update
diff --git a/charts/k8s-gerrit/operator/k8s/operator/namespace.yaml b/charts/k8s-gerrit/operator/k8s/operator/namespace.yaml
new file mode 100644
index 0000000..9ce8374
--- /dev/null
+++ b/charts/k8s-gerrit/operator/k8s/operator/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: gerrit-operator
diff --git a/charts/k8s-gerrit/operator/k8s/operator/operator.yaml b/charts/k8s-gerrit/operator/k8s/operator/operator.yaml
new file mode 100644
index 0000000..02c6ef6
--- /dev/null
+++ b/charts/k8s-gerrit/operator/k8s/operator/operator.yaml
@@ -0,0 +1,63 @@
+## Required to use an external/persistent keystore, otherwise a keystore using
+## self-signed certificates will be generated
+# ---
+# apiVersion: v1
+# kind: Secret
+# metadata:
+# name: gerrit-operator-ssl
+# namespace: gerrit-operator
+# data:
+# keystore.jks: # base64-encoded Java keystore
+# keystore.password: # base64-encoded Java keystore password
+# type: Opaque
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: gerrit-operator
+ namespace: gerrit-operator
+spec:
+ selector:
+ matchLabels:
+ app: gerrit-operator
+ template:
+ metadata:
+ labels:
+ app: gerrit-operator
+ spec:
+ serviceAccountName: gerrit-operator
+ containers:
+ - name: operator
+ image: k8sgerrit/gerrit-operator
+ imagePullPolicy: Always
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: INGRESS
+ value: none
+ ports:
+ - containerPort: 80
+ readinessProbe:
+ httpGet:
+ path: /health
+ port: 8080
+ scheme: HTTPS
+ initialDelaySeconds: 1
+ livenessProbe:
+ httpGet:
+ path: /health
+ port: 8080
+ scheme: HTTPS
+ initialDelaySeconds: 30
+ ## Only required, if an external/persistent keystore is being used.
+ # volumeMounts:
+ # - name: ssl
+ # readOnly: true
+ # mountPath: /operator
+ # volumes:
+ # - name: ssl
+ # secret:
+ # secretName: gerrit-operator-ssl
diff --git a/charts/k8s-gerrit/operator/k8s/operator/rbac.yaml b/charts/k8s-gerrit/operator/k8s/operator/rbac.yaml
new file mode 100644
index 0000000..201cce7
--- /dev/null
+++ b/charts/k8s-gerrit/operator/k8s/operator/rbac.yaml
@@ -0,0 +1,87 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: gerrit-operator
+ namespace: gerrit-operator
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: gerrit-operator-admin
+subjects:
+- kind: ServiceAccount
+ name: gerrit-operator
+ namespace: gerrit-operator
+roleRef:
+ kind: ClusterRole
+ name: gerrit-operator
+ apiGroup: ""
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: gerrit-operator
+rules:
+- apiGroups:
+ - "batch"
+ resources:
+ - cronjobs
+ verbs:
+ - '*'
+- apiGroups:
+ - "apps"
+ resources:
+ - statefulsets
+ - deployments
+ verbs:
+ - '*'
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - persistentvolumeclaims
+ - secrets
+ - services
+ verbs:
+ - '*'
+- apiGroups:
+ - "storage.k8s.io"
+ resources:
+ - storageclasses
+ verbs:
+ - 'get'
+ - 'list'
+- apiGroups:
+ - "apiextensions.k8s.io"
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - '*'
+- apiGroups:
+ - "networking.k8s.io"
+ resources:
+ - ingresses
+ verbs:
+ - '*'
+- apiGroups:
+ - "gerritoperator.google.com"
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - "networking.istio.io"
+ resources:
+ - "gateways"
+ - "virtualservices"
+ - "destinationrules"
+ verbs:
+ - '*'
+- apiGroups:
+ - "admissionregistration.k8s.io"
+ resources:
+ - 'validatingwebhookconfigurations'
+ verbs:
+ - '*'
diff --git a/charts/k8s-gerrit/operator/k8s/resources/rbac.yaml b/charts/k8s-gerrit/operator/k8s/resources/rbac.yaml
new file mode 100644
index 0000000..a31f4a7
--- /dev/null
+++ b/charts/k8s-gerrit/operator/k8s/resources/rbac.yaml
@@ -0,0 +1,30 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: gerrit
+ namespace: gerrit #CHANGE: Change it to the namespace running Gerrit
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: gerrit
+rules:
+- apiGroups: [""]
+ resources: ["pods"]
+ verbs: ["get", "list"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: gerrit
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: gerrit
+subjects:
+- kind: ServiceAccount
+ name: gerrit
+ namespace: gerrit #CHANGE: Change it to the namespace running Gerrit