviceAccountName, status.hostIP, status.podIP,
+                                status.podIPs.'
+                              properties:
+                                apiVersion:
+                                  description: Version of the schema the FieldPath
+                                    is written in terms of, defaults to "v1".
+                                  type: string
+                                fieldPath:
+                                  description: Path of the field to select in the
+                                    specified API version.
+                                  type: string
+                              required:
+                              - fieldPath
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            resourceFieldRef:
+                              description: 'Selects a resource of the container: only
+                                resources limits and requests (limits.cpu, limits.memory,
+                                limits.ephemeral-storage, requests.cpu, requests.memory
+                                and requests.ephemeral-storage) are currently supported.'
+                              properties:
+                                containerName:
+                                  description: 'Container name: required for volumes,
+                                    optional for env vars'
+                                  type: string
+                                divisor:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: Specifies the output format of the
+                                    exposed resources, defaults to "1"
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                resource:
+                                  description: 'Required: resource to select'
+                                  type: string
+                              required:
+                              - resource
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            secretKeyRef:
+                              description: Selects a key of a secret in the pod's
+                                namespace
+                              properties:
+                                key:
+                                  description: The key of the secret to select from.  Must
+                                    be a valid secret key.
+                                  type: string
+                                name:
+                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind,
+                                    uid?'
+                                  type: string
+                                optional:
+                                  description: Specify whether the Secret or its key
+                                    must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  group:
+                    description: 'Optional: Set activation group for ActiveGate'
+                    type: string
+                  labels:
+                    additionalProperties:
+                      type: string
+                    description: 'Optional: Adds additional labels for the ActiveGate
+                      pods'
+                    type: object
+                  nodeSelector:
+                    additionalProperties:
+                      type: string
+                    description: 'Optional: Node selector to control the selection
+                      of nodes'
+                    type: object
+                  replicas:
+                    description: Amount of replicas for your DynaKube
+                    format: int32
+                    type: integer
+                  resources:
+                    description: 'Optional: define resources requests and limits for
+                      single ActiveGate pods'
+                    properties:
+                      claims:
+                        description: "Claims lists the names of resources, defined
+                          in spec.resourceClaims, that are used by this container.
+                          \n This is an alpha field and requires enabling the DynamicResourceAllocation
+                          feature gate. \n This field is immutable."
+                        items:
+                          description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                          properties:
+                            name:
+                              description: Name must match the name of one entry in
+                                pod.spec.resourceClaims of the Pod where this field
+                                is used. It makes that resource available inside a
+                                container.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      limits:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Limits describes the maximum amount of compute
+                          resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                        type: object
+                      requests:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Requests describes the minimum amount of compute
+                          resources required. If Requests is omitted for a container,
+                          it defaults to Limits if that is explicitly specified, otherwise
+                          to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                        type: object
+                    type: object
+                  serviceAccountName:
+                    description: 'Optional: set custom Service Account Name used with
+                      ActiveGate pods'
+                    type: string
+                  tolerations:
+                    description: 'Optional: set tolerations for the ActiveGatePods
+                      pods'
+                    items:
+                      description: The pod this Toleration is attached to tolerates
+                        any taint that matches the triple <key,value,effect> using
+                        the matching operator <operator>.
+                      properties:
+                        effect:
+                          description: Effect indicates the taint effect to match.
+                            Empty means match all taint effects. When specified, allowed
+                            values are NoSchedule, PreferNoSchedule and NoExecute.
+                          type: string
+                        key:
+                          description: Key is the taint key that the toleration applies
+                            to. Empty means match all taint keys. If the key is empty,
+                            operator must be Exists; this combination means to match
+                            all values and all keys.
+                          type: string
+                        operator:
+                          description: Operator represents a key's relationship to
+                            the value. Valid operators are Exists and Equal. Defaults
+                            to Equal. Exists is equivalent to wildcard for value,
+                            so that a pod can tolerate all taints of a particular
+                            category.
+                          type: string
+                        tolerationSeconds:
+                          description: TolerationSeconds represents the period of
+                            time the toleration (which must be of effect NoExecute,
+                            otherwise this field is ignored) tolerates the taint.
+                            By default, it is not set, which means tolerate the taint
+                            forever (do not evict). Zero and negative values will
+                            be treated as 0 (evict immediately) by the system.
+                          format: int64
+                          type: integer
+                        value:
+                          description: Value is the taint value the toleration matches
+                            to. If the operator is Exists, the value should be empty,
+                            otherwise just a regular string.
+                          type: string
+                      type: object
+                    type: array
+                type: object
+              networkZone:
+                description: 'Optional: Sets Network Zone for OneAgent and ActiveGate
+                  pods'
+                type: string
+              oneAgent:
+                description: General configuration about OneAgent instances
+                properties:
+                  autoUpdate:
+                    description: Disable automatic restarts of OneAgent pods in case
+                      a new version is available
+                    type: boolean
+                  image:
+                    description: 'Optional: the Dynatrace installer container image
+                      Defaults to docker.io/dynatrace/oneagent:latest for Kubernetes
+                      and to registry.connect.redhat.com/dynatrace/oneagent for OpenShift'
+                    type: string
+                  version:
+                    description: 'Optional: If specified, indicates the OneAgent version
+                      to use Defaults to latest Example: {major.minor.release} - 1.200.0'
+                    type: string
+                type: object
+              proxy:
+                description: 'Optional: Set custom proxy settings either directly
+                  or from a secret with the field ''proxy'''
+                properties:
+                  value:
+                    type: string
+                  valueFrom:
+                    type: string
+                type: object
+              routing:
+                description: Configuration for Routing
+                properties:
+                  args:
+                    description: 'Optional: Adds additional arguments for the ActiveGate
+                      instances'
+                    items:
+                      type: string
+                    type: array
+                  customProperties:
+                    description: 'Optional: Add a custom properties file by providing
+                      it as a value or reference it from a secret If referenced from
+                      a secret, make sure the key is called ''customProperties'''
+                    properties:
+                      value:
+                        type: string
+                      valueFrom:
+                        type: string
+                    type: object
+                  enabled:
+                    description: Enables Capability
+                    type: boolean
+                  env:
+                    description: 'Optional: List of environment variables to set for
+                      the ActiveGate'
+                    items:
+                      description: EnvVar represents an environment variable present
+                        in a Container.
+                      properties:
+                        name:
+                          description: Name of the environment variable. Must be a
+                            C_IDENTIFIER.
+                          type: string
+                        value:
+                          description: 'Variable references $(VAR_NAME) are expanded
+                            using the previously defined environment variables in
+                            the container and any service environment variables. If
+                            a variable cannot be resolved, the reference in the input
+                            string will be unchanged. Double $$ are reduced to a single
+                            $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                            Escaped references will never be expanded, regardless
+                            of whether the variable exists or not. Defaults to "".'
+                          type: string
+                        valueFrom:
+                          description: Source for the environment variable's value.
+                            Cannot be used if value is not empty.
+                          properties:
+                            configMapKeyRef:
+                              description: Selects a key of a ConfigMap.
+                              properties:
+                                key:
+                                  description: The key to select.
+                                  type: string
+                                name:
+                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind,
+                                    uid?'
+                                  type: string
+                                optional:
+                                  description: Specify whether the ConfigMap or its
+                                    key must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            fieldRef:
+                              description: 'Selects a field of the pod: supports metadata.name,
+                                metadata.namespace, `metadata.labels[''<KEY>'']`,
+                                `metadata.annotations[''<KEY>'']`, spec.nodeName,
+                                spec.serviceAccountName, status.hostIP, status.podIP,
+                                status.podIPs.'
+                              properties:
+                                apiVersion:
+                                  description: Version of the schema the FieldPath
+                                    is written in terms of, defaults to "v1".
+                                  type: string
+                                fieldPath:
+                                  description: Path of the field to select in the
+                                    specified API version.
+                                  type: string
+                              required:
+                              - fieldPath
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            resourceFieldRef:
+                              description: 'Selects a resource of the container: only
+                                resources limits and requests (limits.cpu, limits.memory,
+                                limits.ephemeral-storage, requests.cpu, requests.memory
+                                and requests.ephemeral-storage) are currently supported.'
+                              properties:
+                                containerName:
+                                  description: 'Container name: required for volumes,
+                                    optional for env vars'
+                                  type: string
+                                divisor:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: Specifies the output format of the
+                                    exposed resources, defaults to "1"
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                resource:
+                                  description: 'Required: resource to select'
+                                  type: string
+                              required:
+                              - resource
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            secretKeyRef:
+                              description: Selects a key of a secret in the pod's
+                                namespace
+                              properties:
+                                key:
+                                  description: The key of the secret to select from.  Must
+                                    be a valid secret key.
+                                  type: string
+                                name:
+                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind,
+                                    uid?'
+                                  type: string
+                                optional:
+                                  description: Specify whether the Secret or its key
+                                    must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  group:
+                    description: 'Optional: Set activation group for ActiveGate'
+                    type: string
+                  labels:
+                    additionalProperties:
+                      type: string
+                    description: 'Optional: Adds additional labels for the ActiveGate
+                      pods'
+                    type: object
+                  nodeSelector:
+                    additionalProperties:
+                      type: string
+                    description: 'Optional: Node selector to control the selection
+                      of nodes'
+                    type: object
+                  replicas:
+                    description: Amount of replicas for your DynaKube
+                    format: int32
+                    type: integer
+                  resources:
+                    description: 'Optional: define resources requests and limits for
+                      single ActiveGate pods'
+                    properties:
+                      claims:
+                        description: "Claims lists the names of resources, defined
+                          in spec.resourceClaims, that are used by this container.
+                          \n This is an alpha field and requires enabling the DynamicResourceAllocation
+                          feature gate. \n This field is immutable."
+                        items:
+                          description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                          properties:
+                            name:
+                              description: Name must match the name of one entry in
+                                pod.spec.resourceClaims of the Pod where this field
+                                is used. It makes that resource available inside a
+                                container.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      limits:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Limits describes the maximum amount of compute
+                          resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                        type: object
+                      requests:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Requests describes the minimum amount of compute
+                          resources required. If Requests is omitted for a container,
+                          it defaults to Limits if that is explicitly specified, otherwise
+                          to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                        type: object
+                    type: object
+                  serviceAccountName:
+                    description: 'Optional: set custom Service Account Name used with
+                      ActiveGate pods'
+                    type: string
+                  tolerations:
+                    description: 'Optional: set tolerations for the ActiveGatePods
+                      pods'
+                    items:
+                      description: The pod this Toleration is attached to tolerates
+                        any taint that matches the triple <key,value,effect> using
+                        the matching operator <operator>.
+                      properties:
+                        effect:
+                          description: Effect indicates the taint effect to match.
+                            Empty means match all taint effects. When specified, allowed
+                            values are NoSchedule, PreferNoSchedule and NoExecute.
+                          type: string
+                        key:
+                          description: Key is the taint key that the toleration applies
+                            to. Empty means match all taint keys. If the key is empty,
+                            operator must be Exists; this combination means to match
+                            all values and all keys.
+                          type: string
+                        operator:
+                          description: Operator represents a key's relationship to
+                            the value. Valid operators are Exists and Equal. Defaults
+                            to Equal. Exists is equivalent to wildcard for value,
+                            so that a pod can tolerate all taints of a particular
+                            category.
+                          type: string
+                        tolerationSeconds:
+                          description: TolerationSeconds represents the period of
+                            time the toleration (which must be of effect NoExecute,
+                            otherwise this field is ignored) tolerates the taint.
+                            By default, it is not set, which means tolerate the taint
+                            forever (do not evict). Zero and negative values will
+                            be treated as 0 (evict immediately) by the system.
+                          format: int64
+                          type: integer
+                        value:
+                          description: Value is the taint value the toleration matches
+                            to. If the operator is Exists, the value should be empty,
+                            otherwise just a regular string.
+                          type: string
+                      type: object
+                    type: array
+                type: object
+              skipCertCheck:
+                description: Disable certificate validation checks for installer download
+                  and API communication
+                type: boolean
+              tokens:
+                description: Credentials for the DynaKube to connect back to Dynatrace.
+                type: string
+              trustedCAs:
+                description: 'Optional: Adds custom RootCAs from a configmap This
+                  property only affects certificates used to communicate with the
+                  Dynatrace API. The property is not applied to the ActiveGate'
+                type: string
+            required:
+            - apiUrl
+            type: object
+          status:
+            description: DynaKubeStatus defines the observed state of DynaKube
+            properties:
+              activeGate:
+                properties:
+                  imageHash:
+                    description: ImageHash contains the last image hash seen.
+                    type: string
+                  imageVersion:
+                    description: ImageVersion contains the version from the last image
+                      seen.
+                    type: string
+                  lastImageProbeTimestamp:
+                    description: LastImageProbeTimestamp defines the last timestamp
+                      when the querying for image updates have been done.
+                    format: date-time
+                    type: string
+                type: object
+              conditions:
+                description: Conditions includes status about the current state of
+                  the instance
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n type FooStatus struct{ // Represents the observations of a
+                    foo's current state. // Known .status.conditions.type are: \"Available\",
+                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              environmentID:
+                description: EnvironmentID contains the environment UUID corresponding
+                  to the API URL
+                type: string
+              lastAPITokenProbeTimestamp:
+                description: LastAPITokenProbeTimestamp tracks when the last request
+                  for the API token validity was sent
+                format: date-time
+                type: string
+              lastClusterVersionProbeTimestamp:
+                description: LastClusterVersionProbeTimestamp indicates when the cluster's
+                  version was last checked
+                format: date-time
+                type: string
+              lastPaaSTokenProbeTimestamp:
+                description: LastPaaSTokenProbeTimestamp tracks when the last request
+                  for the PaaS token validity was sent
+                format: date-time
+                type: string
+              oneAgent:
+                properties:
+                  imageHash:
+                    description: ImageHash contains the last image hash seen.
+                    type: string
+                  imageVersion:
+                    description: ImageVersion contains the version from the last image
+                      seen.
+                    type: string
+                  instances:
+                    additionalProperties:
+                      properties:
+                        ipAddress:
+                          type: string
+                        podName:
+                          type: string
+                        version:
+                          type: string
+                      type: object
+                    type: object
+                  lastImageProbeTimestamp:
+                    description: LastImageProbeTimestamp defines the last timestamp
+                      when the querying for image updates have been done.
+                    format: date-time
+                    type: string
+                  lastUpdateProbeTimestamp:
+                    description: LastUpdateProbeTimestamp defines the last timestamp
+                      when the querying for updates have been done
+                    format: date-time
+                    type: string
+                  useImmutableImage:
+                    description: UseImmutableImage is set when an immutable image
+                      is currently in use
+                    type: boolean
+                  version:
+                    description: Dynatrace version being used.
+                    type: string
+                type: object
+              phase:
+                description: Defines the current state (Running, Updating, Error,
+                  ...)
+                type: string
+              tokens:
+                description: Credentials used to connect back to Dynatrace.
+                type: string
+              updatedTimestamp:
+                description: UpdatedTimestamp indicates when the instance was last
+                  updated
+                format: date-time
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: false
+    subresources:
+      status: {}
+  - additionalPrinterColumns:
+    - jsonPath: .spec.apiUrl
+      name: ApiUrl
+      type: string
+    - jsonPath: .status.tokens
+      name: Tokens
+      type: string
+    - jsonPath: .status.phase
+      name: Status
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: DynaKube is the Schema for the DynaKube API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: DynaKubeSpec defines the desired state of DynaKube
+            properties:
+              activeGate:
+                description: General configuration about ActiveGate instances
+                properties:
+                  annotations:
+                    additionalProperties:
+                      type: string
+                    description: 'Optional: Adds additional annotations to the ActiveGate
+                      pods'
+                    type: object
+                  capabilities:
+                    description: Activegate capabilities enabled (routing, kubernetes-monitoring,
+                      metrics-ingest, dynatrace-api)
+                    items:
+                      type: string
+                    type: array
+                  customProperties:
+                    description: 'Optional: Add a custom properties file by providing
+                      it as a value or reference it from a secret If referenced from
+                      a secret, make sure the key is called ''customProperties'''
+                    properties:
+                      value:
+                        type: string
+                      valueFrom:
+                        type: string
+                    type: object
+                  dnsPolicy:
+                    description: 'Optional: Sets DNS Policy for the ActiveGate pods'
+                    type: string
+                  env:
+                    description: 'Optional: List of environment variables to set for
+                      the ActiveGate'
+                    items:
+                      description: EnvVar represents an environment variable present
+                        in a Container.
+                      properties:
+                        name:
+                          description: Name of the environment variable. Must be a
+                            C_IDENTIFIER.
+                          type: string
+                        value:
+                          description: 'Variable references $(VAR_NAME) are expanded
+                            using the previously defined environment variables in
+                            the container and any service environment variables. If
+                            a variable cannot be resolved, the reference in the input
+                            string will be unchanged. Double $$ are reduced to a single
+                            $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                            Escaped references will never be expanded, regardless
+                            of whether the variable exists or not. Defaults to "".'
+                          type: string
+                        valueFrom:
+                          description: Source for the environment variable's value.
+                            Cannot be used if value is not empty.
+                          properties:
+                            configMapKeyRef:
+                              description: Selects a key of a ConfigMap.
+                              properties:
+                                key:
+                                  description: The key to select.
+                                  type: string
+                                name:
+                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind,
+                                    uid?'
+                                  type: string
+                                optional:
+                                  description: Specify whether the ConfigMap or its
+                                    key must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            fieldRef:
+                              description: 'Selects a field of the pod: supports metadata.name,
+                                metadata.namespace, `metadata.labels[''<KEY>'']`,
+                                `metadata.annotations[''<KEY>'']`, spec.nodeName,
+                                spec.serviceAccountName, status.hostIP, status.podIP,
+                                status.podIPs.'
+                              properties:
+                                apiVersion:
+                                  description: Version of the schema the FieldPath
+                                    is written in terms of, defaults to "v1".
+                                  type: string
+                                fieldPath:
+                                  description: Path of the field to select in the
+                                    specified API version.
+                                  type: string
+                              required:
+                              - fieldPath
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            resourceFieldRef:
+                              description: 'Selects a resource of the container: only
+                                resources limits and requests (limits.cpu, limits.memory,
+                                limits.ephemeral-storage, requests.cpu, requests.memory
+                                and requests.ephemeral-storage) are currently supported.'
+                              properties:
+                                containerName:
+                                  description: 'Container name: required for volumes,
+                                    optional for env vars'
+                                  type: string
+                                divisor:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: Specifies the output format of the
+                                    exposed resources, defaults to "1"
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                resource:
+                                  description: 'Required: resource to select'
+                                  type: string
+                              required:
+                              - resource
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            secretKeyRef:
+                              description: Selects a key of a secret in the pod's
+                                namespace
+                              properties:
+                                key:
+                                  description: The key of the secret to select from.  Must
+                                    be a valid secret key.
+                                  type: string
+                                name:
+                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind,
+                                    uid?'
+                                  type: string
+                                optional:
+                                  description: Specify whether the Secret or its key
+                                    must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  group:
+                    description: 'Optional: Set activation group for ActiveGate'
+                    type: string
+                  image:
+                    description: 'Optional: the ActiveGate container image. Defaults
+                      to the latest ActiveGate image provided by the registry on the
+                      tenant'
+                    type: string
+                  labels:
+                    additionalProperties:
+                      type: string
+                    description: 'Optional: Adds additional labels for the ActiveGate
+                      pods'
+                    type: object
+                  nodeSelector:
+                    additionalProperties:
+                      type: string
+                    description: 'Optional: Node selector to control the selection
+                      of nodes'
+                    type: object
+                  priorityClassName:
+                    description: 'Optional: If specified, indicates the pod''s priority.
+                      Name must be defined by creating a PriorityClass object with
+                      that name. If not specified the setting will be removed from
+                      the StatefulSet.'
+                    type: string
+                  replicas:
+                    description: Amount of replicas for your ActiveGates
+                    format: int32
+                    type: integer
+                  resources:
+                    description: 'Optional: define resources requests and limits for
+                      single ActiveGate pods'
+                    properties:
+                      claims:
+                        description: "Claims lists the names of resources, defined
+                          in spec.resourceClaims, that are used by this container.
+                          \n This is an alpha field and requires enabling the DynamicResourceAllocation
+                          feature gate. \n This field is immutable."
+                        items:
+                          description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                          properties:
+                            name:
+                              description: Name must match the name of one entry in
+                                pod.spec.resourceClaims of the Pod where this field
+                                is used. It makes that resource available inside a
+                                container.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      limits:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Limits describes the maximum amount of compute
+                          resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                        type: object
+                      requests:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Requests describes the minimum amount of compute
+                          resources required. If Requests is omitted for a container,
+                          it defaults to Limits if that is explicitly specified, otherwise
+                          to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                        type: object
+                    type: object
+                  tlsSecretName:
+                    description: 'Optional: the name of a secret containing ActiveGate
+                      TLS cert+key and password. If not set, self-signed certificate
+                      is used. server.p12: certificate+key pair in pkcs12 format password:
+                      passphrase to read server.p12'
+                    type: string
+                  tolerations:
+                    description: 'Optional: set tolerations for the ActiveGatePods
+                      pods'
+                    items:
+                      description: The pod this Toleration is attached to tolerates
+                        any taint that matches the triple <key,value,effect> using
+                        the matching operator <operator>.
+                      properties:
+                        effect:
+                          description: Effect indicates the taint effect to match.
+                            Empty means match all taint effects. When specified, allowed
+                            values are NoSchedule, PreferNoSchedule and NoExecute.
+                          type: string
+                        key:
+                          description: Key is the taint key that the toleration applies
+                            to. Empty means match all taint keys. If the key is empty,
+                            operator must be Exists; this combination means to match
+                            all values and all keys.
+                          type: string
+                        operator:
+                          description: Operator represents a key's relationship to
+                            the value. Valid operators are Exists and Equal. Defaults
+                            to Equal. Exists is equivalent to wildcard for value,
+                            so that a pod can tolerate all taints of a particular
+                            category.
+                          type: string
+                        tolerationSeconds:
+                          description: TolerationSeconds represents the period of
+                            time the toleration (which must be of effect NoExecute,
+                            otherwise this field is ignored) tolerates the taint.
+                            By default, it is not set, which means tolerate the taint
+                            forever (do not evict). Zero and negative values will
+                            be treated as 0 (evict immediately) by the system.
+                          format: int64
+                          type: integer
+                        value:
+                          description: Value is the taint value the toleration matches
+                            to. If the operator is Exists, the value should be empty,
+                            otherwise just a regular string.
+                          type: string
+                      type: object
+                    type: array
+                  topologySpreadConstraints:
+                    description: 'Optional: Adds TopologySpreadConstraints for the
+                      ActiveGate pods'
+                    items:
+                      description: TopologySpreadConstraint specifies how to spread
+                        matching pods among the given topology.
+                      properties:
+                        labelSelector:
+                          description: LabelSelector is used to find matching pods.
+                            Pods that match this label selector are counted to determine
+                            the number of pods in their corresponding topology domain.
+                          properties:
+                            matchExpressions:
+                              description: matchExpressions is a list of label selector
+                                requirements. The requirements are ANDed.
+                              items:
+                                description: A label selector requirement is a selector
+                                  that contains values, a key, and an operator that
+                                  relates the key and values.
+                                properties:
+                                  key:
+                                    description: key is the label key that the selector
+                                      applies to.
+                                    type: string
+                                  operator:
+                                    description: operator represents a key's relationship
+                                      to a set of values. Valid operators are In,
+                                      NotIn, Exists and DoesNotExist.
+                                    type: string
+                                  values:
+                                    description: values is an array of string values.
+                                      If the operator is In or NotIn, the values array
+                                      must be non-empty. If the operator is Exists
+                                      or DoesNotExist, the values array must be empty.
+                                      This array is replaced during a strategic merge
+                                      patch.
+                                    items:
+                                      type: string
+                                    type: array
+                                required:
+                                - key
+                                - operator
+                                type: object
+                              type: array
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: matchLabels is a map of {key,value} pairs.
+                                A single {key,value} in the matchLabels map is equivalent
+                                to an element of matchExpressions, whose key field
+                                is "key", the operator is "In", and the values array
+                                contains only "value". The requirements are ANDed.
+                              type: object
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        matchLabelKeys:
+                          description: MatchLabelKeys is a set of pod label keys to
+                            select the pods over which spreading will be calculated.
+                            The keys are used to lookup values from the incoming pod
+                            labels, those key-value labels are ANDed with labelSelector
