diff --git a/config/crd/bases/updateservice.operator.openshift.io_updateservices_crd.yaml b/config/crd/bases/updateservice.operator.openshift.io_updateservices.yaml
old mode 100755
new mode 100644
similarity index 74%
rename from config/crd/bases/updateservice.operator.openshift.io_updateservices_crd.yaml
rename to config/crd/bases/updateservice.operator.openshift.io_updateservices.yaml
index 198dc154..81e0241a
--- a/config/crd/bases/updateservice.operator.openshift.io_updateservices_crd.yaml
+++ b/config/crd/bases/updateservice.operator.openshift.io_updateservices.yaml
@@ -1,6 +1,11 @@
+
+---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.3.0
+  creationTimestamp: null
   name: updateservices.updateservice.operator.openshift.io
 spec:
   group: updateservice.operator.openshift.io
@@ -14,7 +19,7 @@ spec:
     status: {}
   validation:
     openAPIV3Schema:
-      description: UpdateService is the Schema for a UpdateService service.
+      description: UpdateService is the Schema for the updateservices API.
       properties:
         apiVersion:
           description: 'APIVersion defines the versioned schema of this representation
@@ -27,26 +32,29 @@ spec:
             submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
           type: string
         metadata:
+          description: 'metadata is standard object metadata.  More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
           type: object
         spec:
-          description: UpdateServiceSpec defines the desired state of UpdateService
+          description: spec is the desired state of the UpdateService service.  The
+            operator will work to ensure that the desired configuration is applied
+            to the cluster.
           properties:
             graphDataImage:
-              description: GraphDataImage is a container image that contains the UpdateService
-                graph data. The data is copied to /var/lib/updateservice/graph-data.
+              description: graphDataImage is a container image that contains the UpdateService
+                graph data.
               type: string
             registry:
-              description: Registry is the container registry to use, such as "quay.io".
+              description: registry is the container registry to use, such as "quay.io".
               type: string
             replicas:
-              description: Replicas is the number of pods to run. When >=2, a PodDisruptionBudget
+              description: replicas is the number of pods to run. When >=2, a PodDisruptionBudget
                 will ensure that voluntary disruption leaves at least one Pod running
                 at all times.
               format: int32
               minimum: 1
               type: integer
             repository:
-              description: Repository is the repository to use in the Registry, such
+              description: repository is the repository to use in the Registry, such
                 as "openshift-release-dev/ocp-release"
               type: string
           required:
@@ -56,7 +64,8 @@ spec:
           - repository
           type: object
         status:
-          description: UpdateServiceStatus defines the observed state of UpdateService
+          description: status contains information about the current state of the
+            UpdateService service.
           properties:
             conditions:
               description: Conditions describe the state of the UpdateService resource.
@@ -86,9 +95,18 @@ spec:
                 type: object
               type: array
           type: object
+      required:
+      - metadata
+      - spec
       type: object
   version: v1
   versions:
   - name: v1
     served: true
     storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
index 81a0c528..2be71a25 100644
--- a/config/crd/kustomization.yaml
+++ b/config/crd/kustomization.yaml
@@ -2,7 +2,7 @@
 # since it depends on service name and namespace that are out of this kustomize package.
 # It should be run by config/default
 resources:
-- bases/updateservice.operator.openshift.io_updateservices_crd.yaml
+- bases/updateservice.operator.openshift.io_updateservices.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index c31e91a8..8185ba9c 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -61,18 +61,6 @@ rules:
   - deployments/finalizers
   verbs:
   - update
-- apiGroups:
-  - updateservice.operator.openshift.io
-  resources:
-  - '*'
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - config.openshift.io
   resources:
@@ -111,69 +99,6 @@ rules:
   - patch
   - update
   - watch
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  creationTimestamp: null
-  name: updateservice-operator
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  - endpoints
-  - events
-  - persistentvolumeclaims
-  - pods
-  - secrets
-  - services
-  - services/finalizers
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - get
-- apiGroups:
-  - apps
-  resources:
-  - daemonsets
-  - deployments
-  - replicasets
-  - statefulsets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  - replicasets
-  verbs:
-  - get
-- apiGroups:
-  - apps
-  resourceNames:
-  - updateservice-operator
-  resources:
-  - deployments/finalizers
-  verbs:
-  - update
 - apiGroups:
   - updateservice.operator.openshift.io
   resources:
@@ -186,22 +111,3 @@ rules:
   - patch
   - update
   - watch
-- apiGroups:
-  - monitoring.coreos.com
-  resources:
-  - servicemonitors
-  verbs:
-  - create
-  - get
-- apiGroups:
-  - policy
-  resources:
-  - poddisruptionbudgets
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
diff --git a/controllers/updateservice_controller.go b/controllers/updateservice_controller.go
index e9412e92..22a77789 100755
--- a/controllers/updateservice_controller.go
+++ b/controllers/updateservice_controller.go
@@ -122,23 +122,15 @@ type UpdateServiceReconciler struct {
 	operandImage string
 }
 
-// +kubebuilder:rbac:groups="",namespace="updateservice-operator",resources=pods;services;services/finalizers;endpoints;persistentvolumeclaims;events;configmaps;secrets,verbs=create;delete;get;list;patch;update;watch
-// +kubebuilder:rbac:groups="apps",namespace="updateservice-operator",resources=deployments;daemonsets;replicasets;statefulsets,verbs=create;delete;get;list;patch;update;watch
-// +kubebuilder:rbac:groups="monitoring.coreos.com",namespace="updateservice-operator",resources=servicemonitors,verbs=create;get
-// +kubebuilder:rbac:groups="apps",namespace="updateservice-operator",resourceNames=updateservice-operator,resources=deployments/finalizers,verbs=update
-// +kubebuilder:rbac:groups="",namespace="updateservice-operator",resources=pods,verbs=get
-// +kubebuilder:rbac:groups="apps",namespace="updateservice-operator",resources=replicasets;deployments,verbs=get
-// +kubebuilder:rbac:groups="policy",namespace="updateservice-operator",resources=poddisruptionbudgets,verbs=create;delete;get;list;patch;update;watch
-// +kubebuilder:rbac:groups=updateservice.operator.openshift.io,namespace="updateservice-operator",resources=*,verbs=create;delete;get;list;patch;update;watch
-// +kubebuilder:rbac:groups=config.openshift.io,resources=images,verbs=get;list;watch
-// +kubebuilder:rbac:groups=route.openshift.io,resources=routes,verbs=create;get;list;patch;update;watch
+// +kubebuilder:rbac:groups="",resources=pods,verbs=get
 // +kubebuilder:rbac:groups="",resources=pods;services;services/finalizers;endpoints;persistentvolumeclaims;events;configmaps;secrets,verbs=create;delete;get;list;patch;update;watch
+// +kubebuilder:rbac:groups="apps",resourceNames=updateservice-operator,resources=deployments/finalizers,verbs=update
 // +kubebuilder:rbac:groups="apps",resources=deployments;daemonsets;replicasets;statefulsets,verbs=create;delete;get;list;patch;update;watch
 // +kubebuilder:rbac:groups="apps",resources=replicasets;deployments,verbs=get
-// +kubebuilder:rbac:groups="",resources=pods,verbs=get
 // +kubebuilder:rbac:groups="monitoring.coreos.com",resources=servicemonitors,verbs=create;get
-// +kubebuilder:rbac:groups="apps",resourceNames=updateservice-operator,resources=deployments/finalizers,verbs=update
 // +kubebuilder:rbac:groups="policy",resources=poddisruptionbudgets,verbs=create;delete;get;list;patch;update;watch
+// +kubebuilder:rbac:groups=config.openshift.io,resources=images,verbs=get;list;watch
+// +kubebuilder:rbac:groups=route.openshift.io,resources=routes,verbs=create;get;list;patch;update;watch
 // +kubebuilder:rbac:groups=updateservice.operator.openshift.io,resources=*,verbs=create;delete;get;list;patch;update;watch
 
 func (r *UpdateServiceReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
diff --git a/hack/deploy.sh b/hack/deploy.sh
index 19fe0eba..eece3bce 100755
--- a/hack/deploy.sh
+++ b/hack/deploy.sh
@@ -37,4 +37,4 @@ oc apply -f config/rbac/role.yaml -n $NAMESPACE
 oc apply -f config/rbac/role_binding.yaml -n $NAMESPACE
 oc apply -f config/rbac/auth_proxy_service.yaml -n $NAMESPACE
 oc apply -f config/manager/manager.yaml -n $NAMESPACE
-oc apply -f config/crd/bases/updateservice.operator.openshift.io_updateservices_crd.yaml -n $NAMESPACE
+oc apply -f config/crd/bases/updateservice.operator.openshift.io_updateservices.yaml -n $NAMESPACE