+                            to select the group of existing pods over which spreading
+                            will be calculated for the incoming pod. Keys that don't
+                            exist in the incoming pod labels will be ignored. A null
+                            or empty list means only match against labelSelector.
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        maxSkew:
+                          description: 'MaxSkew describes the degree to which pods
+                            may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+                            it is the maximum permitted difference between the number
+                            of matching pods in the target topology and the global
+                            minimum. The global minimum is the minimum number of matching
+                            pods in an eligible domain or zero if the number of eligible
+                            domains is less than MinDomains. For example, in a 3-zone
+                            cluster, MaxSkew is set to 1, and pods with the same labelSelector
+                            spread as 2/2/1: In this case, the global minimum is 1.
+                            | zone1 | zone2 | zone3 | |  P P  |  P P  |   P   | -
+                            if MaxSkew is 1, incoming pod can only be scheduled to
+                            zone3 to become 2/2/2; scheduling it onto zone1(zone2)
+                            would make the ActualSkew(3-1) on zone1(zone2) violate
+                            MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
+                            onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+                            it is used to give higher precedence to topologies that
+                            satisfy it. It''s a required field. Default value is 1
+                            and 0 is not allowed.'
+                          format: int32
+                          type: integer
+                        minDomains:
+                          description: "MinDomains indicates a minimum number of eligible
+                            domains. When the number of eligible domains with matching
+                            topology keys is less than minDomains, Pod Topology Spread
+                            treats \"global minimum\" as 0, and then the calculation
+                            of Skew is performed. And when the number of eligible
+                            domains with matching topology keys equals or greater
+                            than minDomains, this value has no effect on scheduling.
+                            As a result, when the number of eligible domains is less
+                            than minDomains, scheduler won't schedule more than maxSkew
+                            Pods to those domains. If value is nil, the constraint
+                            behaves as if MinDomains is equal to 1. Valid values are
+                            integers greater than 0. When value is not nil, WhenUnsatisfiable
+                            must be DoNotSchedule. \n For example, in a 3-zone cluster,
+                            MaxSkew is set to 2, MinDomains is set to 5 and pods with
+                            the same labelSelector spread as 2/2/2: | zone1 | zone2
+                            | zone3 | |  P P  |  P P  |  P P  | The number of domains
+                            is less than 5(MinDomains), so \"global minimum\" is treated
+                            as 0. In this situation, new pod with the same labelSelector
+                            cannot be scheduled, because computed skew will be 3(3
+                            - 0) if new Pod is scheduled to any of the three zones,
+                            it will violate MaxSkew. \n This is a beta field and requires
+                            the MinDomainsInPodTopologySpread feature gate to be enabled
+                            (enabled by default)."
+                          format: int32
+                          type: integer
+                        nodeAffinityPolicy:
+                          description: "NodeAffinityPolicy indicates how we will treat
+                            Pod's nodeAffinity/nodeSelector when calculating pod topology
+                            spread skew. Options are: - Honor: only nodes matching
+                            nodeAffinity/nodeSelector are included in the calculations.
+                            - Ignore: nodeAffinity/nodeSelector are ignored. All nodes
+                            are included in the calculations. \n If this value is
+                            nil, the behavior is equivalent to the Honor policy. This
+                            is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
+                            feature flag."
+                          type: string
+                        nodeTaintsPolicy:
+                          description: "NodeTaintsPolicy indicates how we will treat
+                            node taints when calculating pod topology spread skew.
+                            Options are: - Honor: nodes without taints, along with
+                            tainted nodes for which the incoming pod has a toleration,
+                            are included. - Ignore: node taints are ignored. All nodes
+                            are included. \n If this value is nil, the behavior is
+                            equivalent to the Ignore policy. This is a beta-level
+                            feature default enabled by the NodeInclusionPolicyInPodTopologySpread
+                            feature flag."
+                          type: string
+                        topologyKey:
+                          description: TopologyKey is the key of node labels. Nodes
+                            that have a label with this key and identical values are
+                            considered to be in the same topology. We consider each
+                            <key, value> as a "bucket", and try to put balanced number
+                            of pods into each bucket. We define a domain as a particular
+                            instance of a topology. Also, we define an eligible domain
+                            as a domain whose nodes meet the requirements of nodeAffinityPolicy
+                            and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+                            each Node is a domain of that topology. And, if TopologyKey
+                            is "topology.kubernetes.io/zone", each zone is a domain
+                            of that topology. It's a required field.
+                          type: string
+                        whenUnsatisfiable:
+                          description: 'WhenUnsatisfiable indicates how to deal with
+                            a pod if it doesn''t satisfy the spread constraint. -
+                            DoNotSchedule (default) tells the scheduler not to schedule
+                            it. - ScheduleAnyway tells the scheduler to schedule the
+                            pod in any location, but giving higher precedence to topologies
+                            that would help reduce the skew. A constraint is considered
+                            "Unsatisfiable" for an incoming pod if and only if every
+                            possible node assignment for that pod would violate "MaxSkew"
+                            on some topology. For example, in a 3-zone cluster, MaxSkew
+                            is set to 1, and pods with the same labelSelector spread
+                            as 3/1/1: | zone1 | zone2 | zone3 | | P P P |   P   |   P   |
+                            If WhenUnsatisfiable is set to DoNotSchedule, incoming
+                            pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
+                            as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
+                            In other words, the cluster can still be imbalanced, but
+                            scheduler won''t make it *more* imbalanced. It''s a required
+                            field.'
+                          type: string
+                      required:
+                      - maxSkew
+                      - topologyKey
+                      - whenUnsatisfiable
+                      type: object
+                    type: array
+                type: object
+              apiUrl:
+                description: Location of the Dynatrace API to connect to, including
+                  your specific environment UUID
+                type: string
+              customPullSecret:
+                description: 'Optional: Pull secret for your private registry'
+                type: string
+              enableIstio:
+                description: If enabled, Istio on the cluster will be configured automatically
+                  to allow access to the Dynatrace environment
+                type: boolean
+              kubernetesMonitoring:
+                description: 'Deprecated: Configuration for Kubernetes Monitoring'
+                properties:
+                  customProperties:
+                    description: 'Optional: Add a custom properties file by providing
+                      it as a value or reference it from a secret If referenced from
+                      a secret, make sure the key is called ''customProperties'''
+                    properties:
+                      value:
+                        type: string
+                      valueFrom:
+                        type: string
+                    type: object
+                  enabled:
+                    description: Enables Capability
+                    type: boolean
+                  env:
+                    description: 'Optional: List of environment variables to set for
+                      the ActiveGate'
+                    items:
+                      description: EnvVar represents an environment variable present
+                        in a Container.
+                      properties:
+                        name:
+                          description: Name of the environment variable. Must be a
+                            C_IDENTIFIER.
+                          type: string
+                        value:
+                          description: 'Variable references $(VAR_NAME) are expanded
+                            using the previously defined environment variables in
+                            the container and any service environment variables. If
+                            a variable cannot be resolved, the reference in the input
+                            string will be unchanged. Double $$ are reduced to a single
+                            $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                            Escaped references will never be expanded, regardless
+                            of whether the variable exists or not. Defaults to "".'
+                          type: string
+                        valueFrom:
+                          description: Source for the environment variable's value.
+                            Cannot be used if value is not empty.
+                          properties:
+                            configMapKeyRef:
+                              description: Selects a key of a ConfigMap.
+                              properties:
+                                key:
+                                  description: The key to select.
+                                  type: string
+                                name:
+                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind,
+                                    uid?'
+                                  type: string
+                                optional:
+                                  description: Specify whether the ConfigMap or its
+                                    key must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            fieldRef:
+                              description: 'Selects a field of the pod: supports metadata.name,
+                                metadata.namespace, `metadata.labels[''<KEY>'']`,
+                                `metadata.annotations[''<KEY>'']`, spec.nodeName,
+                                spec.serviceAccountName, status.hostIP, status.podIP,
+                                status.podIPs.'
+                              properties:
+                                apiVersion:
+                                  description: Version of the schema the FieldPath
+                                    is written in terms of, defaults to "v1".
+                                  type: string
+                                fieldPath:
+                                  description: Path of the field to select in the
+                                    specified API version.
+                                  type: string
+                              required:
+                              - fieldPath
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            resourceFieldRef:
+                              description: 'Selects a resource of the container: only
+                                resources limits and requests (limits.cpu, limits.memory,
+                                limits.ephemeral-storage, requests.cpu, requests.memory
+                                and requests.ephemeral-storage) are currently supported.'
+                              properties:
+                                containerName:
+                                  description: 'Container name: required for volumes,
+                                    optional for env vars'
+                                  type: string
+                                divisor:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: Specifies the output format of the
+                                    exposed resources, defaults to "1"
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                resource:
+                                  description: 'Required: resource to select'
+                                  type: string
+                              required:
+                              - resource
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            secretKeyRef:
+                              description: Selects a key of a secret in the pod's
+                                namespace
+                              properties:
+                                key:
+                                  description: The key of the secret to select from.  Must
+                                    be a valid secret key.
+                                  type: string
+                                name:
+                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind,
+                                    uid?'
+                                  type: string
+                                optional:
+                                  description: Specify whether the Secret or its key
+                                    must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  group:
+                    description: 'Optional: Set activation group for ActiveGate'
+                    type: string
+                  image:
+                    description: 'Optional: the ActiveGate container image. Defaults
+                      to the latest ActiveGate image provided by the registry on the
+                      tenant'
+                    type: string
+                  labels:
+                    additionalProperties:
+                      type: string
+                    description: 'Optional: Adds additional labels for the ActiveGate
+                      pods'
+                    type: object
+                  nodeSelector:
+                    additionalProperties:
+                      type: string
+                    description: 'Optional: Node selector to control the selection
+                      of nodes'
+                    type: object
+                  replicas:
+                    description: Amount of replicas for your ActiveGates
+                    format: int32
+                    type: integer
+                  resources:
+                    description: 'Optional: define resources requests and limits for
+                      single ActiveGate pods'
+                    properties:
+                      claims:
+                        description: "Claims lists the names of resources, defined
+                          in spec.resourceClaims, that are used by this container.
+                          \n This is an alpha field and requires enabling the DynamicResourceAllocation
+                          feature gate. \n This field is immutable."
+                        items:
+                          description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                          properties:
+                            name:
+                              description: Name must match the name of one entry in
+                                pod.spec.resourceClaims of the Pod where this field
+                                is used. It makes that resource available inside a
+                                container.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      limits:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Limits describes the maximum amount of compute
+                          resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                        type: object
+                      requests:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Requests describes the minimum amount of compute
+                          resources required. If Requests is omitted for a container,
+                          it defaults to Limits if that is explicitly specified, otherwise
+                          to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                        type: object
+                    type: object
+                  tolerations:
+                    description: 'Optional: set tolerations for the ActiveGatePods
+                      pods'
+                    items:
+                      description: The pod this Toleration is attached to tolerates
+                        any taint that matches the triple <key,value,effect> using
+                        the matching operator <operator>.
+                      properties:
+                        effect:
+                          description: Effect indicates the taint effect to match.
+                            Empty means match all taint effects. When specified, allowed
+                            values are NoSchedule, PreferNoSchedule and NoExecute.
+                          type: string
+                        key:
+                          description: Key is the taint key that the toleration applies
+                            to. Empty means match all taint keys. If the key is empty,
+                            operator must be Exists; this combination means to match
+                            all values and all keys.
+                          type: string
+                        operator:
+                          description: Operator represents a key's relationship to
+                            the value. Valid operators are Exists and Equal. Defaults
+                            to Equal. Exists is equivalent to wildcard for value,
+                            so that a pod can tolerate all taints of a particular
+                            category.
+                          type: string
+                        tolerationSeconds:
+                          description: TolerationSeconds represents the period of
+                            time the toleration (which must be of effect NoExecute,
+                            otherwise this field is ignored) tolerates the taint.
+                            By default, it is not set, which means tolerate the taint
+                            forever (do not evict). Zero and negative values will
+                            be treated as 0 (evict immediately) by the system.
+                          format: int64
+                          type: integer
+                        value:
+                          description: Value is the taint value the toleration matches
+                            to. If the operator is Exists, the value should be empty,
+                            otherwise just a regular string.
+                          type: string
+                      type: object
+                    type: array
+                  topologySpreadConstraints:
+                    description: 'Optional: Adds TopologySpreadConstraints for the
+                      ActiveGate pods'
+                    items:
+                      description: TopologySpreadConstraint specifies how to spread
+                        matching pods among the given topology.
+                      properties:
+                        labelSelector:
+                          description: LabelSelector is used to find matching pods.
+                            Pods that match this label selector are counted to determine
+                            the number of pods in their corresponding topology domain.
+                          properties:
+                            matchExpressions:
+                              description: matchExpressions is a list of label selector
+                                requirements. The requirements are ANDed.
+                              items:
+                                description: A label selector requirement is a selector
+                                  that contains values, a key, and an operator that
+                                  relates the key and values.
+                                properties:
+                                  key:
+                                    description: key is the label key that the selector
+                                      applies to.
+                                    type: string
+                                  operator:
+                                    description: operator represents a key's relationship
+                                      to a set of values. Valid operators are In,
+                                      NotIn, Exists and DoesNotExist.
+                                    type: string
+                                  values:
+                                    description: values is an array of string values.
+                                      If the operator is In or NotIn, the values array
+                                      must be non-empty. If the operator is Exists
+                                      or DoesNotExist, the values array must be empty.
+                                      This array is replaced during a strategic merge
+                                      patch.
+                                    items:
+                                      type: string
+                                    type: array
+                                required:
+                                - key
+                                - operator
+                                type: object
+                              type: array
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: matchLabels is a map of {key,value} pairs.
+                                A single {key,value} in the matchLabels map is equivalent
+                                to an element of matchExpressions, whose key field
+                                is "key", the operator is "In", and the values array
+                                contains only "value". The requirements are ANDed.
+                              type: object
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        matchLabelKeys:
+                          description: MatchLabelKeys is a set of pod label keys to
+                            select the pods over which spreading will be calculated.
+                            The keys are used to lookup values from the incoming pod
+                            labels, those key-value labels are ANDed with labelSelector
+                            to select the group of existing pods over which spreading
+                            will be calculated for the incoming pod. Keys that don't
+                            exist in the incoming pod labels will be ignored. A null
+                            or empty list means only match against labelSelector.
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        maxSkew:
+                          description: 'MaxSkew describes the degree to which pods
+                            may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+                            it is the maximum permitted difference between the number
+                            of matching pods in the target topology and the global
+                            minimum. The global minimum is the minimum number of matching
+                            pods in an eligible domain or zero if the number of eligible
+                            domains is less than MinDomains. For example, in a 3-zone
+                            cluster, MaxSkew is set to 1, and pods with the same labelSelector
+                            spread as 2/2/1: In this case, the global minimum is 1.
+                            | zone1 | zone2 | zone3 | |  P P  |  P P  |   P   | -
+                            if MaxSkew is 1, incoming pod can only be scheduled to
+                            zone3 to become 2/2/2; scheduling it onto zone1(zone2)
+                            would make the ActualSkew(3-1) on zone1(zone2) violate
+                            MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
+                            onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+                            it is used to give higher precedence to topologies that
+                            satisfy it. It''s a required field. Default value is 1
+                            and 0 is not allowed.'
+                          format: int32
+                          type: integer
+                        minDomains:
+                          description: "MinDomains indicates a minimum number of eligible
+                            domains. When the number of eligible domains with matching
+                            topology keys is less than minDomains, Pod Topology Spread
+                            treats \"global minimum\" as 0, and then the calculation
+                            of Skew is performed. And when the number of eligible
+                            domains with matching topology keys equals or greater
+                            than minDomains, this value has no effect on scheduling.
+                            As a result, when the number of eligible domains is less
+                            than minDomains, scheduler won't schedule more than maxSkew
+                            Pods to those domains. If value is nil, the constraint
+                            behaves as if MinDomains is equal to 1. Valid values are
+                            integers greater than 0. When value is not nil, WhenUnsatisfiable
+                            must be DoNotSchedule. \n For example, in a 3-zone cluster,
+                            MaxSkew is set to 2, MinDomains is set to 5 and pods with
+                            the same labelSelector spread as 2/2/2: | zone1 | zone2
+                            | zone3 | |  P P  |  P P  |  P P  | The number of domains
+                            is less than 5(MinDomains), so \"global minimum\" is treated
+                            as 0. In this situation, new pod with the same labelSelector
+                            cannot be scheduled, because computed skew will be 3(3
+                            - 0) if new Pod is scheduled to any of the three zones,
+                            it will violate MaxSkew. \n This is a beta field and requires
+                            the MinDomainsInPodTopologySpread feature gate to be enabled
+                            (enabled by default)."
+                          format: int32
+                          type: integer
+                        nodeAffinityPolicy:
+                          description: "NodeAffinityPolicy indicates how we will treat
+                            Pod's nodeAffinity/nodeSelector when calculating pod topology
+                            spread skew. Options are: - Honor: only nodes matching
+                            nodeAffinity/nodeSelector are included in the calculations.
+                            - Ignore: nodeAffinity/nodeSelector are ignored. All nodes
+                            are included in the calculations. \n If this value is
+                            nil, the behavior is equivalent to the Honor policy. This
+                            is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
+                            feature flag."
+                          type: string
+                        nodeTaintsPolicy:
+                          description: "NodeTaintsPolicy indicates how we will treat
+                            node taints when calculating pod topology spread skew.
+                            Options are: - Honor: nodes without taints, along with
+                            tainted nodes for which the incoming pod has a toleration,
+                            are included. - Ignore: node taints are ignored. All nodes
+                            are included. \n If this value is nil, the behavior is
+                            equivalent to the Ignore policy. This is a beta-level
+                            feature default enabled by the NodeInclusionPolicyInPodTopologySpread
+                            feature flag."
+                          type: string
+                        topologyKey:
+                          description: TopologyKey is the key of node labels. Nodes
+                            that have a label with this key and identical values are
+                            considered to be in the same topology. We consider each
+                            <key, value> as a "bucket", and try to put balanced number
+                            of pods into each bucket. We define a domain as a particular
+                            instance of a topology. Also, we define an eligible domain
+                            as a domain whose nodes meet the requirements of nodeAffinityPolicy
+                            and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+                            each Node is a domain of that topology. And, if TopologyKey
+                            is "topology.kubernetes.io/zone", each zone is a domain
+                            of that topology. It's a required field.
+                          type: string
+                        whenUnsatisfiable:
+                          description: 'WhenUnsatisfiable indicates how to deal with
+                            a pod if it doesn''t satisfy the spread constraint. -
+                            DoNotSchedule (default) tells the scheduler not to schedule
+                            it. - ScheduleAnyway tells the scheduler to schedule the
+                            pod in any location, but giving higher precedence to topologies
+                            that would help reduce the skew. A constraint is considered
+                            "Unsatisfiable" for an incoming pod if and only if every
+                            possible node assignment for that pod would violate "MaxSkew"
+                            on some topology. For example, in a 3-zone cluster, MaxSkew
+                            is set to 1, and pods with the same labelSelector spread
+                            as 3/1/1: | zone1 | zone2 | zone3 | | P P P |   P   |   P   |
+                            If WhenUnsatisfiable is set to DoNotSchedule, incoming
+                            pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
+                            as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
+                            In other words, the cluster can still be imbalanced, but
+                            scheduler won''t make it *more* imbalanced. It''s a required
+                            field.'
+                          type: string
+                      required:
+                      - maxSkew
+                      - topologyKey
+                      - whenUnsatisfiable
+                      type: object
+                    type: array
+                type: object
+              namespaceSelector:
+                description: 'Optional: set a namespace selector to limit which namespaces
+                  are monitored By default, all namespaces will be monitored Has no
+                  effect during classicFullStack and hostMonitoring mode'
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+                x-kubernetes-map-type: atomic
+              networkZone:
+                description: 'Optional: Sets Network Zone for OneAgent and ActiveGate
+                  pods'
+                type: string
+              oneAgent:
+                description: General configuration about OneAgent instances
+                properties:
+                  applicationMonitoring:
+                    description: 'Optional: enable application-only monitoring and
+                      change its settings Cannot be used in conjunction with cloud-native
+                      fullstack monitoring, classic fullstack monitoring or host monitoring'
+                    nullable: true
+                    properties:
+                      codeModulesImage:
+                        description: 'Optional: the Dynatrace installer container
+                          image'
+                        type: string
+                      initResources:
+                        description: 'Optional: define resources requests and limits
+                          for the initContainer'
+                        properties:
+                          claims:
+                            description: "Claims lists the names of resources, defined
+                              in spec.resourceClaims, that are used by this container.
+                              \n This is an alpha field and requires enabling the
+                              DynamicResourceAllocation feature gate. \n This field
+                              is immutable."
+                            items:
+                              description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                              properties:
+                                name:
+                                  description: Name must match the name of one entry
+                                    in pod.spec.resourceClaims of the Pod where this
+                                    field is used. It makes that resource available
+                                    inside a container.
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                            type: array
+                            x-kubernetes-list-map-keys:
+                            - name
+                            x-kubernetes-list-type: map
+                          limits:
+                            additionalProperties:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            description: 'Limits describes the maximum amount of compute
+                              resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                            type: object
+                          requests:
+                            additionalProperties:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            description: 'Requests describes the minimum amount of
+                              compute resources required. If Requests is omitted for
+                              a container, it defaults to Limits if that is explicitly
+                              specified, otherwise to an implementation-defined value.
+                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                            type: object
+                        type: object
+                      useCSIDriver:
+                        description: 'Optional: If you want to use CSIDriver; disable
+                          if your cluster does not have ''nodes'' to fall back to
+                          the volume approach.'
+                        type: boolean
+                      version:
+                        description: 'Optional: If specified, indicates the OneAgent
+                          version to use Defaults to latest Example: {major.minor.release}
+                          - 1.200.0'
+                        type: string
+                    type: object
+                  classicFullStack:
+                    description: 'Optional: enable classic fullstack monitoring and
+                      change its settings Cannot be used in conjunction with cloud-native
+                      fullstack monitoring, application monitoring or host monitoring'
+                    nullable: true
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Optional: Adds additional annotations to the
+                          OneAgent pods'
+                        type: object
+                      args:
+                        description: 'Optional: Arguments to the OneAgent installer'
+                        items:
+                          type: string
+                        type: array
+                        x-kubernetes-list-type: set
+                      autoUpdate:
+                        description: 'Optional: Enables automatic restarts of OneAgent
+                          pods in case a new version is available Defaults to true'
+                        type: boolean
+                      dnsPolicy:
+                        description: 'Optional: Sets DNS Policy for the OneAgent pods'
+                        type: string
+                      env:
+                        description: 'Optional: List of environment variables to set
+                          for the installer'
+                        items:
+                          description: EnvVar represents an environment variable present
+                            in a Container.
+                          properties:
+                            name:
+                              description: Name of the environment variable. Must
+                                be a C_IDENTIFIER.
+                              type: string
+                            value:
+                              description: 'Variable references $(VAR_NAME) are expanded
+                                using the previously defined environment variables
+                                in the container and any service environment variables.
+                                If a variable cannot be resolved, the reference in
+                                the input string will be unchanged. Double $$ are
+                                reduced to a single $, which allows for escaping the
+                                $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+                                the string literal "$(VAR_NAME)". Escaped references
+                                will never be expanded, regardless of whether the
+                                variable exists or not. Defaults to "".'
+                              type: string
+                            valueFrom:
+                              description: Source for the environment variable's value.
+                                Cannot be used if value is not empty.
+                              properties:
+                                configMapKeyRef:
+                                  description: Selects a key of a ConfigMap.
+                                  properties:
+                                    key:
+                                      description: The key to select.
+                                      type: string
+                                    name:
+                                      description: 'Name of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                        TODO: Add other useful fields. apiVersion,
+                                        kind, uid?'
+                                      type: string
+                                    optional:
+                                      description: Specify whether the ConfigMap or
+                                        its key must be defined
+                                      type: boolean
+                                  required:
+                                  - key
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                fieldRef:
+                                  description: 'Selects a field of the pod: supports
+                                    metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+                                    `metadata.annotations[''<KEY>'']`, spec.nodeName,
+                                    spec.serviceAccountName, status.hostIP, status.podIP,
+                                    status.podIPs.'
+                                  properties:
+                                    apiVersion:
+                                      description: Version of the schema the FieldPath
+                                        is written in terms of, defaults to "v1".
+                                      type: string
+                                    fieldPath:
+                                      description: Path of the field to select in
+                                        the specified API version.
+                                      type: string
+                                  required:
+                                  - fieldPath
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                resourceFieldRef:
+                                  description: 'Selects a resource of the container:
+                                    only resources limits and requests (limits.cpu,
+                                    limits.memory, limits.ephemeral-storage, requests.cpu,
+                                    requests.memory and requests.ephemeral-storage)
+                                    are currently supported.'
+                                  properties:
+                                    containerName:
+                                      description: 'Container name: required for volumes,
+                                        optional for env vars'
+                                      type: string
+                                    divisor:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      description: Specifies the output format of
+                                        the exposed resources, defaults to "1"
+                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                      x-kubernetes-int-or-string: true
+                                    resource:
+                                      description: 'Required: resource to select'
+                                      type: string
+                                  required:
+                                  - resource
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                secretKeyRef:
+                                  description: Selects a key of a secret in the pod's
+                                    namespace
+                                  properties:
+                                    key:
+                                      description: The key of the secret to select
+                                        from.  Must be a valid secret key.
+                                      type: string
+                                    name:
+                                      description: 'Name of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                        TODO: Add other useful fields. apiVersion,
+                                        kind, uid?'
+                                      type: string
+                                    optional:
+                                      description: Specify whether the Secret or its
+                                        key must be defined
+                                      type: boolean
+                                  required:
+                                  - key
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        type: array
+                      image:
+                        description: 'Optional: the Dynatrace installer container
+                          image Defaults to the registry on the tenant for both Kubernetes
+                          and for OpenShift'
+                        type: string
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Optional: Adds additional labels for the OneAgent
+                          pods'
+                        type: object
+                      nodeSelector:
+                        additionalProperties:
+                          type: string
+                        description: Node selector to control the selection of nodes
+                          (optional)
+                        type: object
+                      oneAgentResources:
+                        description: 'Optional: define resources requests and limits
+                          for single pods'
+                        properties:
+                          claims:
+                            description: "Claims lists the names of resources, defined
+                              in spec.resourceClaims, that are used by this container.
+                              \n This is an alpha field and requires enabling the
+                              DynamicResourceAllocation feature gate. \n This field
+                              is immutable."
+                            items:
+                              description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                              properties:
+                                name:
+                                  description: Name must match the name of one entry
+                                    in pod.spec.resourceClaims of the Pod where this
+                                    field is used. It makes that resource available
+                                    inside a container.
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                            type: array
+                            x-kubernetes-list-map-keys:
+                            - name
+                            x-kubernetes-list-type: map
+                          limits:
+                            additionalProperties:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            description: 'Limits describes the maximum amount of compute
+                              resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                            type: object
+                          requests:
+                            additionalProperties:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            description: 'Requests describes the minimum amount of
+                              compute resources required. If Requests is omitted for
+                              a container, it defaults to Limits if that is explicitly
+                              specified, otherwise to an implementation-defined value.
+                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                            type: object
+                        type: object
+                      priorityClassName:
+                        description: 'Optional: If specified, indicates the pod''s
+                          priority. Name must be defined by creating a PriorityClass
+                          object with that name. If not specified the setting will
+                          be removed from the DaemonSet.'
+                        type: string
+                      tolerations:
+                        description: 'Optional: set tolerations for the OneAgent pods'
+                        items:
+                          description: The pod this Toleration is attached to tolerates
+                            any taint that matches the triple <key,value,effect> using
+                            the matching operator <operator>.
+                          properties:
+                            effect:
+                              description: Effect indicates the taint effect to match.
+                                Empty means match all taint effects. When specified,
+                                allowed values are NoSchedule, PreferNoSchedule and
+                                NoExecute.
+                              type: string
+                            key:
+                              description: Key is the taint key that the toleration
+                                applies to. Empty means match all taint keys. If the
+                                key is empty, operator must be Exists; this combination
+                                means to match all values and all keys.
+                              type: string
+                            operator:
+                              description: Operator represents a key's relationship
+                                to the value. Valid operators are Exists and Equal.
+                                Defaults to Equal. Exists is equivalent to wildcard
+                                for value, so that a pod can tolerate all taints of
+                                a particular category.
+                              type: string
+                            tolerationSeconds:
+                              description: TolerationSeconds represents the period
+                                of time the toleration (which must be of effect NoExecute,
+                                otherwise this field is ignored) tolerates the taint.
+                                By default, it is not set, which means tolerate the
+                                taint forever (do not evict). Zero and negative values
+                                will be treated as 0 (evict immediately) by the system.
+                              format: int64
+                              type: integer
+                            value:
+                              description: Value is the taint value the toleration
+                                matches to. If the operator is Exists, the value should
+                                be empty, otherwise just a regular string.
+                              type: string
+                          type: object
+                        type: array
+                      version:
+                        description: 'Optional: If specified, indicates the OneAgent
+                          version to use Defaults to latest Example: {major.minor.release}
+                          - 1.200.0'
+                        type: string
+                    type: object
+                  cloudNativeFullStack:
+                    description: 'Optional: enable cloud-native fullstack monitoring
+                      and change its settings Cannot be used in conjunction with classic
+                      fullstack monitoring, application monitoring or host monitoring'
+                    nullable: true
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Optional: Adds additional annotations to the
+                          OneAgent pods'
+                        type: object
+                      args:
+                        description: 'Optional: Arguments to the OneAgent installer'
+                        items:
+                          type: string
+                        type: array
+                        x-kubernetes-list-type: set
+                      autoUpdate:
+                        description: 'Optional: Enables automatic restarts of OneAgent
+                          pods in case a new version is available Defaults to true'
+                        type: boolean
+                      codeModulesImage:
+                        description: 'Optional: the Dynatrace installer container
+                          image'
+                        type: string
+                      dnsPolicy:
+                        description: 'Optional: Sets DNS Policy for the OneAgent pods'
+                        type: string
+                      env:
+                        description: 'Optional: List of environment variables to set
+                          for the installer'
+                        items:
+                          description: EnvVar represents an environment variable present
+                            in a Container.
+                          properties:
+                            name:
+                              description: Name of the environment variable. Must
+                                be a C_IDENTIFIER.
+                              type: string
+                            value:
+                              description: 'Variable references $(VAR_NAME) are expanded
+                                using the previously defined environment variables
+                                in the container and any service environment variables.
+                                If a variable cannot be resolved, the reference in
+                                the input string will be unchanged. Double $$ are
+                                reduced to a single $, which allows for escaping the
+                                $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+                                the string literal "$(VAR_NAME)". Escaped references
+                                will never be expanded, regardless of whether the
+                                variable exists or not. Defaults to "".'
+                              type: string
+                            valueFrom:
+                              description: Source for the environment variable's value.
+                                Cannot be used if value is not empty.
+                              properties:
+                                configMapKeyRef:
+                                  description: Selects a key of a ConfigMap.
+                                  properties:
+                                    key:
+                                      description: The key to select.
+                                      type: string
+                                    name:
+                                      description: 'Name of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                        TODO: Add other useful fields. apiVersion,
+                                        kind, uid?'
+                                      type: string
+                                    optional:
+                                      description: Specify whether the ConfigMap or
+                                        its key must be defined
+                                      type: boolean
+                                  required:
+                                  - key
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                fieldRef:
+                                  description: 'Selects a field of the pod: supports
+                                    metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+                                    `metadata.annotations[''<KEY>'']`, spec.nodeName,
+                                    spec.serviceAccountName, status.hostIP, status.podIP,
+                                    status.podIPs.'
+                                  properties:
+                                    apiVersion:
+                                      description: Version of the schema the FieldPath
+                                        is written in terms of, defaults to "v1".
+                                      type: string
+                                    fieldPath:
+                                      description: Path of the field to select in
+                                        the specified API version.
+                                      type: string
+                                  required:
+                                  - fieldPath
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                resourceFieldRef:
+                                  description: 'Selects a resource of the container:
+                                    only resources limits and requests (limits.cpu,
+                                    limits.memory, limits.ephemeral-storage, requests.cpu,
+                                    requests.memory and requests.ephemeral-storage)
+                                    are currently supported.'
+                                  properties:
+                                    containerName:
+                                      description: 'Container name: required for volumes,
+                                        optional for env vars'
+                                      type: string
+                                    divisor:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      description: Specifies the output format of
+                                        the exposed resources, defaults to "1"
+                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                      x-kubernetes-int-or-string: true
+                                    resource:
+                                      description: 'Required: resource to select'
+                                      type: string
+                                  required:
+                                  - resource
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                secretKeyRef:
+                                  description: Selects a key of a secret in the pod's
+                                    namespace
+                                  properties:
+                                    key:
+                                      description: The key of the secret to select
+                                        from.  Must be a valid secret key.
+                                      type: string
+                                    name:
+                                      description: 'Name of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                        TODO: Add other useful fields. apiVersion,
+                                        kind, uid?'
+                                      type: string
+                                    optional:
+                                      description: Specify whether the Secret or its
+                                        key must be defined
+                                      type: boolean
+                                  required:
+                                  - key
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        type: array
+                      image:
+                        description: 'Optional: the Dynatrace installer container
+                          image Defaults to the registry on the tenant for both Kubernetes
+                          and for OpenShift'
+                        type: string
+                      initResources:
+                        description: 'Optional: define resources requests and limits
+                          for the initContainer'
+                        properties:
+                          claims:
+                            description: "Claims lists the names of resources, defined
+                              in spec.resourceClaims, that are used by this container.
+                              \n This is an alpha field and requires enabling the
+                              DynamicResourceAllocation feature gate. \n This field
+                              is immutable."
+                            items:
+                              description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                              properties:
+                                name:
+                                  description: Name must match the name of one entry
+                                    in pod.spec.resourceClaims of the Pod where this
+                                    field is used. It makes that resource available
+                                    inside a container.
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                            type: array
+                            x-kubernetes-list-map-keys:
+                            - name
+                            x-kubernetes-list-type: map
+                          limits:
+                            additionalProperties:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            description: 'Limits describes the maximum amount of compute
+                              resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                            type: object
+                          requests:
+                            additionalProperties:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            description: 'Requests describes the minimum amount of
+                              compute resources required. If Requests is omitted for
+                              a container, it defaults to Limits if that is explicitly
+                              specified, otherwise to an implementation-defined value.
+                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                            type: object
+                        type: object
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Optional: Adds additional labels for the OneAgent
+                          pods'
+                        type: object
+                      nodeSelector:
+                        additionalProperties:
+                          type: string
+                        description: Node selector to control the selection of nodes
+                          (optional)
+                        type: object
+                      oneAgentResources:
+                        description: 'Optional: define resources requests and limits
+                          for single pods'
+                        properties:
+                          claims:
+                            description: "Claims lists the names of resources, defined
+                              in spec.resourceClaims, that are used by this container.
+                              \n This is an alpha field and requires enabling the
+                              DynamicResourceAllocation feature gate. \n This field
+                              is immutable."
+                            items:
+                              description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                              properties:
+                                name:
+                                  description: Name must match the name of one entry
+                                    in pod.spec.resourceClaims of the Pod where this
+                                    field is used. It makes that resource available
+                                    inside a container.
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                            type: array
+                            x-kubernetes-list-map-keys:
+                            - name
+                            x-kubernetes-list-type: map
+                          limits:
+                            additionalProperties:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            description: 'Limits describes the maximum amount of compute
+                              resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                            type: object
+                          requests:
+                            additionalProperties:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            description: 'Requests describes the minimum amount of
+                              compute resources required. If Requests is omitted for
+                              a container, it defaults to Limits if that is explicitly
+                              specified, otherwise to an implementation-defined value.
+                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                            type: object
+                        type: object
+                      priorityClassName:
+                        description: 'Optional: If specified, indicates the pod''s
+                          priority. Name must be defined by creating a PriorityClass
+                          object with that name. If not specified the setting will
+                          be removed from the DaemonSet.'
+                        type: string
+                      tolerations:
+                        description: 'Optional: set tolerations for the OneAgent pods'
+                        items:
+                          description: The pod this Toleration is attached to tolerates
+                            any taint that matches the triple <key,value,effect> using
+                            the matching operator <operator>.
+                          properties:
+                            effect:
+                              description: Effect indicates the taint effect to match.
+                                Empty means match all taint effects. When specified,
+                                allowed values are NoSchedule, PreferNoSchedule and
+                                NoExecute.
+                              type: string
+                            key:
+                              description: Key is the taint key that the toleration
+                                applies to. Empty means match all taint keys. If the
+                                key is empty, operator must be Exists; this combination
+                                means to match all values and all keys.
+                              type: string
+                            operator:
+                              description: Operator represents a key's relationship
+                                to the value. Valid operators are Exists and Equal.
+                                Defaults to Equal. Exists is equivalent to wildcard
+                                for value, so that a pod can tolerate all taints of
+                                a particular category.
+                              type: string
+                            tolerationSeconds:
+                              description: TolerationSeconds represents the period
+                                of time the toleration (which must be of effect NoExecute,
+                                otherwise this field is ignored) tolerates the taint.
+                                By default, it is not set, which means tolerate the
+                                taint forever (do not evict). Zero and negative values
+                                will be treated as 0 (evict immediately) by the system.
+                              format: int64
+                              type: integer
+                            value:
+                              description: Value is the taint value the toleration
+                                matches to. If the operator is Exists, the value should
+                                be empty, otherwise just a regular string.
+                              type: string
+                          type: object
+                        type: array
+                      version:
+                        description: 'Optional: If specified, indicates the OneAgent
+                          version to use Defaults to latest Example: {major.minor.release}
+                          - 1.200.0'
+                        type: string
+                    type: object
+                  hostMonitoring:
+                    description: 'Optional: enable host monitoring and change its
+                      settings Cannot be used in conjunction with cloud-native fullstack
+                      monitoring, classic fullstack monitoring or application monitoring'
+                    nullable: true
+                    properties:
+                      annotations:
+                        additionalProperties:
+                          type: string
+                        description: 'Optional: Adds additional annotations to the
+                          OneAgent pods'
+                        type: object
+                      args:
+                        description: 'Optional: Arguments to the OneAgent installer'
+                        items:
+                          type: string
+                        type: array
+                        x-kubernetes-list-type: set
+                      autoUpdate:
+                        description: 'Optional: Enables automatic restarts of OneAgent
+                          pods in case a new version is available Defaults to true'
+                        type: boolean
+                      dnsPolicy:
+                        description: 'Optional: Sets DNS Policy for the OneAgent pods'
+                        type: string
+                      env:
+                        description: 'Optional: List of environment variables to set
+                          for the installer'
+                        items:
+                          description: EnvVar represents an environment variable present
+                            in a Container.
+                          properties:
+                            name:
+                              description: Name of the environment variable. Must
+                                be a C_IDENTIFIER.
+                              type: string
+                            value:
+                              description: 'Variable references $(VAR_NAME) are expanded
+                                using the previously defined environment variables
+                                in the container and any service environment variables.
+                                If a variable cannot be resolved, the reference in
+                                the input string will be unchanged. Double $$ are
+                                reduced to a single $, which allows for escaping the
+                                $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
+                                the string literal "$(VAR_NAME)". Escaped references
+                                will never be expanded, regardless of whether the
+                                variable exists or not. Defaults to "".'
+                              type: string
+                            valueFrom:
+                              description: Source for the environment variable's value.
+                                Cannot be used if value is not empty.
+                              properties:
+                                configMapKeyRef:
+                                  description: Selects a key of a ConfigMap.
+                                  properties:
+                                    key:
+                                      description: The key to select.
+                                      type: string
+                                    name:
+                                      description: 'Name of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                        TODO: Add other useful fields. apiVersion,
+                                        kind, uid?'
+                                      type: string
+                                    optional:
+                                      description: Specify whether the ConfigMap or
+                                        its key must be defined
+                                      type: boolean
+                                  required:
+                                  - key
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                fieldRef:
+                                  description: 'Selects a field of the pod: supports
+                                    metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
+                                    `metadata.annotations[''<KEY>'']`, spec.nodeName,
+                                    spec.serviceAccountName, status.hostIP, status.podIP,
+                                    status.podIPs.'
+                                  properties:
+                                    apiVersion:
+                                      description: Version of the schema the FieldPath
+                                        is written in terms of, defaults to "v1".
+                                      type: string
+                                    fieldPath:
+                                      description: Path of the field to select in
+                                        the specified API version.
+                                      type: string
+                                  required:
+                                  - fieldPath
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                resourceFieldRef:
+                                  description: 'Selects a resource of the container:
+                                    only resources limits and requests (limits.cpu,
+                                    limits.memory, limits.ephemeral-storage, requests.cpu,
+                                    requests.memory and requests.ephemeral-storage)
+                                    are currently supported.'
+                                  properties:
+                                    containerName:
+                                      description: 'Container name: required for volumes,
+                                        optional for env vars'
+                                      type: string
+                                    divisor:
+                                      anyOf:
+                                      - type: integer
+                                      - type: string
+                                      description: Specifies the output format of
+                                        the exposed resources, defaults to "1"
+                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                      x-kubernetes-int-or-string: true
+                                    resource:
+                                      description: 'Required: resource to select'
+                                      type: string
+                                  required:
+                                  - resource
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                                secretKeyRef:
+                                  description: Selects a key of a secret in the pod's
+                                    namespace
+                                  properties:
+                                    key:
+                                      description: The key of the secret to select
+                                        from.  Must be a valid secret key.
+                                      type: string
+                                    name:
+                                      description: 'Name of the referent. More info:
+                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                        TODO: Add other useful fields. apiVersion,
+                                        kind, uid?'
+                                      type: string
+                                    optional:
+                                      description: Specify whether the Secret or its
+                                        key must be defined
+                                      type: boolean
+                                  required:
+                                  - key
+                                  type: object
+                                  x-kubernetes-map-type: atomic
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        type: array
+                      image:
+                        description: 'Optional: the Dynatrace installer container
+                          image Defaults to the registry on the tenant for both Kubernetes
+                          and for OpenShift'
+                        type: string
+                      labels:
+                        additionalProperties:
+                          type: string
+                        description: 'Optional: Adds additional labels for the OneAgent
+                          pods'
+                        type: object
+                      nodeSelector:
+                        additionalProperties:
+                          type: string
+                        description: Node selector to control the selection of nodes
+                          (optional)
+                        type: object
+                      oneAgentResources:
+                        description: 'Optional: define resources requests and limits
+                          for single pods'
+                        properties:
+                          claims:
+                            description: "Claims lists the names of resources, defined
+                              in spec.resourceClaims, that are used by this container.
+                              \n This is an alpha field and requires enabling the
+                              DynamicResourceAllocation feature gate. \n This field
+                              is immutable."
+                            items:
+                              description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                              properties:
+                                name:
+                                  description: Name must match the name of one entry
+                                    in pod.spec.resourceClaims of the Pod where this
+                                    field is used. It makes that resource available
+                                    inside a container.
+                                  type: string
+                              required:
+                              - name
+                              type: object
+                            type: array
+                            x-kubernetes-list-map-keys:
+                            - name
+                            x-kubernetes-list-type: map
+                          limits:
+                            additionalProperties:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            description: 'Limits describes the maximum amount of compute
+                              resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                            type: object
+                          requests:
+                            additionalProperties:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                              x-kubernetes-int-or-string: true
+                            description: 'Requests describes the minimum amount of
+                              compute resources required. If Requests is omitted for
+                              a container, it defaults to Limits if that is explicitly
+                              specified, otherwise to an implementation-defined value.
+                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                            type: object
+                        type: object
+                      priorityClassName:
+                        description: 'Optional: If specified, indicates the pod''s
+                          priority. Name must be defined by creating a PriorityClass
+                          object with that name. If not specified the setting will
+                          be removed from the DaemonSet.'
+                        type: string
+                      tolerations:
+                        description: 'Optional: set tolerations for the OneAgent pods'
+                        items:
+                          description: The pod this Toleration is attached to tolerates
+                            any taint that matches the triple <key,value,effect> using
+                            the matching operator <operator>.
+                          properties:
+                            effect:
+                              description: Effect indicates the taint effect to match.
+                                Empty means match all taint effects. When specified,
+                                allowed values are NoSchedule, PreferNoSchedule and
+                                NoExecute.
+                              type: string
+                            key:
+                              description: Key is the taint key that the toleration
+                                applies to. Empty means match all taint keys. If the
+                                key is empty, operator must be Exists; this combination
+                                means to match all values and all keys.
+                              type: string
+                            operator:
+                              description: Operator represents a key's relationship
+                                to the value. Valid operators are Exists and Equal.
+                                Defaults to Equal. Exists is equivalent to wildcard
+                                for value, so that a pod can tolerate all taints of
+                                a particular category.
+                              type: string
+                            tolerationSeconds:
+                              description: TolerationSeconds represents the period
+                                of time the toleration (which must be of effect NoExecute,
+                                otherwise this field is ignored) tolerates the taint.
+                                By default, it is not set, which means tolerate the
+                                taint forever (do not evict). Zero and negative values
+                                will be treated as 0 (evict immediately) by the system.
+                              format: int64
+                              type: integer
+                            value:
+                              description: Value is the taint value the toleration
+                                matches to. If the operator is Exists, the value should
+                                be empty, otherwise just a regular string.
+                              type: string
+                          type: object
+                        type: array
+                      version:
+                        description: 'Optional: If specified, indicates the OneAgent
+                          version to use Defaults to latest Example: {major.minor.release}
+                          - 1.200.0'
+                        type: string
+                    type: object
+                type: object
+              proxy:
+                description: 'Optional: Set custom proxy settings either directly
+                  or from a secret with the field ''proxy'''
+                properties:
+                  value:
+                    type: string
+                  valueFrom:
+                    type: string
+                type: object
+              routing:
+                description: 'Deprecated: Configuration for Routing'
+                properties:
+                  customProperties:
+                    description: 'Optional: Add a custom properties file by providing
+                      it as a value or reference it from a secret If referenced from
+                      a secret, make sure the key is called ''customProperties'''
+                    properties:
+                      value:
+                        type: string
+                      valueFrom:
+                        type: string
+                    type: object
+                  enabled:
+                    description: Enables Capability
+                    type: boolean
+                  env:
+                    description: 'Optional: List of environment variables to set for
+                      the ActiveGate'
+                    items:
+                      description: EnvVar represents an environment variable present
+                        in a Container.
+                      properties:
+                        name:
+                          description: Name of the environment variable. Must be a
+                            C_IDENTIFIER.
+                          type: string
+                        value:
+                          description: 'Variable references $(VAR_NAME) are expanded
+                            using the previously defined environment variables in
+                            the container and any service environment variables. If
+                            a variable cannot be resolved, the reference in the input
+                            string will be unchanged. Double $$ are reduced to a single
+                            $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                            Escaped references will never be expanded, regardless
+                            of whether the variable exists or not. Defaults to "".'
+                          type: string
+                        valueFrom:
+                          description: Source for the environment variable's value.
+                            Cannot be used if value is not empty.
+                          properties:
+                            configMapKeyRef:
+                              description: Selects a key of a ConfigMap.
+                              properties:
+                                key:
+                                  description: The key to select.
+                                  type: string
+                                name:
+                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind,
+                                    uid?'
+                                  type: string
+                                optional:
+                                  description: Specify whether the ConfigMap or its
+                                    key must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            fieldRef:
+                              description: 'Selects a field of the pod: supports metadata.name,
+                                metadata.namespace, `metadata.labels[''<KEY>'']`,
+                                `metadata.annotations[''<KEY>'']`, spec.nodeName,
+                                spec.serviceAccountName, status.hostIP, status.podIP,
+                                status.podIPs.'
+                              properties:
+                                apiVersion:
+                                  description: Version of the schema the FieldPath
+                                    is written in terms of, defaults to "v1".
+                                  type: string
+                                fieldPath:
+                                  description: Path of the field to select in the
+                                    specified API version.
+                                  type: string
+                              required:
+                              - fieldPath
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            resourceFieldRef:
+                              description: 'Selects a resource of the container: only
+                                resources limits and requests (limits.cpu, limits.memory,
+                                limits.ephemeral-storage, requests.cpu, requests.memory
+                                and requests.ephemeral-storage) are currently supported.'
+                              properties:
+                                containerName:
+                                  description: 'Container name: required for volumes,
+                                    optional for env vars'
+                                  type: string
+                                divisor:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: Specifies the output format of the
+                                    exposed resources, defaults to "1"
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                resource:
+                                  description: 'Required: resource to select'
+                                  type: string
+                              required:
+                              - resource
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            secretKeyRef:
+                              description: Selects a key of a secret in the pod's
+                                namespace
+                              properties:
+                                key:
+                                  description: The key of the secret to select from.  Must
+                                    be a valid secret key.
+                                  type: string
+                                name:
+                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    TODO: Add other useful fields. apiVersion, kind,
+                                    uid?'
+                                  type: string
+                                optional:
+                                  description: Specify whether the Secret or its key
+                                    must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  group:
+                    description: 'Optional: Set activation group for ActiveGate'
+                    type: string
+                  image:
+                    description: 'Optional: the ActiveGate container image. Defaults
+                      to the latest ActiveGate image provided by the registry on the
+                      tenant'
+                    type: string
+                  labels:
+                    additionalProperties:
+                      type: string
+                    description: 'Optional: Adds additional labels for the ActiveGate
+                      pods'
+                    type: object
+                  nodeSelector:
+                    additionalProperties:
+                      type: string
+                    description: 'Optional: Node selector to control the selection
+                      of nodes'
+                    type: object
+                  replicas:
+                    description: Amount of replicas for your ActiveGates
+                    format: int32
+                    type: integer
+                  resources:
+                    description: 'Optional: define resources requests and limits for
+                      single ActiveGate pods'
+                    properties:
+                      claims:
+                        description: "Claims lists the names of resources, defined
+                          in spec.resourceClaims, that are used by this container.
+                          \n This is an alpha field and requires enabling the DynamicResourceAllocation
+                          feature gate. \n This field is immutable."
+                        items:
+                          description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                          properties:
+                            name:
+                              description: Name must match the name of one entry in
+                                pod.spec.resourceClaims of the Pod where this field
+                                is used. It makes that resource available inside a
+                                container.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      limits:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Limits describes the maximum amount of compute
+                          resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                        type: object
+                      requests:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: 'Requests describes the minimum amount of compute
+                          resources required. If Requests is omitted for a container,
+                          it defaults to Limits if that is explicitly specified, otherwise
+                          to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                        type: object
+                    type: object
+                  tolerations:
+                    description: 'Optional: set tolerations for the ActiveGatePods
+                      pods'
+                    items:
+                      description: The pod this Toleration is attached to tolerates
+                        any taint that matches the triple <key,value,effect> using
+                        the matching operator <operator>.
+                      properties:
+                        effect:
+                          description: Effect indicates the taint effect to match.
+                            Empty means match all taint effects. When specified, allowed
+                            values are NoSchedule, PreferNoSchedule and NoExecute.
+                          type: string
+                        key:
+                          description: Key is the taint key that the toleration applies
+                            to. Empty means match all taint keys. If the key is empty,
+                            operator must be Exists; this combination means to match
+                            all values and all keys.
+                          type: string
+                        operator:
+                          description: Operator represents a key's relationship to
+                            the value. Valid operators are Exists and Equal. Defaults
+                            to Equal. Exists is equivalent to wildcard for value,
+                            so that a pod can tolerate all taints of a particular
+                            category.
+                          type: string
+                        tolerationSeconds:
+                          description: TolerationSeconds represents the period of
+                            time the toleration (which must be of effect NoExecute,
+                            otherwise this field is ignored) tolerates the taint.
+                            By default, it is not set, which means tolerate the taint
+                            forever (do not evict). Zero and negative values will
+                            be treated as 0 (evict immediately) by the system.
+                          format: int64
+                          type: integer
+                        value:
+                          description: Value is the taint value the toleration matches
+                            to. If the operator is Exists, the value should be empty,
+                            otherwise just a regular string.
+                          type: string
+                      type: object
+                    type: array
+                  topologySpreadConstraints:
+                    description: 'Optional: Adds TopologySpreadConstraints for the
+                      ActiveGate pods'
+                    items:
+                      description: TopologySpreadConstraint specifies how to spread
+                        matching pods among the given topology.
+                      properties:
+                        labelSelector:
+                          description: LabelSelector is used to find matching pods.
+                            Pods that match this label selector are counted to determine
+                            the number of pods in their corresponding topology domain.
+                          properties:
+                            matchExpressions:
+                              description: matchExpressions is a list of label selector
+                                requirements. The requirements are ANDed.
+                              items:
+                                description: A label selector requirement is a selector
+                                  that contains values, a key, and an operator that
+                                  relates the key and values.
+                                properties:
+                                  key:
+                                    description: key is the label key that the selector
+                                      applies to.
+                                    type: string
+                                  operator:
+                                    description: operator represents a key's relationship
+                                      to a set of values. Valid operators are In,
+                                      NotIn, Exists and DoesNotExist.
+                                    type: string
+                                  values:
+                                    description: values is an array of string values.
+                                      If the operator is In or NotIn, the values array
+                                      must be non-empty. If the operator is Exists
+                                      or DoesNotExist, the values array must be empty.
+                                      This array is replaced during a strategic merge
+                                      patch.
+                                    items:
+                                      type: string
+                                    type: array
+                                required:
+                                - key
+                                - operator
+                                type: object
+                              type: array
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: matchLabels is a map of {key,value} pairs.
+                                A single {key,value} in the matchLabels map is equivalent
+                                to an element of matchExpressions, whose key field
+                                is "key", the operator is "In", and the values array
+                                contains only "value". The requirements are ANDed.
+                              type: object
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        matchLabelKeys:
+                          description: MatchLabelKeys is a set of pod label keys to
+                            select the pods over which spreading will be calculated.
+                            The keys are used to lookup values from the incoming pod
+                            labels, those key-value labels are ANDed with labelSelector
+                            to select the group of existing pods over which spreading
+                            will be calculated for the incoming pod. Keys that don't
+                            exist in the incoming pod labels will be ignored. A null
+                            or empty list means only match against labelSelector.
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: atomic
+                        maxSkew:
+                          description: 'MaxSkew describes the degree to which pods
+                            may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+                            it is the maximum permitted difference between the number
+                            of matching pods in the target topology and the global
+                            minimum. The global minimum is the minimum number of matching
+                            pods in an eligible domain or zero if the number of eligible
+                            domains is less than MinDomains. For example, in a 3-zone
+                            cluster, MaxSkew is set to 1, and pods with the same labelSelector
+                            spread as 2/2/1: In this case, the global minimum is 1.
+                            | zone1 | zone2 | zone3 | |  P P  |  P P  |   P   | -
+                            if MaxSkew is 1, incoming pod can only be scheduled to
+                            zone3 to become 2/2/2; scheduling it onto zone1(zone2)
+                            would make the ActualSkew(3-1) on zone1(zone2) violate
+                            MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
+                            onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+                            it is used to give higher precedence to topologies that
+                            satisfy it. It''s a required field. Default value is 1
+                            and 0 is not allowed.'
+                          format: int32
+                          type: integer
+                        minDomains:
+                          description: "MinDomains indicates a minimum number of eligible
+                            domains. When the number of eligible domains with matching
+                            topology keys is less than minDomains, Pod Topology Spread
+                            treats \"global minimum\" as 0, and then the calculation
+                            of Skew is performed. And when the number of eligible
+                            domains with matching topology keys equals or greater
+                            than minDomains, this value has no effect on scheduling.
+                            As a result, when the number of eligible domains is less
+                            than minDomains, scheduler won't schedule more than maxSkew
+                            Pods to those domains. If value is nil, the constraint
+                            behaves as if MinDomains is equal to 1. Valid values are
+                            integers greater than 0. When value is not nil, WhenUnsatisfiable
+                            must be DoNotSchedule. \n For example, in a 3-zone cluster,
+                            MaxSkew is set to 2, MinDomains is set to 5 and pods with
+                            the same labelSelector spread as 2/2/2: | zone1 | zone2
+                            | zone3 | |  P P  |  P P  |  P P  | The number of domains
+                            is less than 5(MinDomains), so \"global minimum\" is treated
+                            as 0. In this situation, new pod with the same labelSelector
+                            cannot be scheduled, because computed skew will be 3(3
+                            - 0) if new Pod is scheduled to any of the three zones,
+                            it will violate MaxSkew. \n This is a beta field and requires
+                            the MinDomainsInPodTopologySpread feature gate to be enabled
+                            (enabled by default)."
+                          format: int32
+                          type: integer
+                        nodeAffinityPolicy:
+                          description: "NodeAffinityPolicy indicates how we will treat
+                            Pod's nodeAffinity/nodeSelector when calculating pod topology
+                            spread skew. Options are: - Honor: only nodes matching
+                            nodeAffinity/nodeSelector are included in the calculations.
+                            - Ignore: nodeAffinity/nodeSelector are ignored. All nodes
+                            are included in the calculations. \n If this value is
+                            nil, the behavior is equivalent to the Honor policy. This
+                            is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
+                            feature flag."
+                          type: string
+                        nodeTaintsPolicy:
+                          description: "NodeTaintsPolicy indicates how we will treat
+                            node taints when calculating pod topology spread skew.
+                            Options are: - Honor: nodes without taints, along with
+                            tainted nodes for which the incoming pod has a toleration,
+                            are included. - Ignore: node taints are ignored. All nodes
+                            are included. \n If this value is nil, the behavior is
+                            equivalent to the Ignore policy. This is a beta-level
+                            feature default enabled by the NodeInclusionPolicyInPodTopologySpread
+                            feature flag."
+                          type: string
+                        topologyKey:
+                          description: TopologyKey is the key of node labels. Nodes
+                            that have a label with this key and identical values are
+                            considered to be in the same topology. We consider each
+                            <key, value> as a "bucket", and try to put balanced number
+                            of pods into each bucket. We define a domain as a particular
+                            instance of a topology. Also, we define an eligible domain
+                            as a domain whose nodes meet the requirements of nodeAffinityPolicy
+                            and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
+                            each Node is a domain of that topology. And, if TopologyKey
+                            is "topology.kubernetes.io/zone", each zone is a domain
+                            of that topology. It's a required field.
+                          type: string
+                        whenUnsatisfiable:
+                          description: 'WhenUnsatisfiable indicates how to deal with
+                            a pod if it doesn''t satisfy the spread constraint. -
+                            DoNotSchedule (default) tells the scheduler not to schedule
+                            it. - ScheduleAnyway tells the scheduler to schedule the
+                            pod in any location, but giving higher precedence to topologies
+                            that would help reduce the skew. A constraint is considered
+                            "Unsatisfiable" for an incoming pod if and only if every
+                            possible node assignment for that pod would violate "MaxSkew"
+                            on some topology. For example, in a 3-zone cluster, MaxSkew
+                            is set to 1, and pods with the same labelSelector spread
+                            as 3/1/1: | zone1 | zone2 | zone3 | | P P P |   P   |   P   |
+                            If WhenUnsatisfiable is set to DoNotSchedule, incoming
+                            pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
+                            as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
+                            In other words, the cluster can still be imbalanced, but
+                            scheduler won''t make it *more* imbalanced. It''s a required
+                            field.'
+                          type: string
+                      required:
+                      - maxSkew
+                      - topologyKey
+                      - whenUnsatisfiable
+                      type: object
+                    type: array
+                type: object
+              skipCertCheck:
+                description: Disable certificate validation checks for installer download
+                  and API communication
+                type: boolean
+              tokens:
+                description: Credentials for the DynaKube to connect back to Dynatrace.
+                type: string
+              trustedCAs:
+                description: 'Optional: Adds custom RootCAs from a configmap This
+                  property only affects certificates used to communicate with the
+                  Dynatrace API. The property is not applied to the ActiveGate'
+                type: string
+            required:
+            - apiUrl
+            type: object
+          status:
+            description: DynaKubeStatus defines the observed state of DynaKube
+            properties:
+              activeGate:
+                properties:
+                  imageHash:
+                    description: ImageHash contains the last image hash seen.
+                    type: string
+                  lastUpdateProbeTimestamp:
+                    description: LastUpdateProbeTimestamp defines the last timestamp
+                      when the querying for updates have been done
+                    format: date-time
+                    type: string
+                  version:
+                    description: Version contains the version to be deployed.
+                    type: string
+                type: object
+              communicationHostForClient:
+                description: CommunicationHostForClient caches a communication host
+                  specific to the api url.
+                properties:
+                  host:
+                    type: string
+                  port:
+                    format: int32
+                    type: integer
+                  protocol:
+                    type: string
+                type: object
+              conditions:
+                description: Conditions includes status about the current state of
+                  the instance
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n type FooStatus struct{ // Represents the observations of a
+                    foo's current state. // Known .status.conditions.type are: \"Available\",
+                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+              connectionInfo:
+                description: ConnectionInfo caches information about the tenant and
+                  its communication hosts
+                properties:
+                  communicationHosts:
+                    items:
+                      properties:
+                        host:
+                          type: string
+                        port:
+                          format: int32
+                          type: integer
+                        protocol:
+                          type: string
+                      type: object
+                    type: array
+                  formattedCommunicationEndpoints:
+                    type: string
+                  tenantUUID:
+                    type: string
+                type: object
+              dynatraceApi:
+                properties:
+                  lastActiveGateConnectionInfoRequest:
+                    format: date-time
+                    type: string
+                  lastOneAgentConnectionInfoRequest:
+                    format: date-time
+                    type: string
+                  lastTokenScopeRequest:
+                    format: date-time
+                    type: string
+                type: object
+              kubeSystemUUID:
+                description: KubeSystemUUID contains the UUID of the current Kubernetes
+                  cluster
+                type: string
+              lastAPITokenProbeTimestamp:
+                description: 'Deprecated: use DynatraceApiStatus.LastTokenScopeRequest
+                  instead LastAPITokenProbeTimestamp tracks when the last request
+                  for the API token validity was sent'
+                format: date-time
+                type: string
+              lastClusterVersionProbeTimestamp:
+                description: LastClusterVersionProbeTimestamp indicates when the cluster's
+                  version was last checked
+                format: date-time
+                type: string
+              lastDataIngestTokenProbeTimestamp:
+                description: 'Deprecated: use LastAPITokenProbeTimestamp instead LastDataIngestTokenProbeTimestamp
+                  tracks when the last request for the DataIngest token validity was
+                  sent'
+                format: date-time
+                type: string
+              lastPaaSTokenProbeTimestamp:
+                description: 'Deprecated: use LastAPITokenProbeTimestamp instead LastPaaSTokenProbeTimestamp
+                  tracks when the last request for the PaaS token validity was sent'
+                format: date-time
+                type: string
+              latestAgentVersionUnixDefault:
+                description: LatestAgentVersionUnixDefault caches the current agent
+                  version for unix and the default installer which is configured for
+                  the environment
+                type: string
+              latestAgentVersionUnixPaas:
+                description: LatestAgentVersionUnixDefault caches the current agent
+                  version for unix and the PaaS installer which is configured for
+                  the environment
+                type: string
+              oneAgent:
+                properties:
+                  LastInstanceStatusUpdate:
+                    format: date-time
+                    type: string
+                  imageHash:
+                    description: ImageHash contains the last image hash seen.
+                    type: string
+                  instances:
+                    additionalProperties:
+                      properties:
+                        ipAddress:
+                          type: string
+                        podName:
+                          type: string
+                      type: object
+                    type: object
+                  lastUpdateProbeTimestamp:
+                    description: LastUpdateProbeTimestamp defines the last timestamp
+                      when the querying for updates have been done
+                    format: date-time
+                    type: string
+                  version:
+                    description: Version contains the version to be deployed.
+                    type: string
+                type: object
+              phase:
+                description: Defines the current state (Running, Updating, Error,
+                  ...)
+                type: string
+              synthetic:
+                properties:
+                  imageHash:
+                    description: ImageHash contains the last image hash seen.
+                    type: string
+                  lastUpdateProbeTimestamp:
+                    description: LastUpdateProbeTimestamp defines the last timestamp
+                      when the querying for updates have been done
+                    format: date-time
+                    type: string
+                  version:
+                    description: Version contains the version to be deployed.
+                    type: string
+                type: object
+              tokens:
+                description: Credentials used to connect back to Dynatrace.
+                type: string
+              updatedTimestamp:
+                description: UpdatedTimestamp indicates when the instance was last
+                  updated
+                format: date-time
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+{{- end -}}
diff --git a/charts/hub/dynatrace/default/templates/Common/csi/clusterrole-csi.yaml b/charts/hub/dynatrace/default/templates/Common/csi/clusterrole-csi.yaml
new file mode 100644
index 00000000..47013af3
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/csi/clusterrole-csi.yaml
@@ -0,0 +1,65 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: dynatrace-oneagent-csi-driver
+  labels:
+    {{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - list
+      - watch
+      - create
+      - update
+      - patch
+  - apiGroups:
+      - storage.k8s.io
+    resources:
+      - csinodes
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+{{- end -}}
diff --git a/charts/hub/dynatrace/default/templates/Common/csi/clusterrolebinding-csi.yaml b/charts/hub/dynatrace/default/templates/Common/csi/clusterrolebinding-csi.yaml
new file mode 100644
index 00000000..caa125ba
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/csi/clusterrolebinding-csi.yaml
@@ -0,0 +1,30 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: dynatrace-oneagent-csi-driver
+  labels:
+    {{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: dynatrace-oneagent-csi-driver
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: dynatrace-oneagent-csi-driver
+  apiGroup: rbac.authorization.k8s.io
+{{- end -}}
diff --git a/charts/hub/dynatrace/default/templates/Common/csi/csidriver.yaml b/charts/hub/dynatrace/default/templates/Common/csi/csidriver.yaml
new file mode 100644
index 00000000..e92606d3
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/csi/csidriver.yaml
@@ -0,0 +1,27 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: csi.oneagent.dynatrace.com
+  labels:
+    {{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
+spec:
+  attachRequired: false
+  podInfoOnMount: true
+  volumeLifecycleModes:
+    - Ephemeral
+{{- end -}}
diff --git a/charts/hub/dynatrace/default/templates/Common/csi/daemonset.yaml b/charts/hub/dynatrace/default/templates/Common/csi/daemonset.yaml
new file mode 100644
index 00000000..dba0c509
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/csi/daemonset.yaml
@@ -0,0 +1,289 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+      {{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
+  {{- if .Values.csidriver.labels }}
+      {{- toYaml .Values.csidriver.labels | nindent 4 }}
+  {{- end}}
+  name: dynatrace-oneagent-csi-driver
+  namespace: {{ .Release.Namespace }}
+spec:
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      {{- include "dynatrace-operator.csiSelectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        dynatrace.com/inject: "false"
+        kubectl.kubernetes.io/default-container: provisioner
+        cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false"
+        {{- if and (eq (default false .Values.apparmor) true) (ne .Values.platform "openshift") }}
+        container.apparmor.security.beta.kubernetes.io/driver: runtime/default
+        container.apparmor.security.beta.kubernetes.io/registrar: runtime/default
+        container.apparmor.security.beta.kubernetes.io/liveness-probe: runtime/default
+        {{- end}}
+        {{- if .Values.csidriver.annotations }}
+        {{- toYaml .Values.csidriver.annotations | nindent 8 }}
+        {{- end }}
+      labels:
+        {{- include "dynatrace-operator.csiLabels" . | nindent 8 }}
+        {{- include "dynatrace-operator.csiSelectorLabels" . | nindent 8 }}
+        {{- if .Values.csidriver.labels }}
+        {{- toYaml .Values.csidriver.labels | nindent 8 }}
+        {{- end }}
+    spec:
+      containers:
+        # Used to receive/execute gRPC requests (NodePublishVolume/NodeUnpublishVolume) from kubelet to mount/unmount volumes for a pod
+        # - Needs access to the csi socket, needs to read/write to it, needs root permissions to do so.
+        # - Needs access to the filesystem of pods on the node, and mount stuff to it,needs to read/write to it, needs root permissions to do so
+        # - Needs access to a dedicated folder on the node to persist data, needs to read/write to it.
+      - name: server
+        image: {{ include "dynatrace-operator.image" . }}
+        imagePullPolicy: Always
+        args:
+        - csi-server
+        - --endpoint=unix://csi/csi.sock
+        - --node-id=$(KUBE_NODE_NAME)
+        - --health-probe-bind-address=:10080
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        - name: KUBE_NODE_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: spec.nodeName
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /livez
+            port: livez
+            scheme: HTTP
+          initialDelaySeconds: 5
+          periodSeconds: 5
+          successThreshold: 1
+          timeoutSeconds: 1
+        ports:
+        - containerPort: 10080
+          name: livez
+          protocol: TCP
+        resources:
+          {{- if .Values.csidriver.server.resources }}
+          {{- toYaml .Values.csidriver.server.resources | nindent 10 }}
+          {{- end }}
+        securityContext:
+          runAsUser: 0
+          privileged: true # Needed for mountPropagation
+          allowPrivilegeEscalation: true # Needed for privileged
+          readOnlyRootFilesystem: true
+          runAsNonRoot: false
+          seccompProfile:
+            type: RuntimeDefault
+          seLinuxOptions:
+            level: s0
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /csi
+          name: plugin-dir
+        - mountPath: {{ include "dynatrace-operator.CSIMountPointDir" . }}
+          mountPropagation: Bidirectional
+          name: mountpoint-dir
+        - mountPath: /data
+          name: data-dir
+          mountPropagation: Bidirectional
+        - name: tmp-dir
+          mountPath: /tmp
+      - name: provisioner
+        image: {{ include "dynatrace-operator.image" . }}
+        imagePullPolicy: Always
+        args:
+          - csi-provisioner
+          - --health-probe-bind-address=:10090
+        env:
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: metadata.namespace
+          {{- if .Values.csidriver.maxUnmountedVolumeAge }}
+          - name: MAX_UNMOUNTED_VOLUME_AGE
+            value: {{ .Values.csidriver.maxUnmountedVolumeAge}}
+          {{- end }}
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /livez
+            port: livez
+            scheme: HTTP
+          initialDelaySeconds: 5
+          periodSeconds: 5
+          successThreshold: 1
+          timeoutSeconds: 1
+        ports:
+          - containerPort: 10090
+            name: livez
+            protocol: TCP
+        resources:
+          {{- if .Values.csidriver.provisioner.resources }}
+          {{- toYaml .Values.csidriver.provisioner.resources | nindent 10 }}
+          {{- end }}
+        securityContext:
+          runAsUser: 0
+          privileged: true # Needed for mountPropagation
+          allowPrivilegeEscalation: true # Needed for privileged
+          readOnlyRootFilesystem: true
+          runAsNonRoot: false
+          seccompProfile:
+            type: RuntimeDefault
+          seLinuxOptions:
+            level: s0
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+          - mountPath: /data
+            name: data-dir
+            mountPropagation: Bidirectional
+          - mountPath: /tmp
+            name: tmp-dir
+
+        # Used to make a gRPC request (GetPluginInfo()) to the driver to get driver name and driver contain
+        # - Needs access to the csi socket, needs to read/write to it, needs root permissions to do so.
+        # Used for registering the driver with kubelet
+        # - Needs access to the registration socket, needs to read/write to it, needs root permissions to do so.
+      - name: registrar
+        image: {{ include "dynatrace-operator.image" . }}
+        imagePullPolicy: Always
+        env:
+        - name: DRIVER_REG_SOCK_PATH
+          value: {{ include "dynatrace-operator.CSISocketPath" . }}
+        args:
+        - --csi-address=/csi/csi.sock
+        - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+        command:
+        - csi-node-driver-registrar
+        resources:
+          {{- if .Values.csidriver.registrar.resources }}
+          {{- toYaml .Values.csidriver.registrar.resources | nindent 10 }}
+          {{- end }}
+        securityContext:
+          runAsUser: 0
+          privileged: false
+          readOnlyRootFilesystem: true
+          runAsNonRoot: false
+          seccompProfile:
+            type: RuntimeDefault
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /csi
+          name: plugin-dir
+        - mountPath: /registration
+          name: registration-dir
+        - mountPath: {{ include "dynatrace-operator.CSIPluginDir" . }}
+          name: lockfile-dir
+        # Used to make a gRPC request (Probe()) to the driver to check if its running
+        # - Needs access to the csi socket, needs to read/write to it, needs root permissions to do so.
+      - name: liveness-probe
+        image: {{ include "dynatrace-operator.image" . }}
+        imagePullPolicy: Always
+        args:
+        - --csi-address=/csi/csi.sock
+        - --health-port=9898
+        command:
+        - livenessprobe
+        resources:
+          {{- if .Values.csidriver.livenessprobe.resources }}
+          {{- toYaml .Values.csidriver.livenessprobe.resources | nindent 10 }}
+          {{- end }}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        securityContext:
+          runAsUser: 0
+          privileged: false
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          runAsNonRoot: false
+          seccompProfile:
+            type: RuntimeDefault
+        volumeMounts:
+        - mountPath: /csi
+          name: plugin-dir
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      serviceAccountName: dynatrace-oneagent-csi-driver
+      terminationGracePeriodSeconds: 30
+      priorityClassName: {{ include "dynatrace-operator.CSIPriorityClassName" . }}
+      volumes:
+      # This volume is where the registrar registers the plugin with kubelet
+      - name: registration-dir
+        hostPath:
+          path: {{ include "dynatrace-operator.CSIRegistrationDir" . }}
+          type: Directory
+        # This volume is where the socket for kubelet->driver communication is done
+      - name: plugin-dir
+        hostPath:
+          path: {{ include "dynatrace-operator.CSIPluginDir" . }}
+          type: DirectoryOrCreate
+      - name: data-dir
+        hostPath:
+          path: {{ include "dynatrace-operator.CSIDataDir" . }}
+          type: DirectoryOrCreate
+        # This volume is where the driver mounts volumes
+      - name: mountpoint-dir
+        hostPath:
+          path: {{ include "dynatrace-operator.CSIMountPointDir" . }}
+          type: DirectoryOrCreate
+        # Used by the registrar to create its lockfile
+      - name: lockfile-dir
+        emptyDir: {}
+        # A volume for the driver to write temporary files to
+      - name: tmp-dir
+        emptyDir: {}
+      {{- if .Values.customPullSecret }}
+      imagePullSecrets:
+        - name: {{ .Values.customPullSecret }}
+      {{- end }}
+      {{- if .Values.csidriver.nodeSelector }}
+      nodeSelector: {{- toYaml .Values.csidriver.nodeSelector | nindent 8 }}
+      {{- end }}
+      tolerations:
+        {{- if .Values.csidriver.tolerations }}
+        {{- toYaml .Values.csidriver.tolerations | nindent 8 }}
+        {{- end }}
+        - key: kubernetes.io/arch
+          value: arm64
+          effect: NoSchedule
+        - key: kubernetes.io/arch
+          value: amd64
+          effect: NoSchedule
+        - key: ToBeDeletedByClusterAutoscaler
+          operator: Exists
+          effect: NoSchedule
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: 1
+    type: RollingUpdate
+{{- end -}}
diff --git a/charts/hub/dynatrace/default/templates/Common/csi/priority-class.yaml b/charts/hub/dynatrace/default/templates/Common/csi/priority-class.yaml
new file mode 100644
index 00000000..8fd9fcbe
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/csi/priority-class.yaml
@@ -0,0 +1,24 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if (eq (include "dynatrace-operator.needPriorityClass" .) "true") }}
+
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+kind: PriorityClass
+apiVersion: scheduling.k8s.io/v1
+metadata:
+  name: dynatrace-high-priority
+value: {{ default 1000000 (int (.Values.csidriver).priorityClassValue) }}
+globalDefault: false
+description: "This priority class is used for Dynatrace Components in order to make sure they are not evicted in favor of other pods"
+{{- end -}}
diff --git a/charts/hub/dynatrace/default/templates/Common/csi/role-csi.yaml b/charts/hub/dynatrace/default/templates/Common/csi/role-csi.yaml
new file mode 100644
index 00000000..d0f401f1
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/csi/role-csi.yaml
@@ -0,0 +1,70 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: dynatrace-oneagent-csi-driver
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - endpoints
+    verbs:
+      - get
+      - watch
+      - list
+      - delete
+      - update
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - watch
+      - list
+      - delete
+      - update
+      - create
+  - apiGroups:
+      - dynatrace.com
+    resources:
+      - dynakubes
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+{{- end -}}
diff --git a/charts/hub/dynatrace/default/templates/Common/csi/rolebinding-csi.yaml b/charts/hub/dynatrace/default/templates/Common/csi/rolebinding-csi.yaml
new file mode 100644
index 00000000..a2b50b95
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/csi/rolebinding-csi.yaml
@@ -0,0 +1,31 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: dynatrace-oneagent-csi-driver
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: dynatrace-oneagent-csi-driver
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: dynatrace-oneagent-csi-driver
+  apiGroup: rbac.authorization.k8s.io
+{{- end -}}
diff --git a/charts/hub/dynatrace/default/templates/Common/csi/serviceaccount-csi.yaml b/charts/hub/dynatrace/default/templates/Common/csi/serviceaccount-csi.yaml
new file mode 100644
index 00000000..226b6821
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/csi/serviceaccount-csi.yaml
@@ -0,0 +1,23 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: dynatrace-oneagent-csi-driver
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
+{{- end -}}
diff --git a/charts/hub/dynatrace/default/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml b/charts/hub/dynatrace/default/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml
new file mode 100644
index 00000000..be483daf
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml
@@ -0,0 +1,94 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: dynatrace-kubernetes-monitoring
+  labels:
+    {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+      - pods
+      - namespaces
+      - replicationcontrollers
+      - events
+      - resourcequotas
+      - pods/proxy
+      - nodes/proxy
+      - nodes/metrics
+      - services
+    verbs:
+      - list
+      - watch
+      - get
+  - apiGroups:
+      - batch
+    resources:
+      - jobs
+      - cronjobs
+    verbs:
+      - list
+      - watch
+      - get
+  - apiGroups:
+      - apps
+    resources:
+      - deployments
+      - replicasets
+      - statefulsets
+      - daemonsets
+    verbs:
+      - list
+      - watch
+      - get
+  - apiGroups:
+      - apps.openshift.io
+    resources:
+      - deploymentconfigs
+    verbs:
+      - list
+      - watch
+      - get
+  - apiGroups:
+      - config.openshift.io
+    resources:
+      - clusterversions
+    verbs:
+      - list
+      - watch
+      - get
+  - nonResourceURLs:
+      - /metrics
+      - /version
+      - /readyz
+      - /livez
+    verbs:
+      - get
+  {{- if eq (default false .Values.olm) true}}
+  - apiGroups:
+      - security.openshift.io
+    resourceNames:
+      - host
+      - privileged
+    resources:
+      - securitycontextconstraints
+    verbs:
+      - use
+  {{ end }}
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml b/charts/hub/dynatrace/default/templates/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml
new file mode 100644
index 00000000..07f9201a
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml
@@ -0,0 +1,30 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: dynatrace-kubernetes-monitoring
+  labels:
+    {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: dynatrace-kubernetes-monitoring
+subjects:
+  - kind: ServiceAccount
+    name: dynatrace-kubernetes-monitoring
+    namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring.yaml b/charts/hub/dynatrace/default/templates/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring.yaml
new file mode 100644
index 00000000..18b2492d
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring.yaml
@@ -0,0 +1,23 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: dynatrace-kubernetes-monitoring
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/oneagent/clusterrole-oneagent-privileged.yaml b/charts/hub/dynatrace/default/templates/Common/oneagent/clusterrole-oneagent-privileged.yaml
new file mode 100644
index 00000000..51d145b9
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/oneagent/clusterrole-oneagent-privileged.yaml
@@ -0,0 +1,32 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: dynatrace-dynakube-oneagent-privileged
+  labels:
+    {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - security.openshift.io
+    resourceNames:
+      - host
+      - privileged
+    resources:
+      - securitycontextconstraints
+    verbs:
+      - use
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/oneagent/clusterrole-oneagent-unprivileged.yaml b/charts/hub/dynatrace/default/templates/Common/oneagent/clusterrole-oneagent-unprivileged.yaml
new file mode 100644
index 00000000..13c00aa8
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/oneagent/clusterrole-oneagent-unprivileged.yaml
@@ -0,0 +1,32 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: dynatrace-dynakube-oneagent-unprivileged
+  labels:
+    {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - security.openshift.io
+    resourceNames:
+      - host
+      - privileged
+    resources:
+      - securitycontextconstraints
+    verbs:
+      - use
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/oneagent/clusterrolebinding-oneagent-privileged.yaml b/charts/hub/dynatrace/default/templates/Common/oneagent/clusterrolebinding-oneagent-privileged.yaml
new file mode 100644
index 00000000..a79a47c2
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/oneagent/clusterrolebinding-oneagent-privileged.yaml
@@ -0,0 +1,30 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: dynatrace-dynakube-oneagent-privileged
+  labels:
+    {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: "dynatrace-dynakube-oneagent-privileged"
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: "dynatrace-dynakube-oneagent-privileged"
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/oneagent/clusterrolebinding-oneagent-unprivileged.yaml b/charts/hub/dynatrace/default/templates/Common/oneagent/clusterrolebinding-oneagent-unprivileged.yaml
new file mode 100644
index 00000000..2581546d
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/oneagent/clusterrolebinding-oneagent-unprivileged.yaml
@@ -0,0 +1,30 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: dynatrace-dynakube-oneagent-unprivileged
+  labels:
+    {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: dynatrace-dynakube-oneagent-unprivileged
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: dynatrace-dynakube-oneagent-unprivileged
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml b/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml
new file mode 100644
index 00000000..94d60bd0
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml
@@ -0,0 +1,29 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: dynatrace-dynakube-oneagent-privileged
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
+automountServiceAccountToken: false
+{{- if eq .Values.platform "openshift"}}
+imagePullSecrets:
+- name: redhat-connect
+- name: redhat-connect-sso
+{{- end }}
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml b/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml
new file mode 100644
index 00000000..71f419de
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml
@@ -0,0 +1,29 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: dynatrace-dynakube-oneagent-unprivileged
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
+automountServiceAccountToken: false
+{{- if eq .Values.platform "openshift"}}
+imagePullSecrets:
+- name: redhat-connect
+- name: redhat-connect-sso
+{{- end }}
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/operator/clusterrole-operator.yaml b/charts/hub/dynatrace/default/templates/Common/operator/clusterrole-operator.yaml
new file mode 100644
index 00000000..d770094e
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/operator/clusterrole-operator.yaml
@@ -0,0 +1,104 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    resourceNames:
+      - dynatrace-dynakube-config
+      - dynatrace-data-ingest-endpoint
+      - dynatrace-activegate-internal-proxy
+    verbs:
+      - get
+      - update
+      - delete
+      - list
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - admissionregistration.k8s.io
+    resources:
+      - mutatingwebhookconfigurations
+    resourceNames:
+      - dynatrace-webhook
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - admissionregistration.k8s.io
+    resources:
+      - validatingwebhookconfigurations
+    resourceNames:
+      - dynatrace-webhook
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    resourceNames:
+      - dynakubes.dynatrace.com
+    verbs:
+      - get
+      - update
+  {{- if eq (default false .Values.olm) true}}
+  - apiGroups:
+      - security.openshift.io
+    resourceNames:
+      - host
+      - privileged
+    resources:
+      - securitycontextconstraints
+    verbs:
+      - use
+  {{ end }}
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/operator/clusterrolebinding-operator.yaml b/charts/hub/dynatrace/default/templates/Common/operator/clusterrolebinding-operator.yaml
new file mode 100644
index 00000000..5ab0c0e8
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/operator/clusterrolebinding-operator.yaml
@@ -0,0 +1,30 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Release.Name }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Release.Name }}
+  apiGroup: rbac.authorization.k8s.io
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/operator/deployment-operator.yaml b/charts/hub/dynatrace/default/templates/Common/operator/deployment-operator.yaml
new file mode 100644
index 00000000..e5c0c91f
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/operator/deployment-operator.yaml
@@ -0,0 +1,141 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+      {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
+  {{- if .Values.operator.labels }}
+      {{- toYaml .Values.operator.labels | nindent 4 }}
+  {{- end }}
+spec:
+  replicas: 1
+  revisionHistoryLimit: 1
+  selector:
+    matchLabels:
+      {{- include "dynatrace-operator.operatorSelectorLabels" . | nindent 6 }}
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations:
+        dynatrace.com/inject: "false"
+      {{- if (.Values.operator).apparmor}}
+        container.apparmor.security.beta.kubernetes.io/{{ .Release.Name }}: runtime/default
+      {{- end }}
+      {{- if .Values.operator.annotations }}
+        {{- toYaml .Values.operator.annotations | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "dynatrace-operator.operatorLabels" . | nindent 8 }}
+        {{- include "dynatrace-operator.operatorSelectorLabels" . | nindent 8 }}
+        {{- if .Values.operator.labels }}
+        {{- toYaml .Values.operator.labels | nindent 8 }}
+        {{- end }}
+    spec:
+      containers:
+        - name: {{ .Release.Name }}
+          args:
+            - operator
+          # Replace this with the built image name
+          image: {{ include "dynatrace-operator.image" . }}
+          imagePullPolicy: Always
+          env:
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          ports:
+            - containerPort: 10080
+              name: server-port
+          resources:
+            requests:
+              {{- toYaml (.Values.operator).requests | nindent 14 }}
+            limits:
+              {{- toYaml (.Values.operator).limits | nindent 14 }}
+          volumeMounts:
+            - name: tmp-cert-dir
+              mountPath: /tmp/dynatrace-operator
+          readinessProbe:
+            httpGet:
+              path: /livez
+              port: server-port
+              scheme: HTTP
+            initialDelaySeconds: 15
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /livez
+              port: server-port
+              scheme: HTTP
+            initialDelaySeconds: 15
+            periodSeconds: 10
+          securityContext:
+            seccompProfile:
+              type: RuntimeDefault
+            privileged: false
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1001
+            runAsGroup: 1001
+            capabilities:
+              drop:
+                - ALL
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  {{- if ne .Values.platform "gke-autopilot"}}
+                  - key: kubernetes.io/arch
+                    operator: In
+                    values:
+                      - amd64
+                      - arm64
+                  {{- end }}
+                  - key: kubernetes.io/os
+                    operator: In
+                    values:
+                      - linux
+      volumes:
+        - emptyDir: { }
+          name: tmp-cert-dir
+      serviceAccountName: {{ .Release.Name }}
+      {{- if .Values.customPullSecret }}
+      imagePullSecrets:
+        - name: {{ .Values.customPullSecret }}
+      {{- end }}
+      {{- if .Values.operator.nodeSelector }}
+      nodeSelector: {{- toYaml .Values.operator.nodeSelector | nindent 8 }}
+      {{- end }}
+      tolerations:
+        {{- if .Values.operator.tolerations }}
+        {{- toYaml .Values.operator.tolerations | nindent 8 }}
+        {{- end }}
+        - key: kubernetes.io/arch
+          value: arm64
+          effect: NoSchedule
+        - key: kubernetes.io/arch
+          value: amd64
+          effect: NoSchedule
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/operator/role-operator.yaml b/charts/hub/dynatrace/default/templates/Common/operator/role-operator.yaml
new file mode 100644
index 00000000..82168ab7
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/operator/role-operator.yaml
@@ -0,0 +1,165 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - dynatrace.com
+    resources:
+      - dynakubes
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+      - create
+  - apiGroups:
+      - dynatrace.com
+    resources:
+      - dynakubes/finalizers
+      - dynakubes/status
+    verbs:
+      - update
+
+  - apiGroups:
+      - apps
+    resources:
+      - statefulsets
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - delete
+  - apiGroups:
+      - apps
+    resources:
+      - daemonsets
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - delete
+  - apiGroups:
+      - apps
+    resources:
+      - replicasets
+      - deployments
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - apps
+    resources:
+      - deployments/finalizers
+    verbs:
+      - update
+
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+      - delete
+      - create
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - list
+      - create
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - create
+      - update
+      - delete
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods/log
+    verbs:
+      - get
+
+  - apiGroups:
+      - monitoring.coreos.com
+    resources:
+      - servicemonitors
+    verbs:
+      - get
+      - create
+
+  - apiGroups:
+      - networking.istio.io
+    resources:
+      - serviceentries
+      - virtualservices
+    verbs:
+      - get
+      - list
+      - create
+      - update
+      - delete
+
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - update
+      - create
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/operator/rolebinding-operator.yaml b/charts/hub/dynatrace/default/templates/Common/operator/rolebinding-operator.yaml
new file mode 100644
index 00000000..d7fd25b8
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/operator/rolebinding-operator.yaml
@@ -0,0 +1,30 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Release.Name }}
+roleRef:
+  kind: Role
+  name: {{ .Release.Name }}
+  apiGroup: rbac.authorization.k8s.io
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/operator/serviceaccount-operator.yaml b/charts/hub/dynatrace/default/templates/Common/operator/serviceaccount-operator.yaml
new file mode 100644
index 00000000..4ec20475
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/operator/serviceaccount-operator.yaml
@@ -0,0 +1,29 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
+
+{{ if eq .Values.platform "openshift" }}
+imagePullSecrets:
+- name: redhat-connect
+- name: redhat-connect-sso
+{{ end }}
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/webhook/clusterrole-webhook.yaml b/charts/hub/dynatrace/default/templates/Common/webhook/clusterrole-webhook.yaml
new file mode 100644
index 00000000..039b382e
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/webhook/clusterrole-webhook.yaml
@@ -0,0 +1,97 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: dynatrace-webhook
+  labels:
+    {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    resourceNames:
+      - dynatrace-dynakube-config
+      - dynatrace-data-ingest-endpoint
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+  # data-ingest workload owner lookup
+  - apiGroups:
+      - ""
+    resources:
+      - replicationcontrollers
+    verbs:
+      - get
+  - apiGroups:
+      - apps
+    resources:
+      - replicasets
+      - statefulsets
+      - daemonsets
+      - deployments
+    verbs:
+      - get
+  - apiGroups:
+      - batch
+    resources:
+      - jobs
+      - cronjobs
+    verbs:
+      - get
+  - apiGroups:
+      - apps.openshift.io
+    resources:
+      - deploymentconfigs
+    verbs:
+      - get
+  {{- if eq (default false .Values.olm) true}}
+  - apiGroups:
+      - security.openshift.io
+    resourceNames:
+      - host
+      - privileged
+    resources:
+      - securitycontextconstraints
+    verbs:
+      - use
+  {{ end }}
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/webhook/clusterrolebinding-webhook.yaml b/charts/hub/dynatrace/default/templates/Common/webhook/clusterrolebinding-webhook.yaml
new file mode 100644
index 00000000..e6ab0616
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/webhook/clusterrolebinding-webhook.yaml
@@ -0,0 +1,30 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: dynatrace-webhook
+  labels:
+    {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: dynatrace-webhook
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: dynatrace-webhook
+  apiGroup: rbac.authorization.k8s.io
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/webhook/deployment-webhook.yaml b/charts/hub/dynatrace/default/templates/Common/webhook/deployment-webhook.yaml
new file mode 100644
index 00000000..861f8662
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/webhook/deployment-webhook.yaml
@@ -0,0 +1,154 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dynatrace-webhook
+  namespace: {{ .Release.Namespace }}
+  labels:
+      {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
+  {{- if .Values.webhook.labels }}
+      {{- toYaml .Values.webhook.labels | nindent 4 }}
+  {{- end }}
+spec:
+  replicas: {{ (default false (.Values.webhook).highAvailability) | ternary 2 1 }}
+  revisionHistoryLimit: 1
+  selector:
+    matchLabels:
+      {{- include "dynatrace-operator.webhookSelectorLabels" . | nindent 6 }}
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations:
+        dynatrace.com/inject: "false"
+        kubectl.kubernetes.io/default-container: webhook
+        {{- if (.Values.webhook).apparmor}}
+        container.apparmor.security.beta.kubernetes.io/webhook: runtime/default
+        {{- end }}
+        {{- if .Values.webhook.annotations}}
+        {{- toYaml .Values.webhook.annotations | nindent 8 }}
+        {{- end }}
+      labels:
+        {{- include "dynatrace-operator.webhookLabels" . | nindent 8 }}
+        {{- include "dynatrace-operator.webhookSelectorLabels" . | nindent 8 }}
+        {{- if .Values.webhook.labels }}
+        {{- toYaml .Values.webhook.labels | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- if (.Values.webhook).highAvailability }}
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: "topology.kubernetes.io/zone"
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app.kubernetes.io/component: webhook
+              app.kubernetes.io/name: dynatrace-operator
+        - maxSkew: 1
+          topologyKey: "kubernetes.io/hostname"
+          whenUnsatisfiable: DoNotSchedule
+          labelSelector:
+            matchLabels:
+              app.kubernetes.io/component: webhook
+              app.kubernetes.io/name: dynatrace-operator
+      {{- end }}
+      volumes:
+      - emptyDir: {}
+        name: certs-dir
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                    {{- if ne .Values.platform "gke-autopilot"}}
+                  - key: kubernetes.io/arch
+                    operator: In
+                    values:
+                      - amd64
+                      - arm64
+                   {{- end }}
+                  - key: kubernetes.io/os
+                    operator: In
+                    values:
+                      - linux
+      containers:
+        - name: webhook
+          args:
+            - webhook-server
+            # OLM mounts the certificates here, so we reuse it for simplicity
+            - --certs-dir=/tmp/k8s-webhook-server/serving-certs/
+          image: {{ include "dynatrace-operator.image" . }}
+          imagePullPolicy: Always
+          env:
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          readinessProbe:
+            httpGet:
+              path: /livez
+              port: server-port
+              scheme: HTTPS
+          ports:
+            - name: server-port
+              containerPort: 8443
+          resources:
+            requests:
+              {{- toYaml (.Values.webhook).requests | nindent 14 }}
+            limits:
+              {{- toYaml (.Values.webhook).limits | nindent 14 }}
+          volumeMounts:
+            - name: certs-dir
+              mountPath: /tmp/k8s-webhook-server/serving-certs/
+          securityContext:
+            seccompProfile:
+              type: RuntimeDefault
+            privileged: false
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1001
+            runAsGroup: 1001
+            capabilities:
+              drop:
+                - ALL
+      serviceAccountName: dynatrace-webhook
+      {{- if (.Values.webhook).hostNetwork }}
+      hostNetwork: true
+      {{- end }}
+      {{- if .Values.customPullSecret }}
+      imagePullSecrets:
+        - name: {{ .Values.customPullSecret }}
+      {{- end }}
+      {{- if .Values.webhook.nodeSelector }}
+      nodeSelector: {{- toYaml .Values.webhook.nodeSelector | nindent 8 }}
+      {{- end }}
+      tolerations:
+        {{- if .Values.webhook.tolerations }}
+        {{- toYaml .Values.webhook.tolerations | nindent 8 }}
+        {{- end }}
+        - key: kubernetes.io/arch
+          value: arm64
+          effect: NoSchedule
+        - key: kubernetes.io/arch
+          value: amd64
+          effect: NoSchedule
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/webhook/mutatingwebhookconfiguration.yaml b/charts/hub/dynatrace/default/templates/Common/webhook/mutatingwebhookconfiguration.yaml
new file mode 100644
index 00000000..6a182eb1
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/webhook/mutatingwebhookconfiguration.yaml
@@ -0,0 +1,61 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: dynatrace-webhook
+  labels:
+  {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
+webhooks:
+  - name: webhook.pod.dynatrace.com
+    reinvocationPolicy: IfNeeded
+    failurePolicy: Ignore
+    timeoutSeconds: 2
+    rules:
+      - apiGroups: [ "" ]
+        apiVersions: [ "v1" ]
+        operations: [ "CREATE" ]
+        resources: [ "pods" ]
+        scope: Namespaced
+    namespaceSelector:
+      matchExpressions:
+        - key: dynakube.internal.dynatrace.com/instance
+          operator: Exists
+    clientConfig:
+      service:
+        name: dynatrace-webhook
+        namespace: {{ .Release.Namespace }}
+        path: /inject
+    admissionReviewVersions: [ "v1beta1", "v1" ]
+    sideEffects: None
+  - name: webhook.ns.dynatrace.com
+    reinvocationPolicy: IfNeeded
+    failurePolicy: Ignore
+    timeoutSeconds: 2
+    rules:
+      - apiGroups: [ "" ]
+        apiVersions: [ "v1" ]
+        operations: [ "CREATE", "UPDATE"]
+        resources: [ "namespaces" ]
+        scope: Cluster
+    clientConfig:
+      service:
+        name: dynatrace-webhook
+        namespace: {{ .Release.Namespace }}
+        path: /label-ns
+    admissionReviewVersions: [ "v1beta1", "v1" ]
+    sideEffects: None
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/webhook/poddisruptionbudget-webhook.yaml b/charts/hub/dynatrace/default/templates/Common/webhook/poddisruptionbudget-webhook.yaml
new file mode 100644
index 00000000..9b51a014
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/webhook/poddisruptionbudget-webhook.yaml
@@ -0,0 +1,13 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if and (.Values.webhook).highAvailability (eq (include "dynatrace-operator.partial" .) "false") }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: dynatrace-webhook
+  namespace: {{ .Release.Namespace }}
+spec:
+  minAvailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: webhook
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/webhook/role-webhook.yaml b/charts/hub/dynatrace/default/templates/Common/webhook/role-webhook.yaml
new file mode 100644
index 00000000..cc1072cd
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/webhook/role-webhook.yaml
@@ -0,0 +1,74 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: dynatrace-webhook
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - configmaps
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - dynatrace.com
+    resources:
+      - dynakubes
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - list
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - update
+      - create
+  - apiGroups:
+      - apps
+    resources:
+      - daemonsets
+    verbs:
+      - list
+      - watch
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/webhook/rolebinding-webhook.yaml b/charts/hub/dynatrace/default/templates/Common/webhook/rolebinding-webhook.yaml
new file mode 100644
index 00000000..c77009db
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/webhook/rolebinding-webhook.yaml
@@ -0,0 +1,31 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: dynatrace-webhook
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: dynatrace-webhook
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: dynatrace-webhook
+  apiGroup: rbac.authorization.k8s.io
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/webhook/service.yaml b/charts/hub/dynatrace/default/templates/Common/webhook/service.yaml
new file mode 100644
index 00000000..46268b14
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/webhook/service.yaml
@@ -0,0 +1,30 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: Service
+metadata:
+  name: dynatrace-webhook
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
+spec:
+  selector:
+  {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
+  ports:
+    - port: 443
+      protocol: TCP
+      targetPort: server-port
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Common/webhook/serviceaccount-webhook.yaml b/charts/hub/dynatrace/default/templates/Common/webhook/serviceaccount-webhook.yaml
new file mode 100644
index 00000000..ebc6a982
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/webhook/serviceaccount-webhook.yaml
@@ -0,0 +1,29 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: dynatrace-webhook
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
+{{- if eq .Values.platform "openshift" }}
+imagePullSecrets:
+- name: redhat-connect
+- name: redhat-connect-sso
+{{- end }}
+{{ end }}
+
diff --git a/charts/hub/dynatrace/default/templates/Common/webhook/validatingwebhookconfiguration.yaml b/charts/hub/dynatrace/default/templates/Common/webhook/validatingwebhookconfiguration.yaml
new file mode 100644
index 00000000..8791ec3f
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Common/webhook/validatingwebhookconfiguration.yaml
@@ -0,0 +1,45 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: dynatrace-webhook
+  labels:
+  {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
+webhooks:
+  - admissionReviewVersions:
+      - v1
+      - v1beta1
+      - v1alpha1
+    clientConfig:
+      service:
+        name: dynatrace-webhook
+        namespace: {{ .Release.Namespace }}
+        path: /validate
+    rules:
+      - operations:
+          - CREATE
+          - UPDATE
+        apiGroups:
+          - dynatrace.com
+        apiVersions:
+          - v1beta1
+        resources:
+          - dynakubes
+    name: webhook.dynatrace.com
+    timeoutSeconds: 2
+    sideEffects: None
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/NOTES.txt b/charts/hub/dynatrace/default/templates/NOTES.txt
new file mode 100644
index 00000000..8ff8ac56
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/NOTES.txt
@@ -0,0 +1,10 @@
+Thank you for installing {{ .Chart.Name }}.
+
+Your release is named {{ .Release.Name }}.
+
+To find more information about the Dynatrace Operator, try:
+https://github.com/Dynatrace/dynatrace-operator
+
+To verify the current state of the deployments, try:
+  $ kubectl get pods -n {{ .Release.Namespace }}
+  $ kubectl logs -f deployment/{{ .Release.Name }} -n {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/hub/dynatrace/default/templates/Openshift/activegate/securitycontextconstraints.yaml b/charts/hub/dynatrace/default/templates/Openshift/activegate/securitycontextconstraints.yaml
new file mode 100644
index 00000000..9a5eba82
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Openshift/activegate/securitycontextconstraints.yaml
@@ -0,0 +1,49 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  name: dynatrace-activegate
+allowPrivilegedContainer: false
+fsGroup:
+  type: RunAsAny
+priority: 1
+readOnlyRootFilesystem: false
+requiredDropCapabilities:
+  - ALL
+runAsUser:
+  type: MustRunAs
+  uid: 1001
+seLinuxContext:
+  type: RunAsAny
+seccompProfiles:
+  - "*"
+supplementalGroups:
+  type: RunAsAny
+users:
+  - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-activegate
+  - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-kubernetes-monitoring
+volumes:
+  - "*"
+
+allowHostDirVolumePlugin: false
+allowHostIPC: false
+allowHostNetwork: false
+allowHostPID: false
+allowHostPorts: false
+allowedFlexVolumes: null
+defaultAddCapabilities: []
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Openshift/csi/securitycontextconstraints-csidriver.yaml b/charts/hub/dynatrace/default/templates/Openshift/csi/securitycontextconstraints-csidriver.yaml
new file mode 100644
index 00000000..de5e8fc7
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Openshift/csi/securitycontextconstraints-csidriver.yaml
@@ -0,0 +1,49 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.needCSI" .) "true") }}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  name: dynatrace-oneagent-csi-driver
+  labels:
+    {{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
+allowHostDirVolumePlugin: true
+allowHostIPC: true
+allowHostNetwork: true
+allowHostPID: true
+allowHostPorts: true
+allowPrivilegedContainer: true
+allowedCapabilities:
+  - "*"
+allowedFlexVolumes: null
+defaultAddCapabilities: null
+fsGroup:
+  type: RunAsAny
+priority: 1
+readOnlyRootFilesystem: false
+requiredDropCapabilities: null
+runAsUser:
+  type: RunAsAny
+seLinuxContext:
+  type: RunAsAny
+seccompProfiles:
+  - "*"
+supplementalGroups:
+  type: RunAsAny
+users:
+  - system:serviceaccount:dynatrace:dynatrace-oneagent-csi-driver
+volumes:
+  - "*"
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Openshift/oneagent/securitycontextconstraints-privileged.yaml b/charts/hub/dynatrace/default/templates/Openshift/oneagent/securitycontextconstraints-privileged.yaml
new file mode 100644
index 00000000..5936d103
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Openshift/oneagent/securitycontextconstraints-privileged.yaml
@@ -0,0 +1,66 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  annotations:
+    kubernetes.io/description: "dynatrace-dynakube-oneagent-privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context."
+  name: dynatrace-dynakube-oneagent-privileged
+  labels:
+    {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
+allowHostDirVolumePlugin: true
+allowHostIPC: false
+allowHostNetwork: true
+allowHostPID: true
+allowHostPorts: true
+allowPrivilegedContainer: true
+allowedCapabilities:
+  - CHOWN
+  - DAC_OVERRIDE
+  - DAC_READ_SEARCH
+  - FOWNER
+  - FSETID
+  - KILL
+  - NET_ADMIN
+  - NET_RAW
+  - SETFCAP
+  - SETGID
+  - SETUID
+  - SYS_ADMIN
+  - SYS_CHROOT
+  - SYS_PTRACE
+  - SYS_RESOURCE
+allowedFlexVolumes: null
+defaultAddCapabilities: []
+fsGroup:
+  type: RunAsAny
+priority: 1
+readOnlyRootFilesystem: false
+requiredDropCapabilities:
+  - ALL
+runAsUser:
+  type: RunAsAny
+seLinuxContext:
+  type: RunAsAny
+seccompProfiles:
+  - "*"
+supplementalGroups:
+  type: RunAsAny
+users:
+  - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-dynakube-oneagent-privileged
+volumes:
+  - "*"
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml b/charts/hub/dynatrace/default/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml
new file mode 100644
index 00000000..756eac3a
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml
@@ -0,0 +1,66 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  annotations:
+    kubernetes.io/description: "dynatrace-dynakube-oneagent-unprivileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc."
+  name: dynatrace-dynakube-oneagent-unprivileged
+  labels:
+    {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
+allowHostDirVolumePlugin: true
+allowHostIPC: false
+allowHostNetwork: true
+allowHostPID: true
+allowHostPorts: true
+allowPrivilegedContainer: false
+allowedCapabilities:
+  - CHOWN
+  - DAC_OVERRIDE
+  - DAC_READ_SEARCH
+  - FOWNER
+  - FSETID
+  - KILL
+  - NET_ADMIN
+  - NET_RAW
+  - SETFCAP
+  - SETGID
+  - SETUID
+  - SYS_ADMIN
+  - SYS_CHROOT
+  - SYS_PTRACE
+  - SYS_RESOURCE
+allowedFlexVolumes: null
+defaultAddCapabilities: []
+fsGroup:
+  type: RunAsAny
+priority: 1
+readOnlyRootFilesystem: false
+requiredDropCapabilities:
+  - ALL
+runAsUser:
+  type: RunAsAny
+seLinuxContext:
+  type: RunAsAny
+seccompProfiles:
+  - "*"
+supplementalGroups:
+  type: RunAsAny
+users:
+  - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-dynakube-oneagent-unprivileged
+volumes:
+  - "*"
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Openshift/operator/securitycontextconstraints.yaml b/charts/hub/dynatrace/default/templates/Openshift/operator/securitycontextconstraints.yaml
new file mode 100644
index 00000000..55cc0580
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Openshift/operator/securitycontextconstraints.yaml
@@ -0,0 +1,49 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
+allowPrivilegedContainer: false
+fsGroup:
+  type: RunAsAny
+priority: 1
+readOnlyRootFilesystem: true
+requiredDropCapabilities:
+  - ALL
+runAsUser:
+  type: MustRunAsNonRoot
+seLinuxContext:
+  type: RunAsAny
+seccompProfiles:
+  - "*"
+supplementalGroups:
+  type: RunAsAny
+users:
+  - system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}
+volumes:
+  - "*"
+
+allowHostDirVolumePlugin: false
+allowHostIPC: false
+allowHostNetwork: false
+allowHostPID: false
+allowHostPorts: false
+allowedFlexVolumes: null
+defaultAddCapabilities: []
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/Openshift/webhook/securitycontextconstraints.yaml b/charts/hub/dynatrace/default/templates/Openshift/webhook/securitycontextconstraints.yaml
new file mode 100644
index 00000000..aa1b0a26
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/Openshift/webhook/securitycontextconstraints.yaml
@@ -0,0 +1,49 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  name: dynatrace-webhook
+  labels:
+    {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
+allowPrivilegedContainer: false
+fsGroup:
+  type: RunAsAny
+priority: 1
+readOnlyRootFilesystem: true
+requiredDropCapabilities:
+  - ALL
+runAsUser:
+  type: MustRunAsNonRoot
+seLinuxContext:
+  type: RunAsAny
+seccompProfiles:
+  - "*"
+supplementalGroups:
+  type: RunAsAny
+users:
+  - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-webhook
+volumes:
+  - "*"
+
+allowHostDirVolumePlugin: false
+allowHostIPC: false
+allowHostNetwork: true
+allowHostPID: false
+allowHostPorts: false
+allowedFlexVolumes: null
+defaultAddCapabilities: []
+{{ end }}
diff --git a/charts/hub/dynatrace/default/templates/_csidriver.tpl b/charts/hub/dynatrace/default/templates/_csidriver.tpl
new file mode 100644
index 00000000..b29658f3
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/_csidriver.tpl
@@ -0,0 +1,74 @@
+// Copyright 2020 Dynatrace LLC
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+{{/*
+Check if we need the csi driver.
+*/}}
+{{- define "dynatrace-operator.needCSI" -}}
+	{{- if or (.Values.csidriver.enabled) (eq (include "dynatrace-operator.partial" .) "csi") -}}
+		{{- printf "true" -}}
+	{{- end -}}
+{{- end -}}
+
+{{/*
+CSI PriorityClassName
+*/}}
+{{- define "dynatrace-operator.CSIPriorityClassName" -}}
+	{{- default "dynatrace-high-priority" .Values.csidriver.existingPriorityClassName -}}
+{{- end -}}
+
+{{/*
+Check if we need the csi default priority class
+*/}}
+{{- define "dynatrace-operator.needPriorityClass" -}}
+	{{- if and (eq (include "dynatrace-operator.needCSI" .) "true") (not .Values.csidriver.existingPriorityClassName) -}}
+		{{- printf "true" -}}
+	{{- end -}}
+{{- end -}}
+
+{{/*
+CSI plugin-dir path
+*/}}
+{{- define "dynatrace-operator.CSIPluginDir" -}}
+	{{ printf "%s/plugins/csi.oneagent.dynatrace.com/" (trimSuffix "/" (default "/var/lib/kubelet" .Values.csidriver.kubeletPath)) }}
+{{- end -}}
+
+
+{{/*
+CSI data-dir path
+*/}}
+{{- define "dynatrace-operator.CSIDataDir" -}}
+	{{ printf "%s/data" (trimSuffix "/" (include "dynatrace-operator.CSIPluginDir" .)) }}
+{{- end -}}
+
+{{/*
+CSI socket path
+*/}}
+{{- define "dynatrace-operator.CSISocketPath" -}}
+	{{ printf "%s/csi.sock" (trimSuffix "/" (include "dynatrace-operator.CSIPluginDir" .)) }}
+{{- end -}}
+
+{{/*
+CSI mountpoint-dir path
+*/}}
+{{- define "dynatrace-operator.CSIMountPointDir" -}}
+	{{ printf "%s/pods/" (trimSuffix "/" (default "/var/lib/kubelet" .Values.csidriver.kubeletPath)) }}
+{{- end -}}
+
+{{/*
+CSI registration-dir path
+*/}}
+{{- define "dynatrace-operator.CSIRegistrationDir" -}}
+	{{ printf "%s/plugins_registry/" (trimSuffix "/" (default "/var/lib/kubelet" .Values.csidriver.kubeletPath)) }}
+{{- end -}}
diff --git a/charts/hub/dynatrace/default/templates/_helpers.tpl b/charts/hub/dynatrace/default/templates/_helpers.tpl
new file mode 100644
index 00000000..7805e02f
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/_helpers.tpl
@@ -0,0 +1,73 @@
+// Copyright 2020 Dynatrace LLC
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "dynatrace-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Check if default image is used
+*/}}
+{{- define "dynatrace-operator.image" -}}
+{{- if .Values.image -}}
+	{{- printf "%s" .Values.image -}}
+{{- else -}}
+	{{- if eq .Values.platform "google-marketplace" -}}
+    	{{- printf "%s:%s" "gcr.io/dynatrace-marketplace-prod/dynatrace-operator" "{{ .Chart.AppVersion }}" }}
+	{{- else -}}
+		{{- printf "%s:v%s" "docker.io/dynatrace/dynatrace-operator" .Chart.AppVersion }}
+	{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Check if we are generating only a part of the yamls
+*/}}
+{{- define "dynatrace-operator.partial" -}}
+	{{- if (default false .Values.partial) -}}
+		{{- printf "%s" .Values.partial -}}
+	{{- else -}}
+	    {{- printf "false" -}}
+	{{- end -}}
+{{- end -}}
+
+
+{{/*
+Check if platform is set
+*/}}
+{{- define "dynatrace-operator.platformSet" -}}
+{{- if or (eq .Values.platform "kubernetes") (eq .Values.platform "openshift") (eq .Values.platform "google-marketplace") (eq .Values.platform "gke-autopilot") -}}
+    {{ default "set" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Exclude Kubernetes manifest not running on OLM
+*/}}
+{{- define "dynatrace-operator.openshiftOrOlm" -}}
+{{- if and (or (eq .Values.platform "openshift") (.Values.olm)) (eq (include "dynatrace-operator.partial" .) "false") -}}
+    {{ default "true" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Check if the platform is set
+*/}}
+{{- define "dynatrace-operator.platformRequired" -}}
+{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift, google-marketplace, or gke-autopilot" (include "dynatrace-operator.platformSet" .))}}
+{{- end -}}
diff --git a/charts/hub/dynatrace/default/templates/_labels.tpl b/charts/hub/dynatrace/default/templates/_labels.tpl
new file mode 100644
index 00000000..a41dbe09
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/_labels.tpl
@@ -0,0 +1,99 @@
+// Copyright 2020 Dynatrace LLC
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+{{/*
+Selector labels
+*/}}
+{{- define "dynatrace-operator.futureSelectorLabels" -}}
+app.kubernetes.io/name: {{ .Release.Name }}
+{{- if not (.Values).manifests }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "dynatrace-operator.commonLabels" -}}
+{{ include "dynatrace-operator.futureSelectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+{{- if not (.Values).manifests }}
+helm.sh/chart: {{ include "dynatrace-operator.chart" . }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Operator labels
+*/}}
+{{- define "dynatrace-operator.operatorLabels" -}}
+{{ include "dynatrace-operator.commonLabels" . }}
+app.kubernetes.io/component: operator
+{{- end -}}
+
+{{/*
+Operator selector labels
+*/}}
+{{- define "dynatrace-operator.operatorSelectorLabels" -}}
+name: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Webhook labels
+*/}}
+{{- define "dynatrace-operator.webhookLabels" -}}
+{{ include "dynatrace-operator.commonLabels" . }}
+app.kubernetes.io/component: webhook
+{{- end -}}
+
+{{/*
+Webhook selector labels
+*/}}
+{{- define "dynatrace-operator.webhookSelectorLabels" -}}
+internal.dynatrace.com/component: webhook
+internal.dynatrace.com/app: webhook
+{{- end -}}
+
+{{/*
+CSI labels
+*/}}
+{{- define "dynatrace-operator.csiLabels" -}}
+{{ include "dynatrace-operator.commonLabels" . }}
+app.kubernetes.io/component: csi-driver
+{{- end -}}
+
+{{/*
+CSI selector labels
+*/}}
+{{- define "dynatrace-operator.csiSelectorLabels" -}}
+internal.oneagent.dynatrace.com/app: csi-driver
+internal.oneagent.dynatrace.com/component: csi-driver
+{{- end -}}
+
+{{/*
+ActiveGate labels
+*/}}
+{{- define "dynatrace-operator.activegateLabels" -}}
+{{ include "dynatrace-operator.commonLabels" . }}
+app.kubernetes.io/component: activegate
+{{- end -}}
+
+{{/*
+OneAgent labels
+*/}}
+{{- define "dynatrace-operator.oneagentLabels" -}}
+{{ include "dynatrace-operator.commonLabels" . }}
+app.kubernetes.io/component: oneagent
+{{- end -}}
diff --git a/charts/hub/dynatrace/default/templates/application.yaml b/charts/hub/dynatrace/default/templates/application.yaml
new file mode 100644
index 00000000..4b2b3365
--- /dev/null
+++ b/charts/hub/dynatrace/default/templates/application.yaml
@@ -0,0 +1,99 @@
+{{- include "dynatrace-operator.platformRequired" . }}
+{{- if eq .Values.platform "google-marketplace" }}
+# Copyright 2020 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#     http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: app.k8s.io/v1beta1
+kind: Application
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
+  annotations:
+    kubernetes-engine.cloud.google.com/icon: data:image/png;base64,{{ .Files.Get "logo.png" | b64enc }}
+    marketplace.cloud.google.com/deploy-info: '{"partner_id": "dynatrace-marketplace-prod", "product_id": "dynatrace-operator", "partner_name": "Dynatrace LLC"}'
+spec:
+  descriptor:
+    type: "Dynatrace Operator"
+    version: {{ .Chart.AppVersion }}
+    maintainers:
+      - name: Dynatrace LLC
+        url: https://www.dynatrace.com/
+    keywords:
+      - "dynatrace"
+      - "operator"
+      - "activegate"
+      - "k8s"
+      - "monitoring"
+      - "apm"
+    description: |
+      # Dynatrace Operator
+
+      The Dynatrace Operator supports rollout and lifecycle management of various Dynatrace components in Kubernetes and OpenShift.
+
+      * OneAgent
+      * `classicFullStack` rolls out a OneAgent pod per node to monitor pods on it and the node itself
+      * `applicationMonitoring` is a webhook based injection mechanism for automatic app-only injection
+      * CSI Driver can be enabled to cache OneAgent downloads per node
+      * `hostMonitoring` is only monitoring the hosts (i.e. nodes) in the cluster without app-only injection
+      * `cloudNativeFullStack` is a combination of `applicationMonitoring` with CSI driver and `hostMonitoring`
+      * ActiveGate
+      * `routing` routes OneAgent traffic through the ActiveGate
+      * `kubernetes-monitoring` allows monitoring of the Kubernetes API
+      * `metrics-ingest` routes enriched metrics through ActiveGate
+
+      For more information please have a look at [our DynaKube Custom Resource examples](config/samples) and
+      our [official help page](https://www.dynatrace.com/support/help/setup-and-configuration/setup-on-container-platforms/kubernetes/).
+    links:
+      - description: Dynatrace Website
+        url: https://www.dynatrace.com/
+      - description: Operator Deploy Guide
+        url: ToDo
+      - description: Kubernetes Monitoring Info
+        url: https://www.dynatrace.com/technologies/kubernetes-monitoring
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: "{{ .Release.Name }}"
+  componentKinds:
+    - group: apps/v1
+      kind: DaemonSet
+    - group: v1
+      kind: Pod
+    - group: v1
+      kind: ConfigMap
+    - group: apps/v1
+      kind: Deployment
+    - group: v1
+      kind: Secret
+    - group: batch/v1
+      kind: Job
+    - group: v1
+      kind: Service
+    - group: v1
+      kind: ServiceAccount
+    - group: admissionregistration.k8s.io/v1
+      kind: ValidatingWebhookConfiguration
+    - group: admissionregistration.k8s.io/v1
+      kind: MutatingWebhookConfiguration
+    - group: apps/v1
+      kind: StatefulSet
+    - group: storage.k8s.io/v1
+      kind: CSIDriver
+    - group: rbac.authorization.k8s.io/v1
+      kind: ClusterRole
+    - group: rbac.authorization.k8s.io/v1
+      kind: ClusterRoleBinding
+    - group: rbac.authorization.k8s.io/v1
+      kind: Role
+    - group: rbac.authorization.k8s.io/v1
+      kind: RoleBinding
+{{ end }}
diff --git a/charts/hub/dynatrace/default/tests/Common/csi/clusterrole-csi_test.yaml b/charts/hub/dynatrace/default/tests/Common/csi/clusterrole-csi_test.yaml
new file mode 100644
index 00000000..4cc829bc
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/csi/clusterrole-csi_test.yaml
@@ -0,0 +1,78 @@
+suite: test clusterrole for the csi driver
+templates:
+  - Common/csi/clusterrole-csi.yaml
+tests:
+  - it: should not exist by default
+    set:
+      platform: kubernetes
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should be built correctly with CSI enabled
+    set:
+      platform: kubernetes
+      image: image-name
+      csidriver.enabled: true
+    asserts:
+      - isAPIVersion:
+          of: rbac.authorization.k8s.io/v1
+      - isKind:
+          of: ClusterRole
+      - equal:
+          path: metadata.name
+          value: dynatrace-oneagent-csi-driver
+      - isNotEmpty:
+          path: rules
+
+  - it: should have the correct rules
+    set:
+      platform: kubernetes
+      image: image-nam
+      csidriver.enabled: true
+    asserts:
+      - equal:
+          path: rules
+          value:
+            - apiGroups:
+                - ""
+              resources:
+                - namespaces
+              verbs:
+                - get
+                - list
+                - watch
+            - apiGroups:
+                - ""
+              resources:
+                - events
+              verbs:
+                - list
+                - watch
+                - create
+                - update
+                - patch
+            - apiGroups:
+                - storage.k8s.io
+              resources:
+                - csinodes
+              verbs:
+                - get
+                - list
+                - watch
+            - apiGroups:
+                - ""
+              resources:
+                - nodes
+              verbs:
+                - get
+                - list
+                - watch
+            - apiGroups:
+                - ""
+              resources:
+                - pods
+              verbs:
+                - get
+                - list
+                - watch
diff --git a/charts/hub/dynatrace/default/tests/Common/csi/clusterrolebinding-csi_test.yaml b/charts/hub/dynatrace/default/tests/Common/csi/clusterrolebinding-csi_test.yaml
new file mode 100644
index 00000000..c3f20371
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/csi/clusterrolebinding-csi_test.yaml
@@ -0,0 +1,36 @@
+suite: test clusterrolebinding for the csi driver
+templates:
+  - Common/csi/clusterrolebinding-csi.yaml
+tests:
+  - it: should not exist by default
+    set:
+      platform: kubernetes
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should be built correctly with CSI enabled
+    set:
+      platform: kubernetes
+      image: image-name
+      csidriver.enabled: true
+    asserts:
+      - isAPIVersion:
+          of: rbac.authorization.k8s.io/v1
+      - isKind:
+          of: ClusterRoleBinding
+      - equal:
+          path: metadata.name
+          value: dynatrace-oneagent-csi-driver
+      - equal:
+          path: subjects
+          value:
+            - kind: ServiceAccount
+              name: dynatrace-oneagent-csi-driver
+              namespace: NAMESPACE
+      - equal:
+          path: roleRef
+          value:
+            kind: ClusterRole
+            name: dynatrace-oneagent-csi-driver
+            apiGroup: rbac.authorization.k8s.io
diff --git a/charts/hub/dynatrace/default/tests/Common/csi/daemonset_test.yaml b/charts/hub/dynatrace/default/tests/Common/csi/daemonset_test.yaml
new file mode 100644
index 00000000..96bfe3ff
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/csi/daemonset_test.yaml
@@ -0,0 +1,489 @@
+suite: test deployment for csi DaemonSet
+templates:
+  - Common/csi/daemonset.yaml
+tests:
+  - it: should not exist by default
+    set:
+      platform: kubernetes
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should have tolerations by default
+    set:
+      platform: kubernetes
+      csidriver.enabled: true
+    asserts:
+    - equal:
+        path: spec.template.spec.tolerations
+        value:
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/master
+            operator: Exists
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/control-plane
+            operator: Exists
+          - effect: NoSchedule
+            key: kubernetes.io/arch
+            value: arm64
+          - effect: NoSchedule
+            key: kubernetes.io/arch
+            value: amd64
+          - effect: NoSchedule
+            key: ToBeDeletedByClusterAutoscaler
+            operator: Exists
+
+  - it: should set the env maxUnmountedVolumeAge
+    set:
+      platform: kubernetes
+      csidriver.enabled: true
+      csidriver.maxUnmountedVolumeAge: 1h
+    asserts:
+    - equal:
+        path: spec.template.spec.containers[1].env[1] #provisioner
+        value:
+          name: MAX_UNMOUNTED_VOLUME_AGE
+          value: 1h
+
+  - it: should have nodeSelectors if set
+    set:
+      platform: kubernetes
+      csidriver.enabled: true
+      csidriver.nodeSelector:
+        test-key: test-value
+    asserts:
+    - equal:
+        path: spec.template.spec.nodeSelector
+        value:
+          test-key: test-value
+
+  - it: should exist in case of CSI enabled
+    set:
+      platform: kubernetes
+      image: image-name
+      csidriver.enabled: true
+    asserts:
+      - isKind:
+          of: DaemonSet
+      - equal:
+          path: metadata.name
+          value: dynatrace-oneagent-csi-driver
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - isNotEmpty:
+          path: metadata.labels
+      - isNotEmpty:
+          path: spec.template.metadata.labels
+
+  - it: should create correct spec for template of daemonset spec
+    set:
+      platform: kubernetes
+      image: image-name
+      csidriver.enabled: true
+    asserts:
+      - isNotEmpty:
+          path: spec.template.metadata.labels
+      - equal:
+          path: spec.template.spec
+          value:
+            priorityClassName: dynatrace-high-priority
+            tolerations:
+                - effect: NoSchedule
+                  key: node-role.kubernetes.io/master
+                  operator: Exists
+                - effect: NoSchedule
+                  key: node-role.kubernetes.io/control-plane
+                  operator: Exists
+                - effect: NoSchedule
+                  key: kubernetes.io/arch
+                  value: arm64
+                - effect: NoSchedule
+                  key: kubernetes.io/arch
+                  value: amd64
+                - effect: NoSchedule
+                  key: ToBeDeletedByClusterAutoscaler
+                  operator: Exists
+            containers:
+              - args:
+                  - csi-server
+                  - "--endpoint=unix://csi/csi.sock"
+                  - "--node-id=$(KUBE_NODE_NAME)"
+                  - "--health-probe-bind-address=:10080"
+                env:
+                  - name: POD_NAMESPACE
+                    valueFrom:
+                      fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                  - name: KUBE_NODE_NAME
+                    valueFrom:
+                      fieldRef:
+                        apiVersion: v1
+                        fieldPath: spec.nodeName
+                image: image-name
+                imagePullPolicy: Always
+                livenessProbe:
+                  failureThreshold: 3
+                  httpGet:
+                    path: "/livez"
+                    port: livez
+                    scheme: HTTP
+                  initialDelaySeconds: 5
+                  periodSeconds: 5
+                  successThreshold: 1
+                  timeoutSeconds: 1
+                name: server
+                ports:
+                  - containerPort: 10080
+                    name: livez
+                    protocol: TCP
+                resources:
+                  limits:
+                    cpu: 50m
+                    memory: 100Mi
+                  requests:
+                    cpu: 50m
+                    memory: 100Mi
+                securityContext:
+                  allowPrivilegeEscalation: true
+                  privileged: true
+                  readOnlyRootFilesystem: true
+                  runAsNonRoot: false
+                  runAsUser: 0
+                  seLinuxOptions:
+                    level: s0
+                  seccompProfile:
+                    type: RuntimeDefault
+                terminationMessagePath: "/dev/termination-log"
+                terminationMessagePolicy: File
+                volumeMounts:
+                  - mountPath: "/csi"
+                    name: plugin-dir
+                  - mountPath: "/var/lib/kubelet/pods/"
+                    mountPropagation: Bidirectional
+                    name: mountpoint-dir
+                  - mountPath: "/data"
+                    mountPropagation: Bidirectional
+                    name: data-dir
+                  - mountPath: "/tmp"
+                    name: tmp-dir
+              - args:
+                  - csi-provisioner
+                  - "--health-probe-bind-address=:10090"
+                env:
+                  - name: POD_NAMESPACE
+                    valueFrom:
+                      fieldRef:
+                        apiVersion: v1
+                        fieldPath: metadata.namespace
+                image: image-name
+                imagePullPolicy: Always
+                livenessProbe:
+                  failureThreshold: 3
+                  httpGet:
+                    path: "/livez"
+                    port: livez
+                    scheme: HTTP
+                  initialDelaySeconds: 5
+                  periodSeconds: 5
+                  successThreshold: 1
+                  timeoutSeconds: 1
+                name: provisioner
+                ports:
+                  - containerPort: 10090
+                    name: livez
+                    protocol: TCP
+                resources:
+                  limits:
+                    cpu: 300m
+                    memory: 100Mi
+                  requests:
+                    cpu: 300m
+                    memory: 100Mi
+                securityContext:
+                  allowPrivilegeEscalation: true
+                  privileged: true
+                  readOnlyRootFilesystem: true
+                  runAsNonRoot: false
+                  runAsUser: 0
+                  seLinuxOptions:
+                    level: s0
+                  seccompProfile:
+                    type: RuntimeDefault
+                terminationMessagePath: "/dev/termination-log"
+                terminationMessagePolicy: File
+                volumeMounts:
+                  - mountPath: "/data"
+                    mountPropagation: Bidirectional
+                    name: data-dir
+                  - mountPath: "/tmp"
+                    name: tmp-dir
+              - args:
+                  - "--csi-address=/csi/csi.sock"
+                  - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
+                command:
+                  - csi-node-driver-registrar
+                env:
+                  - name: DRIVER_REG_SOCK_PATH
+                    value: "/var/lib/kubelet/plugins/csi.oneagent.dynatrace.com/csi.sock"
+                image: image-name
+                imagePullPolicy: Always
+                name: registrar
+                resources:
+                  limits:
+                    cpu: 20m
+                    memory: 30Mi
+                  requests:
+                    cpu: 20m
+                    memory: 30Mi
+                securityContext:
+                  privileged: false
+                  readOnlyRootFilesystem: true
+                  runAsNonRoot: false
+                  runAsUser: 0
+                  seccompProfile:
+                    type: RuntimeDefault
+                terminationMessagePath: "/dev/termination-log"
+                terminationMessagePolicy: File
+                volumeMounts:
+                  - mountPath: "/csi"
+                    name: plugin-dir
+                  - mountPath: "/registration"
+                    name: registration-dir
+                  - mountPath: "/var/lib/kubelet/plugins/csi.oneagent.dynatrace.com/"
+                    name: lockfile-dir
+              - args:
+                  - "--csi-address=/csi/csi.sock"
+                  - "--health-port=9898"
+                command:
+                  - livenessprobe
+                image: image-name
+                imagePullPolicy: Always
+                name: liveness-probe
+                resources:
+                  limits:
+                    cpu: 20m
+                    memory: 30Mi
+                  requests:
+                    cpu: 20m
+                    memory: 30Mi
+                securityContext:
+                  allowPrivilegeEscalation: false
+                  privileged: false
+                  readOnlyRootFilesystem: true
+                  runAsNonRoot: false
+                  runAsUser: 0
+                  seccompProfile:
+                    type: RuntimeDefault
+                terminationMessagePath: "/dev/termination-log"
+                terminationMessagePolicy: File
+                volumeMounts:
+                  - mountPath: "/csi"
+                    name: plugin-dir
+            dnsPolicy: ClusterFirst
+            restartPolicy: Always
+            schedulerName: default-scheduler
+            securityContext: { }
+            serviceAccountName: dynatrace-oneagent-csi-driver
+            terminationGracePeriodSeconds: 30
+            volumes:
+              - hostPath:
+                  path: /var/lib/kubelet/plugins_registry/
+                  type: Directory
+                name: registration-dir
+              - hostPath:
+                  path: /var/lib/kubelet/plugins/csi.oneagent.dynatrace.com/
+                  type: DirectoryOrCreate
+                name: plugin-dir
+              - hostPath:
+                  path: /var/lib/kubelet/plugins/csi.oneagent.dynatrace.com/data
+                  type: DirectoryOrCreate
+                name: data-dir
+              - hostPath:
+                  path: /var/lib/kubelet/pods/
+                  type: DirectoryOrCreate
+                name: mountpoint-dir
+              - emptyDir: { }
+                name: lockfile-dir
+              - emptyDir: { }
+                name: tmp-dir
+
+  - it: should have imagePullSecrets defined in spec
+    set:
+      platform: kubernetes
+      customPullSecret: pull-secret
+      csidriver.enabled: true
+    asserts:
+      - equal:
+          path: spec.template.spec.imagePullSecrets[0].name
+          value: pull-secret
+
+  - it: should take custom labels
+    set:
+      platform: kubernetes
+      csidriver.enabled: true
+      csidriver.labels:
+        testKey: testValue
+    asserts:
+      - isNotEmpty:
+          path: metadata.labels.testKey
+      - equal:
+          path: metadata.labels.testKey
+          value: testValue
+
+  - it: should take custom annotations
+    set:
+      platform: kubernetes
+      csidriver.enabled: true
+      csidriver.annotations:
+        testKey: testValue
+    asserts:
+      - equal:
+          path: spec.template.metadata.annotations
+          value:
+            dynatrace.com/inject: "false"
+            cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false"
+            kubectl.kubernetes.io/default-container: provisioner
+            testKey: testValue
+
+  - it: should take custom labels in spec.template.metadata.labels path
+    set:
+      platform: kubernetes
+      csidriver.enabled: true
+      csidriver.labels:
+        testKey: testValue
+    asserts:
+      - isNotEmpty:
+          path: spec.template.metadata.labels.testKey
+      - equal:
+          path: spec.template.metadata.labels.testKey
+          value: testValue
+
+  - it: should take resource limits from values file for provisioner
+    set:
+      csidriver.enabled: true
+      csidriver.provisioner.resources.requests.cpu: 600m
+      csidriver.provisioner.resources.requests.memory: 200Mi
+      csidriver.provisioner.resources.limits.cpu: 900m
+      csidriver.provisioner.resources.limits.memory: 300Mi
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[1].name
+          value: provisioner
+      - equal:
+          path: spec.template.spec.containers[1].resources.requests.cpu
+          value: 600m
+      - equal:
+          path: spec.template.spec.containers[1].resources.requests.memory
+          value: 200Mi
+      - equal:
+          path: spec.template.spec.containers[1].resources.limits.cpu
+          value: 900m
+      - equal:
+          path: spec.template.spec.containers[1].resources.limits.memory
+          value: 300Mi
+  - it: should take resource limits from values file for server
+    set:
+      csidriver.enabled: true
+      csidriver.server.resources.requests.cpu: 600m
+      csidriver.server.resources.requests.memory: 200Mi
+      csidriver.server.resources.limits.cpu: 900m
+      csidriver.server.resources.limits.memory: 300Mi
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].name
+          value: server
+      - equal:
+          path: spec.template.spec.containers[0].resources.requests.cpu
+          value: 600m
+      - equal:
+          path: spec.template.spec.containers[0].resources.requests.memory
+          value: 200Mi
+      - equal:
+          path: spec.template.spec.containers[0].resources.limits.cpu
+          value: 900m
+      - equal:
+          path: spec.template.spec.containers[0].resources.limits.memory
+          value: 300Mi
+  - it: should take resource limits from values file for registrar
+    set:
+      csidriver.enabled: true
+      csidriver.registrar.resources.requests.cpu: 600m
+      csidriver.registrar.resources.requests.memory: 200Mi
+      csidriver.registrar.resources.limits.cpu: 900m
+      csidriver.registrar.resources.limits.memory: 300Mi
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[2].name
+          value: registrar
+      - equal:
+          path: spec.template.spec.containers[2].resources.requests.cpu
+          value: 600m
+      - equal:
+          path: spec.template.spec.containers[2].resources.requests.memory
+          value: 200Mi
+      - equal:
+          path: spec.template.spec.containers[2].resources.limits.cpu
+          value: 900m
+      - equal:
+          path: spec.template.spec.containers[2].resources.limits.memory
+          value: 300Mi
+  - it: should take resource limits from values file for livenessprobe
+    set:
+      csidriver.enabled: true
+      csidriver.livenessprobe.resources.requests.cpu: 600m
+      csidriver.livenessprobe.resources.requests.memory: 200Mi
+      csidriver.livenessprobe.resources.limits.cpu: 900m
+      csidriver.livenessprobe.resources.limits.memory: 300Mi
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[3].name
+          value: liveness-probe
+      - equal:
+          path: spec.template.spec.containers[3].resources.requests.cpu
+          value: 600m
+      - equal:
+          path: spec.template.spec.containers[3].resources.requests.memory
+          value: 200Mi
+      - equal:
+          path: spec.template.spec.containers[3].resources.limits.cpu
+          value: 900m
+      - equal:
+          path: spec.template.spec.containers[3].resources.limits.memory
+          value: 300Mi
+  - it: should take kubelet path from values file
+    set:
+      csidriver.enabled: true
+      csidriver.kubeletPath: "my/kubelet/"
+    asserts:
+      - equal:
+          path: spec.template.spec.volumes[0].hostPath.path
+          value: "my/kubelet/plugins_registry/"
+      - equal:
+          path: spec.template.spec.volumes[1].hostPath.path
+          value: "my/kubelet/plugins/csi.oneagent.dynatrace.com/"
+      - equal:
+          path: spec.template.spec.volumes[2].hostPath.path
+          value: "my/kubelet/plugins/csi.oneagent.dynatrace.com/data"
+      - equal:
+          path: spec.template.spec.volumes[3].hostPath.path
+          value: "my/kubelet/pods/"
+      - equal:
+          path: spec.template.spec.containers[0].volumeMounts[1].mountPath
+          value: "my/kubelet/pods/"
+      - equal:
+          path: spec.template.spec.containers[2].env[0].value
+          value: "my/kubelet/plugins/csi.oneagent.dynatrace.com/csi.sock"
+      - equal:
+          path: spec.template.spec.containers[2].volumeMounts[2].mountPath
+          value: "my/kubelet/plugins/csi.oneagent.dynatrace.com/"
+  - it: should use existing priority class if given
+    set:
+      platform: kubernetes
+      csidriver.existingPriorityClassName: "my-custom-priority-class"
+      csidriver.enabled: true
+    asserts:
+      - equal:
+          path: spec.template.spec.priorityClassName
+          value: "my-custom-priority-class"
diff --git a/charts/hub/dynatrace/default/tests/Common/csi/priority-class_test.yaml b/charts/hub/dynatrace/default/tests/Common/csi/priority-class_test.yaml
new file mode 100644
index 00000000..9f687fd6
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/csi/priority-class_test.yaml
@@ -0,0 +1,43 @@
+suite: test priority class
+templates:
+  - Common/csi/priority-class.yaml
+tests:
+  - it: should exist if csi driver is enabled
+    set:
+      platform: kubernetes
+      csidriver.enabled: true
+    asserts:
+      - equal:
+          path: metadata.name
+          value: dynatrace-high-priority
+      - equal:
+          path: value
+          value: 1000000
+  - it: should have specified value
+    set:
+      platform: kubernetes
+      csidriver.priorityClassValue: "10"
+      csidriver.enabled: true
+    asserts:
+      - equal:
+          path: metadata.name
+          value: dynatrace-high-priority
+      - equal:
+          path: value
+          value: 10
+  - it: should not exists if csi driver is disabled
+    set:
+      platform: kubernetes
+      csidriver.priorityClassValue: "10"
+      csidriver.enabled: false
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: should not exists if csi enabled and custom priority class name is given
+    set:
+      platform: kubernetes
+      csidriver.existingPriorityClassName: "my-custom-priority-class"
+      csidriver.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 0
diff --git a/charts/hub/dynatrace/default/tests/Common/csi/role-csi_test.yaml b/charts/hub/dynatrace/default/tests/Common/csi/role-csi_test.yaml
new file mode 100644
index 00000000..25ab00b3
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/csi/role-csi_test.yaml
@@ -0,0 +1,85 @@
+suite: test role for the csi driver
+templates:
+  - Common/csi/role-csi.yaml
+tests:
+  - it: should not exist by default
+    set:
+      platform: kubernetes
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should be built correctly with CSI enabled
+    set:
+      platform: kubernetes
+      image: image-name
+      csidriver.enabled: true
+    asserts:
+      - isAPIVersion:
+          of: rbac.authorization.k8s.io/v1
+      - isKind:
+          of: Role
+      - equal:
+          path: metadata.name
+          value: dynatrace-oneagent-csi-driver
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - isNotEmpty:
+          path: rules
+
+  - it: should have correct rules
+    set:
+      platform: kubernetes
+      image: image-name
+      csidriver.enabled: true
+    asserts:
+      - equal:
+          path: rules
+          value:
+            - apiGroups:
+                - ""
+              resources:
+                - endpoints
+              verbs:
+                - get
+                - watch
+                - list
+                - delete
+                - update
+                - create
+            - apiGroups:
+                - coordination.k8s.io
+              resources:
+                - leases
+              verbs:
+                - get
+                - watch
+                - list
+                - delete
+                - update
+                - create
+            - apiGroups:
+                - dynatrace.com
+              resources:
+                - dynakubes
+              verbs:
+                - get
+                - list
+                - watch
+            - apiGroups:
+                - ""
+              resources:
+                - secrets
+              verbs:
+                - get
+                - list
+                - watch
+            - apiGroups:
+                - ""
+              resources:
+                - configmaps
+              verbs:
+                - get
+                - list
+                - watch
diff --git a/charts/hub/dynatrace/default/tests/Common/csi/rolebinding-csi_test.yaml b/charts/hub/dynatrace/default/tests/Common/csi/rolebinding-csi_test.yaml
new file mode 100644
index 00000000..6d0d3ff5
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/csi/rolebinding-csi_test.yaml
@@ -0,0 +1,36 @@
+suite: test rolebinding of the csi driver
+templates:
+  - Common/csi/rolebinding-csi.yaml
+tests:
+  - it: should not exist by default
+    set:
+      platform: kubernetes
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should be built correctly with CSI enabled
+    set:
+      platform: kubernetes
+      image: image-name
+      csidriver.enabled: true
+    asserts:
+      - isAPIVersion:
+          of: rbac.authorization.k8s.io/v1
+      - isKind:
+          of: RoleBinding
+      - equal:
+          path: metadata.name
+          value: dynatrace-oneagent-csi-driver
+      - equal:
+          path: subjects
+          value:
+            - kind: ServiceAccount
+              name: dynatrace-oneagent-csi-driver
+              namespace: NAMESPACE
+      - equal:
+          path: roleRef
+          value:
+            kind: Role
+            name: dynatrace-oneagent-csi-driver
+            apiGroup: rbac.authorization.k8s.io
diff --git a/charts/hub/dynatrace/default/tests/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring_test.yaml b/charts/hub/dynatrace/default/tests/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring_test.yaml
new file mode 100644
index 00000000..6bbd2eb5
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring_test.yaml
@@ -0,0 +1,95 @@
+suite: test clusterrole for kubernetes monitoring
+templates:
+  - Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml
+tests:
+  - it: should exist
+    set:
+      platform: kubernetes
+    asserts:
+      - isKind:
+          of: ClusterRole
+      - equal:
+          path: metadata.name
+          value: dynatrace-kubernetes-monitoring
+      - isNotEmpty:
+          path: metadata.labels
+      - isNotEmpty:
+          path: rules
+      - contains:
+          path: rules
+          content:
+            apiGroups:
+              - ""
+            resources:
+              - nodes
+              - pods
+              - namespaces
+              - replicationcontrollers
+              - events
+              - resourcequotas
+              - pods/proxy
+              - nodes/proxy
+              - nodes/metrics
+              - services
+            verbs:
+              - list
+              - watch
+              - get
+      - contains:
+          path: rules
+          content:
+            apiGroups:
+              - batch
+            resources:
+              - jobs
+              - cronjobs
+            verbs:
+              - list
+              - watch
+              - get
+      - contains:
+          path: rules
+          content:
+            apiGroups:
+              - apps
+            resources:
+              - deployments
+              - replicasets
+              - statefulsets
+              - daemonsets
+            verbs:
+              - list
+              - watch
+              - get
+      - contains:
+          path: rules
+          content:
+            apiGroups:
+              - apps.openshift.io
+            resources:
+              - deploymentconfigs
+            verbs:
+              - list
+              - watch
+              - get
+      - contains:
+          path: rules
+          content:
+            apiGroups:
+              - config.openshift.io
+            resources:
+              - clusterversions
+            verbs:
+              - list
+              - watch
+              - get
+      - contains:
+          path: rules
+          content:
+            nonResourceURLs:
+              - /metrics
+              - /version
+              - /readyz
+              - /livez
+            verbs:
+              - get
diff --git a/charts/hub/dynatrace/default/tests/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring_test.yaml b/charts/hub/dynatrace/default/tests/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring_test.yaml
new file mode 100644
index 00000000..8949c43b
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring_test.yaml
@@ -0,0 +1,27 @@
+suite: test clusterrole-binding for kubernetes monitoring
+templates:
+  - Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml
+tests:
+  - it: should exist
+    set:
+      platform: kubernetes
+    asserts:
+      - isKind:
+          of: ClusterRoleBinding
+      - equal:
+          path: metadata.name
+          value: dynatrace-kubernetes-monitoring
+      - isNotEmpty:
+          path: metadata.labels
+      - equal:
+          path: roleRef
+          value:
+            apiGroup: rbac.authorization.k8s.io
+            kind: ClusterRole
+            name: dynatrace-kubernetes-monitoring
+      - contains:
+          path: subjects
+          content:
+            kind: ServiceAccount
+            name: dynatrace-kubernetes-monitoring
+            namespace: NAMESPACE
diff --git a/charts/hub/dynatrace/default/tests/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring_test.yaml b/charts/hub/dynatrace/default/tests/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring_test.yaml
new file mode 100644
index 00000000..4b64f421
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring_test.yaml
@@ -0,0 +1,18 @@
+suite: test service account for kubernetes monitoring
+templates:
+  - Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring.yaml
+tests:
+  - it: should exist
+    set:
+      platform: kubernetes
+    asserts:
+      - isKind:
+          of: ServiceAccount
+      - equal:
+          path: metadata.name
+          value: dynatrace-kubernetes-monitoring
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - isNotEmpty:
+          path: metadata.labels
diff --git a/charts/hub/dynatrace/default/tests/Common/oneagent/serviceaccount-oneagent-unprivileged_test.yaml b/charts/hub/dynatrace/default/tests/Common/oneagent/serviceaccount-oneagent-unprivileged_test.yaml
new file mode 100644
index 00000000..aa7c2e76
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/oneagent/serviceaccount-oneagent-unprivileged_test.yaml
@@ -0,0 +1,34 @@
+suite: test serviceaccount for oneagent
+templates:
+  - Common/oneagent/serviceaccount-oneagent-unprivileged.yaml
+tests:
+  - it: should exist
+    set:
+      platform: kubernetes
+    asserts:
+      - isKind:
+          of: ServiceAccount
+      - equal:
+          path: metadata.name
+          value: dynatrace-dynakube-oneagent-unprivileged
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - isNull:
+          path: imagePullSecrets
+
+  - it: should exist
+    set:
+      platform: openshift
+    asserts:
+      - isKind:
+          of: ServiceAccount
+      - equal:
+          path: metadata.name
+          value: dynatrace-dynakube-oneagent-unprivileged
+      - equal:
+          path: imagePullSecrets
+          value:
+            - name: redhat-connect
+            - name: redhat-connect-sso
+
diff --git a/charts/hub/dynatrace/default/tests/Common/operator/clusterrolebinding-operator_test.yaml b/charts/hub/dynatrace/default/tests/Common/operator/clusterrolebinding-operator_test.yaml
new file mode 100644
index 00000000..ca9233c4
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/operator/clusterrolebinding-operator_test.yaml
@@ -0,0 +1,27 @@
+suite: test clusterrole-binding for dynatrace operator
+templates:
+  - Common/operator/clusterrolebinding-operator.yaml
+tests:
+  - it: should exist
+    set:
+      platform: kubernetes
+    asserts:
+      - isKind:
+          of: ClusterRoleBinding
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME
+      - isNotEmpty:
+          path: metadata.labels
+      - contains:
+          path: subjects
+          content:
+            kind: ServiceAccount
+            name: RELEASE-NAME
+            namespace: NAMESPACE
+      - equal:
+          path: roleRef
+          value:
+            kind: ClusterRole
+            name: RELEASE-NAME
+            apiGroup: rbac.authorization.k8s.io
diff --git a/charts/hub/dynatrace/default/tests/Common/operator/deployment-operator_test.yaml b/charts/hub/dynatrace/default/tests/Common/operator/deployment-operator_test.yaml
new file mode 100644
index 00000000..04bc20a0
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/operator/deployment-operator_test.yaml
@@ -0,0 +1,416 @@
+suite: test deployment for dynatrace operator
+templates:
+  - Common/operator/deployment-operator.yaml
+tests:
+  - it: should exist if platform is set to kubernetes
+    set:
+      platform: kubernetes
+    asserts:
+      - hasDocuments:
+          count: 1
+
+  - it: should exist if platform is set to openshift
+    set:
+      platform: openshift
+    asserts:
+      - hasDocuments:
+          count: 1
+
+  - it: should exist if platform is set to google-marketplace
+    set:
+      platform: google-marketplace
+    asserts:
+      - hasDocuments:
+          count: 1
+
+  - it: should exist if platform is set to gke-autopilot
+    set:
+      platform: gke-autopilot
+    asserts:
+      - hasDocuments:
+          count: 1
+
+  - it: should exist on kubernetes
+    set:
+      platform: kubernetes
+      image: image-name
+    asserts:
+      - isKind:
+          of: Deployment
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - isNotEmpty:
+          path: metadata.labels
+      - equal:
+          path: spec.replicas
+          value: 1
+      - isNotEmpty:
+          path: spec.selector
+      - isNotEmpty:
+          path: spec.template.metadata.labels
+      - equal:
+          path: spec.strategy
+          value:
+            type: RollingUpdate
+      - equal:
+          path: spec.revisionHistoryLimit
+          value: 1
+      - equal:
+          path: spec.template.spec
+          value:
+            containers:
+              - name: RELEASE-NAME
+                args:
+                  - operator
+                # Replace this with the built image name
+                image: image-name
+                imagePullPolicy: Always
+                env:
+                  - name: POD_NAMESPACE
+                    valueFrom:
+                      fieldRef:
+                        fieldPath: metadata.namespace
+                  - name: POD_NAME
+                    valueFrom:
+                      fieldRef:
+                        fieldPath: metadata.name
+                ports:
+                  - containerPort: 10080
+                    name: server-port
+                resources:
+                  requests:
+                    cpu: 50m
+                    memory: 64Mi
+                  limits:
+                    cpu: 100m
+                    memory: 128Mi
+                volumeMounts:
+                  - name: tmp-cert-dir
+                    mountPath: /tmp/dynatrace-operator
+                readinessProbe:
+                  httpGet:
+                    path: /livez
+                    port: server-port
+                    scheme: HTTP
+                  initialDelaySeconds: 15
+                  periodSeconds: 10
+                livenessProbe:
+                  httpGet:
+                    path: /livez
+                    port: server-port
+                    scheme: HTTP
+                  initialDelaySeconds: 15
+                  periodSeconds: 10
+                securityContext:
+                  seccompProfile:
+                    type: RuntimeDefault
+                  privileged: false
+                  allowPrivilegeEscalation: false
+                  readOnlyRootFilesystem: true
+                  runAsNonRoot: true
+                  runAsUser: 1001
+                  runAsGroup: 1001
+                  capabilities:
+                    drop:
+                      - ALL
+            affinity:
+              nodeAffinity:
+                requiredDuringSchedulingIgnoredDuringExecution:
+                  nodeSelectorTerms:
+                    - matchExpressions:
+                        - key: kubernetes.io/arch
+                          operator: In
+                          values:
+                            - amd64
+                            - arm64
+                        - key: kubernetes.io/os
+                          operator: In
+                          values:
+                            - linux
+            volumes:
+              - emptyDir: { }
+                name: tmp-cert-dir
+            serviceAccountName: RELEASE-NAME
+            tolerations:
+              - effect: NoSchedule
+                key: kubernetes.io/arch
+                value: arm64
+              - effect: NoSchedule
+                key: kubernetes.io/arch
+                value: amd64
+      - isNull:
+          path: spec.template.spec.nodeSelector
+
+
+  - it: should have tolerations if set in kubernetes
+    set:
+      platform: kubernetes
+      operator.tolerations:
+        - effect: NoSchedule
+          key: a-special-taint
+          value: a-special-value
+    asserts:
+      - equal:
+          path: spec.template.spec.tolerations
+          value:
+            - effect: NoSchedule
+              key: a-special-taint
+              value: a-special-value
+            - effect: NoSchedule
+              key: kubernetes.io/arch
+              value: arm64
+            - effect: NoSchedule
+              key: kubernetes.io/arch
+              value: amd64
+
+  - it: should have nodeSelectors if set in kubernetes
+    set:
+      platform: kubernetes
+      operator.nodeSelector:
+        test-key: test-value
+    asserts:
+      - equal:
+          path: spec.template.spec.nodeSelector
+          value:
+            test-key: test-value
+
+  - it: should not have imagePullSecrets defined in spec
+    set:
+      platform: kubernetes
+    asserts:
+      - isNull:
+          path: spec.template.spec.imagePullSecrets
+
+  - it: should exist on openshift
+    set:
+      platform: openshift
+      image: image-name
+    asserts:
+      - isKind:
+          of: Deployment
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - isNotEmpty:
+          path: metadata.labels
+      - equal:
+          path: spec.replicas
+          value: 1
+      - isNotEmpty:
+          path: spec.selector
+      - isNotEmpty:
+          path: spec.template.metadata.labels
+      - equal:
+          path: spec.strategy
+          value:
+            type: RollingUpdate
+      - equal:
+          path: spec.revisionHistoryLimit
+          value: 1
+      - equal:
+          path: spec.template.spec
+          value:
+            containers:
+              - name: RELEASE-NAME
+                args:
+                  - operator
+                # Replace this with the built image name
+                image: image-name
+                imagePullPolicy: Always
+                env:
+                  - name: POD_NAMESPACE
+                    valueFrom:
+                      fieldRef:
+                        fieldPath: metadata.namespace
+                  - name: POD_NAME
+                    valueFrom:
+                      fieldRef:
+                        fieldPath: metadata.name
+                ports:
+                  - containerPort: 10080
+                    name: server-port
+                resources:
+                  requests:
+                    cpu: 50m
+                    memory: 64Mi
+                  limits:
+                    cpu: 100m
+                    memory: 128Mi
+                volumeMounts:
+                  - name: tmp-cert-dir
+                    mountPath: /tmp/dynatrace-operator
+                readinessProbe:
+                  httpGet:
+                    path: /livez
+                    port: server-port
+                    scheme: HTTP
+                  initialDelaySeconds: 15
+                  periodSeconds: 10
+                livenessProbe:
+                  httpGet:
+                    path: /livez
+                    port: server-port
+                    scheme: HTTP
+                  initialDelaySeconds: 15
+                  periodSeconds: 10
+                securityContext:
+                  seccompProfile:
+                    type: RuntimeDefault
+                  privileged: false
+                  allowPrivilegeEscalation: false
+                  readOnlyRootFilesystem: true
+                  runAsNonRoot: true
+                  runAsUser: 1001
+                  runAsGroup: 1001
+                  capabilities:
+                    drop:
+                      - ALL
+            affinity:
+              nodeAffinity:
+                requiredDuringSchedulingIgnoredDuringExecution:
+                  nodeSelectorTerms:
+                    - matchExpressions:
+                        - key: kubernetes.io/arch
+                          operator: In
+                          values:
+                            - amd64
+                            - arm64
+                        - key: kubernetes.io/os
+                          operator: In
+                          values:
+                            - linux
+            volumes:
+              - emptyDir: { }
+                name: tmp-cert-dir
+            serviceAccountName: RELEASE-NAME
+            tolerations:
+              - effect: NoSchedule
+                key: kubernetes.io/arch
+                value: arm64
+              - effect: NoSchedule
+                key: kubernetes.io/arch
+                value: amd64
+      - isNull:
+          path: spec.template.spec.nodeSelector
+
+  - it: should have tolerations if set in openshift
+    set:
+      platform: openshift
+      operator.tolerations:
+        - effect: NoSchedule
+          key: a-special-taint
+          value: a-special-value
+    asserts:
+      - equal:
+          path: spec.template.spec.tolerations
+          value:
+            - effect: NoSchedule
+              key: a-special-taint
+              value: a-special-value
+            - effect: NoSchedule
+              key: kubernetes.io/arch
+              value: arm64
+            - effect: NoSchedule
+              key: kubernetes.io/arch
+              value: amd64
+
+  - it: should have nodeSelectors if set in openshift
+    set:
+      platform: openshift
+      operator.nodeSelector:
+        test-key: test-value
+    asserts:
+      - equal:
+          path: spec.template.spec.nodeSelector
+          value:
+            test-key: test-value
+
+  - it: should have imagePullSecrets defined in spec
+    set:
+      platform: openshift
+      customPullSecret: pull-secret
+    asserts:
+      - equal:
+          path: spec.template.spec.imagePullSecrets[0].name
+          value: pull-secret
+
+  - it: should not have imagePullSecrets defined in spec
+    set:
+      platform: openshift
+    asserts:
+      - isNull:
+          path: spec.template.spec.imagePullSecrets
+
+  - it: should have only OS node affinity on GKE Autopilot
+    set:
+      platform: gke-autopilot
+    asserts:
+      - equal:
+          path: spec.template.spec.affinity
+          value:
+              nodeAffinity:
+                requiredDuringSchedulingIgnoredDuringExecution:
+                  nodeSelectorTerms:
+                    - matchExpressions:
+                        - key: kubernetes.io/os
+                          operator: In
+                          values:
+                            - linux
+
+  - it: should take custom labels
+    set:
+      platform: kubernetes
+      operator.labels:
+        testKey: testValue
+    asserts:
+      - isNotEmpty:
+          path: metadata.labels.testKey
+      - equal:
+          path: metadata.labels.testKey
+          value: testValue
+
+  - it: should take custom annotations
+    set:
+      platform: kubernetes
+      operator.annotations:
+        testKey: testValue
+    asserts:
+      - equal:
+          path: spec.template.metadata.annotations
+          value:
+            dynatrace.com/inject: "false"
+            testKey: testValue
+
+  - it: should take custom labels in spec.template.metadata.labels path
+    set:
+      platform: kubernetes
+      operator.labels:
+        testKey: testValue
+    asserts:
+      - isNotEmpty:
+          path: spec.template.metadata.labels.testKey
+      - equal:
+          path: spec.template.metadata.labels.testKey
+          value: testValue
+
+  - it: should set ephemeral-storage request/limits
+    set:
+      platform: kubernetes
+      operator.requests:
+        ephemeral-storage: 320
+      operator.limits:
+        ephemeral-storage: 420
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].resources.limits.ephemeral-storage
+          value: 420
+      - equal:
+          path: spec.template.spec.containers[0].resources.requests.ephemeral-storage
+          value: 320
diff --git a/charts/hub/dynatrace/default/tests/Common/operator/role-operator_test.yaml b/charts/hub/dynatrace/default/tests/Common/operator/role-operator_test.yaml
new file mode 100644
index 00000000..54b846c5
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/operator/role-operator_test.yaml
@@ -0,0 +1,159 @@
+suite: test role for oneagent on kubernetes
+templates:
+  - Common/operator/role-operator.yaml
+tests:
+  - it: should exist
+    set:
+      platform: kubernetes
+    asserts:
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - isNotEmpty:
+          path: metadata.labels
+      - equal:
+          path: rules
+          value:
+            - apiGroups:
+                - dynatrace.com
+              resources:
+                - dynakubes
+              verbs:
+                - get
+                - list
+                - watch
+                - update
+                - create
+            - apiGroups:
+                - dynatrace.com
+              resources:
+                - dynakubes/finalizers
+                - dynakubes/status
+              verbs:
+                - update
+
+            - apiGroups:
+                - apps
+              resources:
+                - statefulsets
+              verbs:
+                - get
+                - list
+                - watch
+                - create
+                - update
+                - delete
+            - apiGroups:
+                - apps
+              resources:
+                - daemonsets
+              verbs:
+                - get
+                - list
+                - watch
+                - create
+                - update
+                - delete
+            - apiGroups:
+                - apps
+              resources:
+                - replicasets
+                - deployments
+              verbs:
+                - get
+                - list
+                - watch
+            - apiGroups:
+                - apps
+              resources:
+                - deployments/finalizers
+              verbs:
+                - update
+
+            - apiGroups:
+                - ""
+              resources:
+                - configmaps
+              verbs:
+                - get
+                - list
+                - watch
+                - create
+                - update
+                - delete
+            - apiGroups:
+                - ""
+              resources:
+                - pods
+              verbs:
+                - get
+                - list
+                - watch
+                - delete
+                - create
+            - apiGroups:
+                - ""
+              resources:
+                - secrets
+              verbs:
+                - get
+                - list
+                - watch
+                - create
+                - update
+                - delete
+            - apiGroups:
+                - ""
+              resources:
+                - events
+              verbs:
+                - list
+                - create
+            - apiGroups:
+                - ""
+              resources:
+                - services
+              verbs:
+                - create
+                - update
+                - delete
+                - get
+                - list
+                - watch
+            - apiGroups:
+                - ""
+              resources:
+                - pods/log
+              verbs:
+                - get
+            - apiGroups:
+                - monitoring.coreos.com
+              resources:
+                - servicemonitors
+              verbs:
+                - get
+                - create
+
+            - apiGroups:
+                - networking.istio.io
+              resources:
+                - serviceentries
+                - virtualservices
+              verbs:
+                - get
+                - list
+                - create
+                - update
+                - delete
+
+            - apiGroups:
+                - coordination.k8s.io
+              resources:
+                - leases
+              verbs:
+                - get
+                - update
+                - create
diff --git a/charts/hub/dynatrace/default/tests/Common/operator/rolebinding-operator_test.yaml b/charts/hub/dynatrace/default/tests/Common/operator/rolebinding-operator_test.yaml
new file mode 100644
index 00000000..8fd369b7
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/operator/rolebinding-operator_test.yaml
@@ -0,0 +1,29 @@
+suite: test rolebinding for dynatrace-operator
+templates:
+  - Common/operator/rolebinding-operator.yaml
+tests:
+  - it: should exist
+    set:
+      platform: kubernetes
+    asserts:
+      - isKind:
+          of: RoleBinding
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - isNotEmpty:
+          path: metadata.labels
+      - contains:
+          path: subjects
+          content:
+            kind: ServiceAccount
+            name: RELEASE-NAME
+      - equal:
+          path: roleRef
+          value:
+            kind: Role
+            name: RELEASE-NAME
+            apiGroup: rbac.authorization.k8s.io
diff --git a/charts/hub/dynatrace/default/tests/Common/operator/serviceaccount-operator_test.yaml b/charts/hub/dynatrace/default/tests/Common/operator/serviceaccount-operator_test.yaml
new file mode 100644
index 00000000..823e9e09
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/operator/serviceaccount-operator_test.yaml
@@ -0,0 +1,38 @@
+suite: test serviceaccount for dynatrace operator
+templates:
+  - Common/operator/serviceaccount-operator.yaml
+tests:
+  - it: should exist
+    set:
+      platform: kubernetes
+    asserts:
+      - isKind:
+          of: ServiceAccount
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - isNotEmpty:
+          path: metadata.labels
+
+  - it: should exist
+    set:
+      platform: openshift
+    asserts:
+      - isKind:
+          of: ServiceAccount
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - isNotEmpty:
+          path: metadata.labels
+      - equal:
+          path: imagePullSecrets
+          value:
+            - name: redhat-connect
+            - name: redhat-connect-sso
diff --git a/charts/hub/dynatrace/default/tests/Common/webhook/clusterrole-webhook_test.yaml b/charts/hub/dynatrace/default/tests/Common/webhook/clusterrole-webhook_test.yaml
new file mode 100644
index 00000000..e905810c
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/webhook/clusterrole-webhook_test.yaml
@@ -0,0 +1,101 @@
+suite: test clusterrole for webhook
+templates:
+  - Common/webhook/clusterrole-webhook.yaml
+tests:
+  - it: should exist
+    set:
+      platform: kubernetes
+    asserts:
+      - isKind:
+          of: ClusterRole
+      - equal:
+          path: metadata.name
+          value: dynatrace-webhook
+      - isNotEmpty:
+          path: metadata.labels
+      - contains:
+          path: rules
+          content:
+            apiGroups:
+              - ""
+            resources:
+              - namespaces
+            verbs:
+              - get
+              - list
+              - watch
+              - update
+      - contains:
+          path: rules
+          content:
+            apiGroups:
+              - ""
+            resources:
+              - events
+            verbs:
+              - create
+              - patch
+      - contains:
+          path: rules
+          content:
+            apiGroups:
+              - ""
+            resources:
+              - secrets
+            verbs:
+              - create
+      - contains:
+          path: rules
+          content:
+            apiGroups:
+              - ""
+            resourceNames:
+              - dynatrace-dynakube-config
+              - dynatrace-data-ingest-endpoint
+            resources:
+              - secrets
+            verbs:
+              - get
+              - list
+              - watch
+              - update
+      - contains:
+          path: rules
+          content:
+            apiGroups:
+              - ""
+            resources:
+              - replicationcontrollers
+            verbs:
+              - get
+      - contains:
+          path: rules
+          content:
+            apiGroups:
+              - apps
+            resources:
+              - replicasets
+              - statefulsets
+              - daemonsets
+              - deployments
+            verbs:
+              - get
+      - contains:
+          path: rules
+          content:
+            apiGroups:
+              - batch
+            resources:
+              - jobs
+              - cronjobs
+            verbs:
+              - get
+      - contains:
+          path: rules
+          content:
+            apiGroups:
+              - apps.openshift.io
+            resources:
+              - deploymentconfigs
+            verbs:
+              - get
diff --git a/charts/hub/dynatrace/default/tests/Common/webhook/clusterrolebinding-webhook_test.yaml b/charts/hub/dynatrace/default/tests/Common/webhook/clusterrolebinding-webhook_test.yaml
new file mode 100644
index 00000000..8d17b02c
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/webhook/clusterrolebinding-webhook_test.yaml
@@ -0,0 +1,27 @@
+suite: test clusterrolebinding for the webhook
+templates:
+  - Common/webhook/clusterrolebinding-webhook.yaml
+tests:
+  - it: should exist
+    set:
+      platform: kubernetes
+    asserts:
+      - isKind:
+          of: ClusterRoleBinding
+      - equal:
+          path: metadata.name
+          value: dynatrace-webhook
+      - isNotEmpty:
+          path: metadata.labels
+      - equal:
+          path: subjects
+          value:
+            - kind: ServiceAccount
+              name: dynatrace-webhook
+              namespace: NAMESPACE
+      - equal:
+          path: roleRef
+          value:
+            kind: ClusterRole
+            name: dynatrace-webhook
+            apiGroup: rbac.authorization.k8s.io
diff --git a/charts/hub/dynatrace/default/tests/Common/webhook/deployment-webhook_test.yaml b/charts/hub/dynatrace/default/tests/Common/webhook/deployment-webhook_test.yaml
new file mode 100644
index 00000000..4fc0e066
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/webhook/deployment-webhook_test.yaml
@@ -0,0 +1,477 @@
+suite: test deployment of webhook
+templates:
+  - Common/webhook/deployment-webhook.yaml
+tests:
+  - it: should exist with highavailability mode
+    set:
+      platform: kubernetes
+      image: image-name
+      webhook.highAvailability: true
+    asserts:
+      - isKind:
+          of: Deployment
+      - equal:
+          path: metadata.name
+          value: dynatrace-webhook
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - equal:
+          path: metadata.labels.[app.kubernetes.io/name]
+          value: RELEASE-NAME
+      - equal:
+          path: metadata.labels.[app.kubernetes.io/component]
+          value: webhook
+      - isNotEmpty:
+          path: metadata.labels.[helm.sh/chart]
+      - equal:
+          path: spec.replicas
+          value: 2
+      - equal:
+          path: spec.revisionHistoryLimit
+          value: 1
+      - equal:
+          path: spec.strategy
+          value:
+            type: RollingUpdate
+      - isNotEmpty:
+          path: spec.selector.matchLabels
+      - equal:
+          path: spec.template.metadata.annotations
+          value:
+            dynatrace.com/inject: "false"
+            kubectl.kubernetes.io/default-container: webhook
+      - isNotEmpty:
+          path: spec.template.metadata.labels
+      - equal:
+          path: spec.template.spec
+          value:
+            topologySpreadConstraints:
+              - maxSkew: 1
+                topologyKey: "topology.kubernetes.io/zone"
+                whenUnsatisfiable: ScheduleAnyway
+                labelSelector:
+                  matchLabels:
+                    app.kubernetes.io/component: webhook
+                    app.kubernetes.io/name: dynatrace-operator
+              - maxSkew: 1
+                topologyKey: "kubernetes.io/hostname"
+                whenUnsatisfiable: DoNotSchedule
+                labelSelector:
+                  matchLabels:
+                    app.kubernetes.io/component: webhook
+                    app.kubernetes.io/name: dynatrace-operator
+            volumes:
+              - emptyDir: { }
+                name: certs-dir
+            affinity:
+              nodeAffinity:
+                requiredDuringSchedulingIgnoredDuringExecution:
+                  nodeSelectorTerms:
+                    - matchExpressions:
+                        - key: kubernetes.io/arch
+                          operator: In
+                          values:
+                            - amd64
+                            - arm64
+                        - key: kubernetes.io/os
+                          operator: In
+                          values:
+                            - linux
+            tolerations:
+              - effect: NoSchedule
+                key: kubernetes.io/arch
+                value: arm64
+              - effect: NoSchedule
+                key: kubernetes.io/arch
+                value: amd64
+            containers:
+              - name: webhook
+                args:
+                  - webhook-server
+                  - --certs-dir=/tmp/k8s-webhook-server/serving-certs/
+                image: image-name
+                imagePullPolicy: Always
+                env:
+                  - name: POD_NAMESPACE
+                    valueFrom:
+                      fieldRef:
+                        fieldPath: metadata.namespace
+                  - name: POD_NAME
+                    valueFrom:
+                      fieldRef:
+                        fieldPath: metadata.name
+                readinessProbe:
+                  httpGet:
+                    path: /livez
+                    port: server-port
+                    scheme: HTTPS
+                ports:
+                  - name: server-port
+                    containerPort: 8443
+                resources:
+                  requests:
+                    cpu: 300m
+                    memory: 128Mi
+                  limits:
+                    cpu: 300m
+                    memory: 128Mi
+                volumeMounts:
+                  - name: certs-dir
+                    mountPath: /tmp/k8s-webhook-server/serving-certs/
+                securityContext:
+                  seccompProfile:
+                    type: RuntimeDefault
+                  privileged: false
+                  allowPrivilegeEscalation: false
+                  readOnlyRootFilesystem: true
+                  runAsNonRoot: true
+                  runAsUser: 1001
+                  runAsGroup: 1001
+                  capabilities:
+                    drop:
+                      - ALL
+            serviceAccountName: dynatrace-webhook
+
+  - it: should have tolerations if set
+    set:
+      platform: kubernetes
+      webhook.tolerations:
+        - effect: NoSchedule
+          key: a-special-taint
+          value: a-special-value
+    asserts:
+    - equal:
+        path: spec.template.spec.tolerations
+        value:
+          - effect: NoSchedule
+            key: a-special-taint
+            value: a-special-value
+          - effect: NoSchedule
+            key: kubernetes.io/arch
+            value: arm64
+          - effect: NoSchedule
+            key: kubernetes.io/arch
+            value: amd64
+
+  - it: should have nodeSelectors if set
+    set:
+      platform: kubernetes
+      webhook.nodeSelector:
+        test-key: test-value
+    asserts:
+    - equal:
+        path: spec.template.spec.nodeSelector
+        value:
+          test-key: test-value
+
+  - it: should exist (without highavailabilty mode)
+    set:
+      platform: kubernetes
+      image: image-name
+      webhook.highAvailability: false
+    asserts:
+      - isKind:
+          of: Deployment
+      - equal:
+          path: metadata.name
+          value: dynatrace-webhook
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - equal:
+          path: metadata.labels.[app.kubernetes.io/name]
+          value: RELEASE-NAME
+      - equal:
+          path: metadata.labels.[app.kubernetes.io/component]
+          value: webhook
+      - isNotEmpty:
+          path: metadata.labels.[helm.sh/chart]
+      - equal:
+          path: spec.replicas
+          value: 1
+      - equal:
+          path: spec.revisionHistoryLimit
+          value: 1
+      - equal:
+          path: spec.strategy
+          value:
+            type: RollingUpdate
+      - isNotEmpty:
+          path: spec.selector.matchLabels
+      - equal:
+          path: spec.template.metadata.annotations
+          value:
+            dynatrace.com/inject: "false"
+            kubectl.kubernetes.io/default-container: webhook
+      - isNotEmpty:
+          path: spec.template.metadata.labels
+      - equal:
+          path: spec.template.spec
+          value:
+            volumes:
+              - emptyDir: {}
+                name: certs-dir
+            affinity:
+              nodeAffinity:
+                requiredDuringSchedulingIgnoredDuringExecution:
+                  nodeSelectorTerms:
+                    - matchExpressions:
+                        - key: kubernetes.io/arch
+                          operator: In
+                          values:
+                            - amd64
+                            - arm64
+                        - key: kubernetes.io/os
+                          operator: In
+                          values:
+                            - linux
+            tolerations:
+              - effect: NoSchedule
+                key: kubernetes.io/arch
+                value: arm64
+              - effect: NoSchedule
+                key: kubernetes.io/arch
+                value: amd64
+            containers:
+              - name: webhook
+                args:
+                  - webhook-server
+                  - --certs-dir=/tmp/k8s-webhook-server/serving-certs/
+                image: image-name
+                imagePullPolicy: Always
+                env:
+                  - name: POD_NAMESPACE
+                    valueFrom:
+                      fieldRef:
+                        fieldPath: metadata.namespace
+                  - name: POD_NAME
+                    valueFrom:
+                      fieldRef:
+                        fieldPath: metadata.name
+                readinessProbe:
+                  httpGet:
+                    path: /livez
+                    port: server-port
+                    scheme: HTTPS
+                ports:
+                  - name: server-port
+                    containerPort: 8443
+                resources:
+                  requests:
+                    cpu: 300m
+                    memory: 128Mi
+                  limits:
+                    cpu: 300m
+                    memory: 128Mi
+                volumeMounts:
+                  - name: certs-dir
+                    mountPath: /tmp/k8s-webhook-server/serving-certs/
+                securityContext:
+                  seccompProfile:
+                    type: RuntimeDefault
+                  privileged: false
+                  allowPrivilegeEscalation: false
+                  readOnlyRootFilesystem: true
+                  runAsNonRoot: true
+                  runAsUser: 1001
+                  runAsGroup: 1001
+                  capabilities:
+                    drop:
+                      - ALL
+            serviceAccountName: dynatrace-webhook
+
+  - it: should not have imagePullSecrets defined in spec (without highavailabilty mode)
+    set:
+      platform: kubernetes
+    asserts:
+      - isNull:
+          path: spec.template.spec.imagePullSecrets
+
+  - it: should exist on olm (but different and without highavailabilty mode)
+    set:
+      olm: true
+      image: image-name
+      webhook.highAvailability: false
+      platform: kubernetes
+    asserts:
+      - isKind:
+          of: Deployment
+      - equal:
+          path: metadata.name
+          value: dynatrace-webhook
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - isNotEmpty:
+          path: metadata.labels
+      - equal:
+          path: spec.replicas
+          value: 1
+      - equal:
+          path: spec.revisionHistoryLimit
+          value: 1
+      - equal:
+          path: spec.strategy
+          value:
+            type: RollingUpdate
+      - isNotEmpty:
+          path: spec.selector.matchLabels
+      - equal:
+          path: spec.template.metadata.annotations
+          value:
+            dynatrace.com/inject: "false"
+            kubectl.kubernetes.io/default-container: webhook
+      - isNotEmpty:
+          path: spec.template.metadata.labels
+      - equal:
+          path: spec.template.spec
+          value:
+            volumes:
+              - emptyDir: {}
+                name: certs-dir
+            affinity:
+              nodeAffinity:
+                requiredDuringSchedulingIgnoredDuringExecution:
+                  nodeSelectorTerms:
+                    - matchExpressions:
+                        - key: kubernetes.io/arch
+                          operator: In
+                          values:
+                            - amd64
+                            - arm64
+                        - key: kubernetes.io/os
+                          operator: In
+                          values:
+                            - linux
+            tolerations:
+              - effect: NoSchedule
+                key: kubernetes.io/arch
+                value: arm64
+              - effect: NoSchedule
+                key: kubernetes.io/arch
+                value: amd64
+            containers:
+              - name: webhook
+                args:
+                  - webhook-server
+                  - --certs-dir=/tmp/k8s-webhook-server/serving-certs/
+                image: image-name
+                imagePullPolicy: Always
+                env:
+                  - name: POD_NAMESPACE
+                    valueFrom:
+                      fieldRef:
+                        fieldPath: metadata.namespace
+                  - name: POD_NAME
+                    valueFrom:
+                      fieldRef:
+                        fieldPath: metadata.name
+                readinessProbe:
+                  httpGet:
+                    path: /livez
+                    port: server-port
+                    scheme: HTTPS
+                ports:
+                  - name: server-port
+                    containerPort: 8443
+                resources:
+                  requests:
+                    cpu: 300m
+                    memory: 128Mi
+                  limits:
+                    cpu: 300m
+                    memory: 128Mi
+                volumeMounts:
+                  - name: certs-dir
+                    mountPath: /tmp/k8s-webhook-server/serving-certs/
+                securityContext:
+                  seccompProfile:
+                    type: RuntimeDefault
+                  privileged: false
+                  allowPrivilegeEscalation: false
+                  readOnlyRootFilesystem: true
+                  runAsNonRoot: true
+                  runAsUser: 1001
+                  runAsGroup: 1001
+                  capabilities:
+                    drop:
+                      - ALL
+            serviceAccountName: dynatrace-webhook
+
+  - it: should have only OS node affinity on GKE Autopilot
+    set:
+      platform: gke-autopilot
+    asserts:
+      - equal:
+          path: spec.template.spec.affinity
+          value:
+              nodeAffinity:
+                requiredDuringSchedulingIgnoredDuringExecution:
+                  nodeSelectorTerms:
+                    - matchExpressions:
+                        - key: kubernetes.io/os
+                          operator: In
+                          values:
+                            - linux
+
+  - it: should have imagePullSecrets defined in spec
+    set:
+      customPullSecret: pull-secret
+      platform: kubernetes
+    asserts:
+      - equal:
+          path: spec.template.spec.imagePullSecrets[0].name
+          value: pull-secret
+
+  - it: should take custom labels
+    set:
+      platform: kubernetes
+      webhook.labels:
+        testKey: testValue
+    asserts:
+      - isNotEmpty:
+          path: metadata.labels.testKey
+      - equal:
+          path: metadata.labels.testKey
+          value: testValue
+
+  - it: should take custom annotations
+    set:
+      platform: kubernetes
+      webhook.annotations:
+        testKey: testValue
+    asserts:
+      - equal:
+          path: spec.template.metadata.annotations
+          value:
+            dynatrace.com/inject: "false"
+            kubectl.kubernetes.io/default-container: webhook
+            testKey: testValue
+
+  - it: should take custom labels in spec.template.metadata.labels path
+    set:
+      platform: kubernetes
+      webhook.labels:
+        testKey: testValue
+    asserts:
+      - isNotEmpty:
+          path: spec.template.metadata.labels.testKey
+      - equal:
+          path: spec.template.metadata.labels.testKey
+          value: testValue
+
+  - it: should set ephemeral-storage request/limits
+    set:
+      platform: kubernetes
+      webhook.requests:
+        ephemeral-storage: 320
+      webhook.limits:
+        ephemeral-storage: 420
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].resources.limits.ephemeral-storage
+          value: 420
+      - equal:
+          path: spec.template.spec.containers[0].resources.requests.ephemeral-storage
+          value: 320
diff --git a/charts/hub/dynatrace/default/tests/Common/webhook/mutatingwebhookconfiguration_test.yaml b/charts/hub/dynatrace/default/tests/Common/webhook/mutatingwebhookconfiguration_test.yaml
new file mode 100644
index 00000000..1396e087
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/webhook/mutatingwebhookconfiguration_test.yaml
@@ -0,0 +1,56 @@
+suite: test mutating webhook configuration
+templates:
+  - Common/webhook/mutatingwebhookconfiguration.yaml
+tests:
+  - it: should exist
+    set:
+      platform: kubernetes
+    asserts:
+      - isKind:
+          of: MutatingWebhookConfiguration
+      - equal:
+          path: metadata.name
+          value: dynatrace-webhook
+      - isNotEmpty:
+          path: metadata.labels
+      - equal:
+          path: webhooks
+          value:
+              - name: webhook.pod.dynatrace.com
+                reinvocationPolicy: IfNeeded
+                failurePolicy: Ignore
+                timeoutSeconds: 2
+                rules:
+                  - apiGroups: [ "" ]
+                    apiVersions: [ "v1" ]
+                    operations: [ "CREATE" ]
+                    resources: [ "pods" ]
+                    scope: Namespaced
+                namespaceSelector:
+                  matchExpressions:
+                    - key: dynakube.internal.dynatrace.com/instance
+                      operator: Exists
+                clientConfig:
+                  service:
+                    name: dynatrace-webhook
+                    namespace: NAMESPACE
+                    path: /inject
+                admissionReviewVersions: [ "v1beta1", "v1" ]
+                sideEffects: None
+              - name: webhook.ns.dynatrace.com
+                reinvocationPolicy: IfNeeded
+                failurePolicy: Ignore
+                timeoutSeconds: 2
+                rules:
+                  - apiGroups: [ "" ]
+                    apiVersions: [ "v1" ]
+                    operations: [ "CREATE", "UPDATE"]
+                    resources: [ "namespaces" ]
+                    scope: Cluster
+                clientConfig:
+                  service:
+                    name: dynatrace-webhook
+                    namespace: NAMESPACE
+                    path: /label-ns
+                admissionReviewVersions: [ "v1beta1", "v1" ]
+                sideEffects: None
diff --git a/charts/hub/dynatrace/default/tests/Common/webhook/role-webhook_test.yaml b/charts/hub/dynatrace/default/tests/Common/webhook/role-webhook_test.yaml
new file mode 100644
index 00000000..6f4c8bd8
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/webhook/role-webhook_test.yaml
@@ -0,0 +1,138 @@
+suite: test role for webhook on kubernetes
+templates:
+  - Common/webhook/role-webhook.yaml
+tests:
+  - it: should exist on kubernetes
+    set:
+      platform: kubernetes
+    asserts:
+      - isKind:
+          of: Role
+      - equal:
+          path: metadata.name
+          value: dynatrace-webhook
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - isNotEmpty:
+          path: metadata.labels
+      - equal:
+          path: rules
+          value:
+            - apiGroups:
+                - ""
+              resources:
+                - services
+                - configmaps
+                - secrets
+              verbs:
+                - get
+                - list
+                - watch
+                - create
+                - update
+            - apiGroups:
+                - ""
+              resources:
+                - pods
+              verbs:
+                - get
+                - list
+                - watch
+            - apiGroups:
+                - dynatrace.com
+              resources:
+                - dynakubes
+              verbs:
+                - get
+                - list
+                - watch
+            - apiGroups:
+                - ""
+              resources:
+                - events
+              verbs:
+                - list
+                - create
+            - apiGroups:
+                - coordination.k8s.io
+              resources:
+                - leases
+              verbs:
+                - get
+                - update
+                - create
+            - apiGroups:
+                - apps
+              resources:
+                - daemonsets
+              verbs:
+                - list
+                - watch
+  - it: should exist on openshift
+    set:
+      platform: openshift
+    asserts:
+      - isKind:
+          of: Role
+      - equal:
+          path: metadata.name
+          value: dynatrace-webhook
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - isNotEmpty:
+          path: metadata.labels
+      - equal:
+          path: rules
+          value:
+            - apiGroups:
+                - ""
+              resources:
+                - services
+                - configmaps
+                - secrets
+              verbs:
+                - get
+                - list
+                - watch
+                - create
+                - update
+            - apiGroups:
+                - ""
+              resources:
+                - pods
+              verbs:
+                - get
+                - list
+                - watch
+            - apiGroups:
+                - dynatrace.com
+              resources:
+                - dynakubes
+              verbs:
+                - get
+                - list
+                - watch
+            - apiGroups:
+                - ""
+              resources:
+                - events
+              verbs:
+                - list
+                - create
+            - apiGroups:
+                - coordination.k8s.io
+              resources:
+                - leases
+              verbs:
+                - get
+                - update
+                - create
+            - apiGroups:
+                - apps
+              resources:
+                - daemonsets
+              verbs:
+                - list
+                - watch
\ No newline at end of file
diff --git a/charts/hub/dynatrace/default/tests/Common/webhook/rolebinding-webhook_test.yaml b/charts/hub/dynatrace/default/tests/Common/webhook/rolebinding-webhook_test.yaml
new file mode 100644
index 00000000..000d09e4
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/webhook/rolebinding-webhook_test.yaml
@@ -0,0 +1,28 @@
+suite: test rolebinding of webhook
+templates:
+  - Common/webhook/rolebinding-webhook.yaml
+tests:
+  - it: should exist
+    set:
+      platform: kubernetes
+    asserts:
+      - isKind:
+          of: RoleBinding
+      - equal:
+          path: metadata.name
+          value: dynatrace-webhook
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - contains:
+          path: subjects
+          content:
+            kind: ServiceAccount
+            name: dynatrace-webhook
+            namespace: NAMESPACE
+      - equal:
+          path: roleRef
+          value:
+            kind: Role
+            name: dynatrace-webhook
+            apiGroup: rbac.authorization.k8s.io
diff --git a/charts/hub/dynatrace/default/tests/Common/webhook/service_test.yaml b/charts/hub/dynatrace/default/tests/Common/webhook/service_test.yaml
new file mode 100644
index 00000000..9fee5be2
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/webhook/service_test.yaml
@@ -0,0 +1,43 @@
+#apiVersion: v1
+#kind: Service
+#metadata:
+#  name: dynatrace-webhook
+#  namespace: dynatrace
+#  labels:
+#    dynatrace.com/operator: dynakube
+#    internal.dynatrace.com/component: webhook
+#spec:
+#  selector:
+#    internal.dynatrace.com/app: webhook
+#    internal.dynatrace.com/component: webhook
+#  ports:
+#    - port: 443
+#      protocol: TCP
+#      targetPort: server-port
+
+suite: test service of webhook
+templates:
+  - Common/webhook/service.yaml
+tests:
+  - it: should exist
+    set:
+      platform: kubernetes
+    asserts:
+      - isKind:
+          of: Service
+      - equal:
+          path: metadata.name
+          value: dynatrace-webhook
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - isNotEmpty:
+          path: metadata.labels
+      - equal:
+          path: spec.ports
+          value:
+            - port: 443
+              protocol: TCP
+              targetPort: server-port
+      - isNotEmpty:
+          path: spec.selector
diff --git a/charts/hub/dynatrace/default/tests/Common/webhook/serviceaccount-webhook_test.yaml b/charts/hub/dynatrace/default/tests/Common/webhook/serviceaccount-webhook_test.yaml
new file mode 100644
index 00000000..ba8822a8
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Common/webhook/serviceaccount-webhook_test.yaml
@@ -0,0 +1,34 @@
+suite: test serviceaccount for webhook
+templates:
+  - Common/webhook/serviceaccount-webhook.yaml
+tests:
+  - it: should exist
+    set:
+      platform: kubernetes
+    asserts:
+      - isKind:
+          of: ServiceAccount
+      - equal:
+          path: metadata.name
+          value: dynatrace-webhook
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+
+  - it: should exist
+    set:
+      platform: openshift
+    asserts:
+      - isKind:
+          of: ServiceAccount
+      - equal:
+          path: metadata.name
+          value: dynatrace-webhook
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
+      - equal:
+          path: imagePullSecrets
+          value:
+            - name: redhat-connect
+            - name: redhat-connect-sso
diff --git a/charts/hub/dynatrace/default/tests/Google/application_test.yaml b/charts/hub/dynatrace/default/tests/Google/application_test.yaml
new file mode 100644
index 00000000..6a78b3a8
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Google/application_test.yaml
@@ -0,0 +1,31 @@
+suite: tests google application custom resource
+templates:
+  - application.yaml
+tests:
+  - it: should not exist if platform is set to kubernetes
+    set:
+      platform: kubernetes
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should not exist if platform is set to openshift
+    set:
+      platform: openshift
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should exist if platform is set to google-marketplace
+    set:
+      platform: google-marketplace
+    asserts:
+      - hasDocuments:
+          count: 1
+
+  - it: should not exist if platform is set to gke-autopilot
+    set:
+      platform: gke-autopilot
+    asserts:
+      - hasDocuments:
+          count: 0
diff --git a/charts/hub/dynatrace/default/tests/Openshift/oneagent/securitycontextconstraints-unprivileged_test.yaml b/charts/hub/dynatrace/default/tests/Openshift/oneagent/securitycontextconstraints-unprivileged_test.yaml
new file mode 100644
index 00000000..907f1cd2
--- /dev/null
+++ b/charts/hub/dynatrace/default/tests/Openshift/oneagent/securitycontextconstraints-unprivileged_test.yaml
@@ -0,0 +1,113 @@
+suite: test security context constraints on openshift
+templates:
+  - Openshift/oneagent/securitycontextconstraints-unprivileged.yaml
+tests:
+  - it: should not exist if platform is not openshift
+    set:
+      platform: kubernetes
+      securityContextConstraints:
+        enabled: true
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should not exist if securityContextConstraints.enabled is false
+    set:
+      platform: openshift
+      securityContextConstraints:
+        enabled: false
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should exist
+    set:
+      platform: openshift
+      securityContextConstraints:
+        enabled: true
+    asserts:
+      - equal:
+          path: metadata.annotations
+          value:
+              kubernetes.io/description: "dynatrace-dynakube-oneagent-unprivileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc."
+      - equal:
+          path: metadata.name
+          value: dynatrace-dynakube-oneagent-unprivileged
+      - equal:
+          path: allowHostDirVolumePlugin
+          value: true
+      - equal:
+          path: allowHostIPC
+          value: false
+      - equal:
+          path: allowHostNetwork
+          value: true
+      - equal:
+          path: allowHostPID
+          value: true
+      - equal:
+          path: allowHostPorts
+          value: true
+      - equal:
+          path: allowPrivilegedContainer
+          value: false
+      - equal:
+          path: allowedCapabilities
+          value:
+            - CHOWN
+            - DAC_OVERRIDE
+            - DAC_READ_SEARCH
+            - FOWNER
+            - FSETID
+            - KILL
+            - NET_ADMIN
+            - NET_RAW
+            - SETFCAP
+            - SETGID
+            - SETUID
+            - SYS_ADMIN
+            - SYS_CHROOT
+            - SYS_PTRACE
+            - SYS_RESOURCE
+      - isNull:
+          path: allowedFlexVolumes
+      - isEmpty:
+          path: defaultAddCapabilities
+      - equal:
+          path: fsGroup
+          value:
+            type: RunAsAny
+      - equal:
+          path: priority
+          value: 1
+      - equal:
+          path: readOnlyRootFilesystem
+          value: false
+      - equal:
+          path: requiredDropCapabilities
+          value:
+            - ALL
+      - equal:
+          path: runAsUser
+          value:
+            type: RunAsAny
+      - equal:
+          path: seLinuxContext
+          value:
+            type: RunAsAny
+      - equal:
+          path: seccompProfiles
+          value:
+            - "*"
+      - equal:
+          path: supplementalGroups
+          value:
+            type: RunAsAny
+      - equal:
+          path: users
+          value:
+            - system:serviceaccount:NAMESPACE:dynatrace-dynakube-oneagent-unprivileged
+      - equal:
+          path: volumes
+          value:
+            - "*"
diff --git a/charts/hub/dynatrace/default/values.yaml b/charts/hub/dynatrace/default/values.yaml
new file mode 100644
index 00000000..b41e10ad
--- /dev/null
+++ b/charts/hub/dynatrace/default/values.yaml
@@ -0,0 +1,100 @@
+# Copyright 2021 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# may be set to "kubernetes", "openshift", or "gke-autopilot"
+platform: "kubernetes"
+
+image: ""
+customPullSecret: ""
+installCRD: false
+
+operator:
+  nodeSelector: {}
+  tolerations: []
+  labels: []
+  annotations: []
+  apparmor: false
+  requests:
+    cpu: 50m
+    memory: 64Mi
+  limits:
+    cpu: 100m
+    memory: 128Mi
+
+webhook:
+  hostNetwork: false
+  nodeSelector: {}
+  tolerations: []
+  labels: []
+  annotations: []
+  apparmor: false
+  requests:
+    cpu: 300m
+    memory: 128Mi
+  limits:
+    cpu: 300m
+    memory: 128Mi
+  highAvailability: true
+
+csidriver:
+  enabled: false
+  nodeSelector: {}
+  kubeletPath: "/var/lib/kubelet"
+  existingPriorityClassName: "" # if defined, use this priorityclass instead of creating a new one
+  priorityClassValue: "1000000"
+  maxUnmountedVolumeAge: "" # defined in days, must be a plain number
+  tolerations:
+    - effect: NoSchedule
+      key: node-role.kubernetes.io/master
+      operator: Exists
+    - effect: NoSchedule
+      key: node-role.kubernetes.io/control-plane
+      operator: Exists
+  labels: []
+  annotations: []
+  server:
+    resources:
+      requests:
+        cpu: 50m
+        memory: 100Mi
+      limits:
+        cpu: 50m
+        memory: 100Mi
+  provisioner:
+    resources:
+      requests:
+        cpu: 300m
+        memory: 100Mi
+      limits:
+        cpu: 300m
+        memory: 100Mi
+  registrar:
+    resources:
+      requests:
+        cpu: 20m
+        memory: 30Mi
+      limits:
+        cpu: 20m
+        memory: 30Mi
+  livenessprobe:
+    resources:
+      requests:
+        cpu: 20m
+        memory: 30Mi
+      limits:
+        cpu: 20m
+        memory: 30Mi
+
+securityContextConstraints:
+  enabled: true # Only applicable for Openshift
diff --git a/values-hub.yaml b/values-hub.yaml
index d3b9abbf..a14abc7d 100644
--- a/values-hub.yaml
+++ b/values-hub.yaml
@@ -129,6 +129,12 @@ clusterGroup:
       project: hub
       path: charts/hub/cli-tools
 
+    dynatrace:
+      name: dynatrace
+      namespace: dynatrace
+      project: dynatrace
+      path: charts/hub/dynatrace/default
+
   imperative:
     # NOTE: We *must* use lists and not hashes. As hashes lose ordering once parsed by helm
     # The default schedule is every 10 minutes: imperative.schedule

From 10ba721d76ea3d4ce4f0fbf4d7e48e5e45a2bc23 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Tue, 21 Feb 2023 21:36:24 +0000
Subject: [PATCH 08/25] update dynatrace sub and app name

---
 values-hub.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/values-hub.yaml b/values-hub.yaml
index a14abc7d..21a186ad 100644
--- a/values-hub.yaml
+++ b/values-hub.yaml
@@ -46,7 +46,7 @@ clusterGroup:
       channel: stable-3.7
 
     dynatrace:
-      name: dynatrace
+      name: dynatrace-operator
       namespace: dynatrace
       channel: alpha
 
@@ -130,7 +130,7 @@ clusterGroup:
       path: charts/hub/cli-tools
 
     dynatrace:
-      name: dynatrace
+      name: dynatrace-operator
       namespace: dynatrace
       project: dynatrace
       path: charts/hub/dynatrace/default

From 506f4271ec7b1502dde2d612ff7021bf467129e6 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Tue, 21 Feb 2023 22:42:43 +0000
Subject: [PATCH 09/25] update dynatrace helm values

---
 charts/hub/dynatrace/default/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/hub/dynatrace/default/values.yaml b/charts/hub/dynatrace/default/values.yaml
index b41e10ad..38944a42 100644
--- a/charts/hub/dynatrace/default/values.yaml
+++ b/charts/hub/dynatrace/default/values.yaml
@@ -13,7 +13,7 @@
 # limitations under the License.
 
 # may be set to "kubernetes", "openshift", or "gke-autopilot"
-platform: "kubernetes"
+platform: "openshift"
 
 image: ""
 customPullSecret: ""

From 4383684f9e837bc4e80b3ab9053186048928fd51 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Wed, 22 Feb 2023 00:28:27 +0000
Subject: [PATCH 10/25] update dynatrace subscription

---
 values-hub.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/values-hub.yaml b/values-hub.yaml
index 21a186ad..caf05cac 100644
--- a/values-hub.yaml
+++ b/values-hub.yaml
@@ -49,6 +49,7 @@ clusterGroup:
       name: dynatrace-operator
       namespace: dynatrace
       channel: alpha
+      source: certified-operators
 
 # The following section is used by
 # OpenShift GitOps (ArgoCD)

From a59f15067f84e803a30f56506d7bb7f11ea1ab98 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Wed, 22 Feb 2023 01:21:25 +0000
Subject: [PATCH 11/25] temp remove dynatrace from apps

---
 values-hub.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/values-hub.yaml b/values-hub.yaml
index caf05cac..000d225f 100644
--- a/values-hub.yaml
+++ b/values-hub.yaml
@@ -130,11 +130,11 @@ clusterGroup:
       project: hub
       path: charts/hub/cli-tools
 
-    dynatrace:
-      name: dynatrace-operator
-      namespace: dynatrace
-      project: dynatrace
-      path: charts/hub/dynatrace/default
+#    dynatrace:
+#      name: dynatrace-operator
+#      namespace: dynatrace
+#      project: dynatrace
+#      path: charts/hub/dynatrace/default
 
   imperative:
     # NOTE: We *must* use lists and not hashes. As hashes lose ordering once parsed by helm

From 25785d4a03bccbb2c40974a518eea4380704292c Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Wed, 22 Feb 2023 01:52:36 +0000
Subject: [PATCH 12/25] add dynatrace app

---
 values-hub.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/values-hub.yaml b/values-hub.yaml
index 000d225f..caf05cac 100644
--- a/values-hub.yaml
+++ b/values-hub.yaml
@@ -130,11 +130,11 @@ clusterGroup:
       project: hub
       path: charts/hub/cli-tools
 
-#    dynatrace:
-#      name: dynatrace-operator
-#      namespace: dynatrace
-#      project: dynatrace
-#      path: charts/hub/dynatrace/default
+    dynatrace:
+      name: dynatrace-operator
+      namespace: dynatrace
+      project: dynatrace
+      path: charts/hub/dynatrace/default
 
   imperative:
     # NOTE: We *must* use lists and not hashes. As hashes lose ordering once parsed by helm

From 75074eb47d6a28a3a744cb6cd2152901414a6a46 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Wed, 22 Feb 2023 23:07:55 +0000
Subject: [PATCH 13/25] update dynatrace app

---
 values-hub.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/values-hub.yaml b/values-hub.yaml
index caf05cac..fe8d8ace 100644
--- a/values-hub.yaml
+++ b/values-hub.yaml
@@ -133,7 +133,7 @@ clusterGroup:
     dynatrace:
       name: dynatrace-operator
       namespace: dynatrace
-      project: dynatrace
+      project: hub
       path: charts/hub/dynatrace/default
 
   imperative:

From 2ab9235d3c7bc282c4e8d8674d826741f82bfa1e Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Wed, 22 Feb 2023 23:27:06 +0000
Subject: [PATCH 14/25] update dynatrace chart

---
 charts/hub/dynatrace/default/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/hub/dynatrace/default/values.yaml b/charts/hub/dynatrace/default/values.yaml
index 38944a42..89050953 100644
--- a/charts/hub/dynatrace/default/values.yaml
+++ b/charts/hub/dynatrace/default/values.yaml
@@ -15,7 +15,7 @@
 # may be set to "kubernetes", "openshift", or "gke-autopilot"
 platform: "openshift"
 
-image: ""
+image: "registry.connect.redhat.com/dynatrace/dynatrace-operator:v0.10.1"
 customPullSecret: ""
 installCRD: false
 

From 616619e70c68e8bc38257d86e88c81ffcc171bd9 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Thu, 23 Feb 2023 17:15:20 +0000
Subject: [PATCH 15/25] update dynatrace securitycontextconstraints

---
 .../securitycontextconstraints.yaml           | 29 ++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/charts/hub/dynatrace/default/templates/Openshift/activegate/securitycontextconstraints.yaml b/charts/hub/dynatrace/default/templates/Openshift/activegate/securitycontextconstraints.yaml
index 9a5eba82..6b286eff 100644
--- a/charts/hub/dynatrace/default/templates/Openshift/activegate/securitycontextconstraints.yaml
+++ b/charts/hub/dynatrace/default/templates/Openshift/activegate/securitycontextconstraints.yaml
@@ -37,7 +37,34 @@ users:
   - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-activegate
   - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-kubernetes-monitoring
 volumes:
-  - "*"
+  - awsElasticBlockStore	
+  - azureDisk	
+  - azureFile	
+  - cephFS	
+  - cinder	
+  - configMap	
+  - csi	
+  - downwardAPI	
+  - emptyDir	
+  - ephemeral	
+  - fc	
+  - flexVolume	
+  - flocker	
+  - gcePersistentDisk	
+  - gitRepo	
+  - glusterfs	
+  - iscsi	
+  - nfs	
+  - persistentVolumeClaim	
+  - photonPersistentDisk	
+  - portworxVolume	
+  - projected	
+  - quobyte	
+  - rbd	
+  - scaleIO	
+  - secret	
+  - storageOS	
+  - vsphere
 
 allowHostDirVolumePlugin: false
 allowHostIPC: false

From 98f36aebc111b2dc13920735d3a97e98b23eba3c Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Thu, 23 Feb 2023 17:16:08 +0000
Subject: [PATCH 16/25] update dynatrace securitycontextconstraints

---
 .../operator/securitycontextconstraints.yaml  | 29 ++++++++++++++++++-
 .../webhook/securitycontextconstraints.yaml   | 29 ++++++++++++++++++-
 2 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/charts/hub/dynatrace/default/templates/Openshift/operator/securitycontextconstraints.yaml b/charts/hub/dynatrace/default/templates/Openshift/operator/securitycontextconstraints.yaml
index 55cc0580..4ea370d0 100644
--- a/charts/hub/dynatrace/default/templates/Openshift/operator/securitycontextconstraints.yaml
+++ b/charts/hub/dynatrace/default/templates/Openshift/operator/securitycontextconstraints.yaml
@@ -37,7 +37,34 @@ supplementalGroups:
 users:
   - system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}
 volumes:
-  - "*"
+  - awsElasticBlockStore	
+  - azureDisk	
+  - azureFile	
+  - cephFS	
+  - cinder	
+  - configMap	
+  - csi	
+  - downwardAPI	
+  - emptyDir	
+  - ephemeral	
+  - fc	
+  - flexVolume	
+  - flocker	
+  - gcePersistentDisk	
+  - gitRepo	
+  - glusterfs	
+  - iscsi	
+  - nfs	
+  - persistentVolumeClaim	
+  - photonPersistentDisk	
+  - portworxVolume	
+  - projected	
+  - quobyte	
+  - rbd	
+  - scaleIO	
+  - secret	
+  - storageOS	
+  - vsphere
 
 allowHostDirVolumePlugin: false
 allowHostIPC: false
diff --git a/charts/hub/dynatrace/default/templates/Openshift/webhook/securitycontextconstraints.yaml b/charts/hub/dynatrace/default/templates/Openshift/webhook/securitycontextconstraints.yaml
index aa1b0a26..a533f0c2 100644
--- a/charts/hub/dynatrace/default/templates/Openshift/webhook/securitycontextconstraints.yaml
+++ b/charts/hub/dynatrace/default/templates/Openshift/webhook/securitycontextconstraints.yaml
@@ -37,7 +37,34 @@ supplementalGroups:
 users:
   - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-webhook
 volumes:
-  - "*"
+  - awsElasticBlockStore	
+  - azureDisk	
+  - azureFile	
+  - cephFS	
+  - cinder	
+  - configMap	
+  - csi	
+  - downwardAPI	
+  - emptyDir	
+  - ephemeral	
+  - fc	
+  - flexVolume	
+  - flocker	
+  - gcePersistentDisk	
+  - gitRepo	
+  - glusterfs	
+  - iscsi	
+  - nfs	
+  - persistentVolumeClaim	
+  - photonPersistentDisk	
+  - portworxVolume	
+  - projected	
+  - quobyte	
+  - rbd	
+  - scaleIO	
+  - secret	
+  - storageOS	
+  - vsphere
 
 allowHostDirVolumePlugin: false
 allowHostIPC: false

From cda189aa40c7c334595a2954e3fe3cb04471dbc3 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Thu, 23 Feb 2023 19:29:09 +0000
Subject: [PATCH 17/25] update dynatrace serviceaccounts

---
 .../Common/oneagent/serviceaccount-oneagent-privileged.yaml      | 1 +
 .../Common/oneagent/serviceaccount-oneagent-unprivileged.yaml    | 1 +
 .../templates/Common/operator/serviceaccount-operator.yaml       | 1 +
 .../default/templates/Common/webhook/serviceaccount-webhook.yaml | 1 +
 4 files changed, 4 insertions(+)

diff --git a/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml b/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml
index 94d60bd0..b5a58182 100644
--- a/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml
+++ b/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml
@@ -18,6 +18,7 @@ kind: ServiceAccount
 metadata:
   name: dynatrace-dynakube-oneagent-privileged
   namespace: {{ .Release.Namespace }}
+  annotations: argocd.argoproj.io/compare-options: IgnoreExtraneous
   labels:
     {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
 automountServiceAccountToken: false
diff --git a/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml b/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml
index 71f419de..b6e71262 100644
--- a/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml
+++ b/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml
@@ -18,6 +18,7 @@ kind: ServiceAccount
 metadata:
   name: dynatrace-dynakube-oneagent-unprivileged
   namespace: {{ .Release.Namespace }}
+  annotations: argocd.argoproj.io/compare-options: IgnoreExtraneous
   labels:
     {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
 automountServiceAccountToken: false
diff --git a/charts/hub/dynatrace/default/templates/Common/operator/serviceaccount-operator.yaml b/charts/hub/dynatrace/default/templates/Common/operator/serviceaccount-operator.yaml
index 4ec20475..9507dc8a 100644
--- a/charts/hub/dynatrace/default/templates/Common/operator/serviceaccount-operator.yaml
+++ b/charts/hub/dynatrace/default/templates/Common/operator/serviceaccount-operator.yaml
@@ -18,6 +18,7 @@ kind: ServiceAccount
 metadata:
   name: {{ .Release.Name }}
   namespace: {{ .Release.Namespace }}
+  annotations: argocd.argoproj.io/compare-options: IgnoreExtraneous
   labels:
     {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
 
diff --git a/charts/hub/dynatrace/default/templates/Common/webhook/serviceaccount-webhook.yaml b/charts/hub/dynatrace/default/templates/Common/webhook/serviceaccount-webhook.yaml
index ebc6a982..721b8f63 100644
--- a/charts/hub/dynatrace/default/templates/Common/webhook/serviceaccount-webhook.yaml
+++ b/charts/hub/dynatrace/default/templates/Common/webhook/serviceaccount-webhook.yaml
@@ -18,6 +18,7 @@ kind: ServiceAccount
 metadata:
   name: dynatrace-webhook
   namespace: {{ .Release.Namespace }}
+  annotations: argocd.argoproj.io/compare-options: IgnoreExtraneous
   labels:
   {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
 {{- if eq .Values.platform "openshift" }}

From aa346008cad14611b414bbfef31420a3aa0cc789 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Thu, 23 Feb 2023 21:00:25 +0000
Subject: [PATCH 18/25] Revert "update dynatrace securitycontextconstraints"

This reverts commit 98f36aebc111b2dc13920735d3a97e98b23eba3c.
---
 .../operator/securitycontextconstraints.yaml  | 29 +------------------
 .../webhook/securitycontextconstraints.yaml   | 29 +------------------
 2 files changed, 2 insertions(+), 56 deletions(-)

diff --git a/charts/hub/dynatrace/default/templates/Openshift/operator/securitycontextconstraints.yaml b/charts/hub/dynatrace/default/templates/Openshift/operator/securitycontextconstraints.yaml
index 4ea370d0..55cc0580 100644
--- a/charts/hub/dynatrace/default/templates/Openshift/operator/securitycontextconstraints.yaml
+++ b/charts/hub/dynatrace/default/templates/Openshift/operator/securitycontextconstraints.yaml
@@ -37,34 +37,7 @@ supplementalGroups:
 users:
   - system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}
 volumes:
-  - awsElasticBlockStore	
-  - azureDisk	
-  - azureFile	
-  - cephFS	
-  - cinder	
-  - configMap	
-  - csi	
-  - downwardAPI	
-  - emptyDir	
-  - ephemeral	
-  - fc	
-  - flexVolume	
-  - flocker	
-  - gcePersistentDisk	
-  - gitRepo	
-  - glusterfs	
-  - iscsi	
-  - nfs	
-  - persistentVolumeClaim	
-  - photonPersistentDisk	
-  - portworxVolume	
-  - projected	
-  - quobyte	
-  - rbd	
-  - scaleIO	
-  - secret	
-  - storageOS	
-  - vsphere
+  - "*"
 
 allowHostDirVolumePlugin: false
 allowHostIPC: false
diff --git a/charts/hub/dynatrace/default/templates/Openshift/webhook/securitycontextconstraints.yaml b/charts/hub/dynatrace/default/templates/Openshift/webhook/securitycontextconstraints.yaml
index a533f0c2..aa1b0a26 100644
--- a/charts/hub/dynatrace/default/templates/Openshift/webhook/securitycontextconstraints.yaml
+++ b/charts/hub/dynatrace/default/templates/Openshift/webhook/securitycontextconstraints.yaml
@@ -37,34 +37,7 @@ supplementalGroups:
 users:
   - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-webhook
 volumes:
-  - awsElasticBlockStore	
-  - azureDisk	
-  - azureFile	
-  - cephFS	
-  - cinder	
-  - configMap	
-  - csi	
-  - downwardAPI	
-  - emptyDir	
-  - ephemeral	
-  - fc	
-  - flexVolume	
-  - flocker	
-  - gcePersistentDisk	
-  - gitRepo	
-  - glusterfs	
-  - iscsi	
-  - nfs	
-  - persistentVolumeClaim	
-  - photonPersistentDisk	
-  - portworxVolume	
-  - projected	
-  - quobyte	
-  - rbd	
-  - scaleIO	
-  - secret	
-  - storageOS	
-  - vsphere
+  - "*"
 
 allowHostDirVolumePlugin: false
 allowHostIPC: false

From 1aae691adc2743be52f49e656e7a20d678b02461 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Thu, 23 Feb 2023 21:15:37 +0000
Subject: [PATCH 19/25] Reverting to 98f36ae

---
 .../serviceaccount-oneagent-privileged.yaml   |  1 -
 .../serviceaccount-oneagent-unprivileged.yaml |  1 -
 .../operator/serviceaccount-operator.yaml     |  1 -
 .../webhook/serviceaccount-webhook.yaml       |  1 -
 .../operator/securitycontextconstraints.yaml  | 29 ++++++++++++++++++-
 .../webhook/securitycontextconstraints.yaml   | 29 ++++++++++++++++++-
 6 files changed, 56 insertions(+), 6 deletions(-)

diff --git a/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml b/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml
index b5a58182..94d60bd0 100644
--- a/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml
+++ b/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml
@@ -18,7 +18,6 @@ kind: ServiceAccount
 metadata:
   name: dynatrace-dynakube-oneagent-privileged
   namespace: {{ .Release.Namespace }}
-  annotations: argocd.argoproj.io/compare-options: IgnoreExtraneous
   labels:
     {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
 automountServiceAccountToken: false
diff --git a/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml b/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml
index b6e71262..71f419de 100644
--- a/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml
+++ b/charts/hub/dynatrace/default/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml
@@ -18,7 +18,6 @@ kind: ServiceAccount
 metadata:
   name: dynatrace-dynakube-oneagent-unprivileged
   namespace: {{ .Release.Namespace }}
-  annotations: argocd.argoproj.io/compare-options: IgnoreExtraneous
   labels:
     {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
 automountServiceAccountToken: false
diff --git a/charts/hub/dynatrace/default/templates/Common/operator/serviceaccount-operator.yaml b/charts/hub/dynatrace/default/templates/Common/operator/serviceaccount-operator.yaml
index 9507dc8a..4ec20475 100644
--- a/charts/hub/dynatrace/default/templates/Common/operator/serviceaccount-operator.yaml
+++ b/charts/hub/dynatrace/default/templates/Common/operator/serviceaccount-operator.yaml
@@ -18,7 +18,6 @@ kind: ServiceAccount
 metadata:
   name: {{ .Release.Name }}
   namespace: {{ .Release.Namespace }}
-  annotations: argocd.argoproj.io/compare-options: IgnoreExtraneous
   labels:
     {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
 
diff --git a/charts/hub/dynatrace/default/templates/Common/webhook/serviceaccount-webhook.yaml b/charts/hub/dynatrace/default/templates/Common/webhook/serviceaccount-webhook.yaml
index 721b8f63..ebc6a982 100644
--- a/charts/hub/dynatrace/default/templates/Common/webhook/serviceaccount-webhook.yaml
+++ b/charts/hub/dynatrace/default/templates/Common/webhook/serviceaccount-webhook.yaml
@@ -18,7 +18,6 @@ kind: ServiceAccount
 metadata:
   name: dynatrace-webhook
   namespace: {{ .Release.Namespace }}
-  annotations: argocd.argoproj.io/compare-options: IgnoreExtraneous
   labels:
   {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
 {{- if eq .Values.platform "openshift" }}
diff --git a/charts/hub/dynatrace/default/templates/Openshift/operator/securitycontextconstraints.yaml b/charts/hub/dynatrace/default/templates/Openshift/operator/securitycontextconstraints.yaml
index 55cc0580..4ea370d0 100644
--- a/charts/hub/dynatrace/default/templates/Openshift/operator/securitycontextconstraints.yaml
+++ b/charts/hub/dynatrace/default/templates/Openshift/operator/securitycontextconstraints.yaml
@@ -37,7 +37,34 @@ supplementalGroups:
 users:
   - system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}
 volumes:
-  - "*"
+  - awsElasticBlockStore	
+  - azureDisk	
+  - azureFile	
+  - cephFS	
+  - cinder	
+  - configMap	
+  - csi	
+  - downwardAPI	
+  - emptyDir	
+  - ephemeral	
+  - fc	
+  - flexVolume	
+  - flocker	
+  - gcePersistentDisk	
+  - gitRepo	
+  - glusterfs	
+  - iscsi	
+  - nfs	
+  - persistentVolumeClaim	
+  - photonPersistentDisk	
+  - portworxVolume	
+  - projected	
+  - quobyte	
+  - rbd	
+  - scaleIO	
+  - secret	
+  - storageOS	
+  - vsphere
 
 allowHostDirVolumePlugin: false
 allowHostIPC: false
diff --git a/charts/hub/dynatrace/default/templates/Openshift/webhook/securitycontextconstraints.yaml b/charts/hub/dynatrace/default/templates/Openshift/webhook/securitycontextconstraints.yaml
index aa1b0a26..a533f0c2 100644
--- a/charts/hub/dynatrace/default/templates/Openshift/webhook/securitycontextconstraints.yaml
+++ b/charts/hub/dynatrace/default/templates/Openshift/webhook/securitycontextconstraints.yaml
@@ -37,7 +37,34 @@ supplementalGroups:
 users:
   - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-webhook
 volumes:
-  - "*"
+  - awsElasticBlockStore	
+  - azureDisk	
+  - azureFile	
+  - cephFS	
+  - cinder	
+  - configMap	
+  - csi	
+  - downwardAPI	
+  - emptyDir	
+  - ephemeral	
+  - fc	
+  - flexVolume	
+  - flocker	
+  - gcePersistentDisk	
+  - gitRepo	
+  - glusterfs	
+  - iscsi	
+  - nfs	
+  - persistentVolumeClaim	
+  - photonPersistentDisk	
+  - portworxVolume	
+  - projected	
+  - quobyte	
+  - rbd	
+  - scaleIO	
+  - secret	
+  - storageOS	
+  - vsphere
 
 allowHostDirVolumePlugin: false
 allowHostIPC: false

From 9151497d073a80c2e18be85741f2a05bc4ade2b3 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Fri, 24 Feb 2023 17:19:19 +0000
Subject: [PATCH 20/25] change dynatrace sub

---
 values-hub.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/values-hub.yaml b/values-hub.yaml
index fe8d8ace..5686e686 100644
--- a/values-hub.yaml
+++ b/values-hub.yaml
@@ -47,7 +47,7 @@ clusterGroup:
 
     dynatrace:
       name: dynatrace-operator
-      namespace: dynatrace
+      namespace: openshift-operators
       channel: alpha
       source: certified-operators
 

From dd4f01a979e632182790948a802ea84cfa1c4e29 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Wed, 8 Mar 2023 02:16:32 +0000
Subject: [PATCH 21/25] update observability service

---
 values-hub.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/values-hub.yaml b/values-hub.yaml
index 5686e686..a4ea0182 100644
--- a/values-hub.yaml
+++ b/values-hub.yaml
@@ -130,11 +130,11 @@ clusterGroup:
       project: hub
       path: charts/hub/cli-tools
 
-    dynatrace:
+    observability:
       name: dynatrace-operator
       namespace: dynatrace
       project: hub
-      path: charts/hub/dynatrace/default
+      path: charts/hub/dynatrace/agents
 
   imperative:
     # NOTE: We *must* use lists and not hashes. As hashes lose ordering once parsed by helm

From a10e5dc56437d888788d10316696497dd9b680a0 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Wed, 8 Mar 2023 02:29:03 +0000
Subject: [PATCH 22/25] add agents directory to dynatrace helm chart

---
 charts/hub/dynatrace/agents/test.yaml | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 charts/hub/dynatrace/agents/test.yaml

diff --git a/charts/hub/dynatrace/agents/test.yaml b/charts/hub/dynatrace/agents/test.yaml
new file mode 100644
index 00000000..e69de29b

From 41e8a38303a422e49a9e14823cfad700869da709 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Wed, 8 Mar 2023 02:35:56 +0000
Subject: [PATCH 23/25] update dynatrace app name to observability

---
 values-hub.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/values-hub.yaml b/values-hub.yaml
index a4ea0182..0da815fb 100644
--- a/values-hub.yaml
+++ b/values-hub.yaml
@@ -131,7 +131,7 @@ clusterGroup:
       path: charts/hub/cli-tools
 
     observability:
-      name: dynatrace-operator
+      name: observability
       namespace: dynatrace
       project: hub
       path: charts/hub/dynatrace/agents

From 1377bab30838960661a371836de528c2cd78cae4 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Wed, 8 Mar 2023 02:42:55 +0000
Subject: [PATCH 24/25] change test.yaml to Chart.yaml

---
 charts/hub/dynatrace/agents/Chart.yaml | 33 ++++++++++++++++++++++++++
 charts/hub/dynatrace/agents/test.yaml  |  0
 2 files changed, 33 insertions(+)
 create mode 100644 charts/hub/dynatrace/agents/Chart.yaml
 delete mode 100644 charts/hub/dynatrace/agents/test.yaml

diff --git a/charts/hub/dynatrace/agents/Chart.yaml b/charts/hub/dynatrace/agents/Chart.yaml
new file mode 100644
index 00000000..c1746e69
--- /dev/null
+++ b/charts/hub/dynatrace/agents/Chart.yaml
@@ -0,0 +1,33 @@
+# Copyright 2020 Dynatrace LLC
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: dynatrace-operator
+description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift
+icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png
+home: https://www.dynatrace.com/
+type: application
+version: 0.0.0-snapshot
+appVersion: 0.0.0-snapshot
+kubeVersion: '>=1.21.0-0'
+maintainers:
+- name: 0sewa0
+  email: marcell.sevcsik@dynatrace.com
+- name: chrismuellner
+  email: christoph.muellner@dynatrace.com
+- name: luhi-DT
+  email: lukas.hinterreiter@dynatrace.com
+sources:
+- https://github.com/Dynatrace/dynatrace-operator
+
diff --git a/charts/hub/dynatrace/agents/test.yaml b/charts/hub/dynatrace/agents/test.yaml
deleted file mode 100644
index e69de29b..00000000

From f1bf5fc1e17c0798289f76cab4172935f5e09db5 Mon Sep 17 00:00:00 2001
From: Cloud User <ec2-user@ip-172-31-3-226.ec2.internal>
Date: Thu, 9 Mar 2023 22:46:33 +0000
Subject: [PATCH 25/25] add app to production

---
 values-production.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/values-production.yaml b/values-production.yaml
index 92e0c625..991fdaf4 100644
--- a/values-production.yaml
+++ b/values-production.yaml
@@ -13,6 +13,7 @@ clusterGroup:
     - stackrox
     - policies
     - devsecops-ci
+    - production
 
   subscriptions:
     rhacs-operator:
@@ -28,6 +29,7 @@ clusterGroup:
   projects:
     - app
     - secured
+    - spring-petclinic
 
   applications:
     acs-secured:
@@ -41,3 +43,10 @@ clusterGroup:
       namespace: openshift-operators
       project: secured
       path: charts/region/quay
+
+    staging-spring-petclinic:
+      name: staging-spring-petclinic
+      namespace: production
+      project: spring-petclinic
+      path: charts/region/stage/spring-petclinic-config
+