diff --git a/README.md b/README.md
index 0ba8c6e..236e9e5 100644
--- a/README.md
+++ b/README.md
@@ -27,9 +27,9 @@ This page describe how to deploy Redis Enterprise on Kubernetes using the Redis
 The following are the images and tags for this release:
 | Component | k8s | Openshift |
 | --- | --- | --- |
-| Redis Enterprise | `redislabs/redis:6.0.6-39` | `redislabs/redis:6.0.6-39.rhel7-openshift` |
-| Operator | `redislabs/operator:6.0.6-24` | `redislabs/operator:6.0.6-24` |
-| Services Rigger | `redislabs/k8s-controller:6.0.6-24` | `redislabs/k8s-controller:6.0.6-24` |
+| Redis Enterprise | `redislabs/redis:6.0.8-28` | `redislabs/redis:6.0.8-28.rhel7-openshift` |
+| Operator | `redislabs/operator:6.0.8-1` | `redislabs/operator:6.0.8-1` |
+| Services Rigger | `redislabs/k8s-controller:6.0.8-1` | `redislabs/k8s-controller:6.0.8-1` |
 > * RedHat certified images are available on [Redhat Catalog](https://access.redhat.com/containers/#/product/71f6d1bb3408bd0d) </br>
 
 
@@ -213,7 +213,7 @@ The operator deploys a `RedisEnterpriseCluster` with default configurations valu
     redisEnterpriseImageSpec:
       imagePullPolicy:  IfNotPresent
       repository:       redislabs/redis
-      versionTag:       6.0.6-39
+      versionTag:       6.0.8-28
   ```
 
 * Persistence
@@ -252,6 +252,12 @@ The operator deploys a `RedisEnterpriseCluster` with default configurations valu
   uiServiceType: LoadBalancer
   ```
 
+* Database service type (optional): Service types for access to databases. Should be a comma separated list. The possible values are cluster_ip, headless, and load_balancer. Default value is `cluster_ip,headless`. For example, to create on load_balancer type database services, explicitly add the following declaration to the Redis Enterprise Cluster spec:
+  ```yaml
+  servicesRiggerSpec:
+    databaseServiceType: load_balancer
+  ```
+
 * UI annotations: Add custom annotation to the UI service
   ```yaml
     uiAnnotations:
@@ -309,21 +315,21 @@ For example:
   redisEnterpriseImageSpec:
     imagePullPolicy:  IfNotPresent
     repository:       harbor.corp.local/redisenterprise/redis
-    versionTag:       6.0.6-39
+    versionTag:       6.0.8-28
 ```
 
 ```yaml
   redisEnterpriseServicesRiggerImageSpec:
     imagePullPolicy:  IfNotPresent
     repository:       harbor.corp.local/redisenterprise/k8s-controller
-    versionTag:       6.0.6-24
+    versionTag:       6.0.8-1
 ```
 
 ```yaml
   bootstrapperImageSpec:
     imagePullPolicy:  IfNotPresent
     repository:       harbor.corp.local/redisenterprise/operator
-    versionTag:       6.0.6-24
+    versionTag:       6.0.8-1
 ```
 
 In Operator Deployment spec (operator.yaml):
@@ -335,7 +341,7 @@ spec:
     spec:
       containers:
         - name: redis-enterprise-operator
-          image: harbor.corp.local/redisenterprise/operator:6.0.6-24
+          image: harbor.corp.local/redisenterprise/operator:6.0.8-1
 ```
 
 Image specification follow the [K8s Container schema](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#container-v1-core).
@@ -386,7 +392,7 @@ spec:
 The Operator automates and simplifies the upgrade process.  
 The Redis Enterprise Cluster Software, and the Redis Enterprise Operator for Kubernetes versions are tightly coupled and should be upgraded together.  
 It is recommended to use the bundle.yaml to upgrade, as it loads all the relevant CRD documents for this version. If the updated CRDs are not loaded, the operator might fail.
-There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise Version compatible with this release is 6.0.6-39
+There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise Version compatible with this release is 6.0.8-28
 
 ```yaml
   autoUpgradeRedisEnterprise: true
@@ -395,22 +401,22 @@ There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within t
 Alternatively:
 ```yaml
   RedisEnterpriseImageSpec:
-    versionTag: redislabs/redis:6.0.6-39
+    versionTag: redislabs/redis:6.0.8-28
 ```
 
 ## Supported K8S Distributions
 Each release of the Redis Enterprise Operator deployment is thoroughly tested against a set of Kubernetes distributions. The table below lists these, along with the current release's support status. "Supported", as well as "deprecated" support status indicates the current release has been tested in this environment and supported by RedisLabs. "Deprecated" also indicates that support will be dropped in a coming future release. "No longer supported" indicates that support has been dropped for this distribution. Any distribution that isn't explicitly listed is not supported for production workloads by RedisLabs. 
 | Distribution      | Support Status      |
 |-------------------|---------------------|
-| Openshift 3.11    | supported           |
+| Openshift 3.11    | supported          |
 | Openshift 4.1     | supported           |
 | Openshift 4.2     | supported           |
 | Openshift 4.3     | supported           |
 | Openshift 4.4     | supported           |
 | KOPS vanilla 1.9  | no longer supported |
 | KOPS vanilla 1.10 | no longer supported |
-| KOPS vanilla 1.11 | deprecated          |
-| KOPS vanilla 1.12 | supported           |
+| KOPS vanilla 1.11 | no longer supported          |
+| KOPS vanilla 1.12 | no longer supported           |
 | KOPS vanilla 1.13 | supported           |
 | KOPS vanilla 1.14 | supported           |
 | KOPS vanilla 1.15 | supported           |
@@ -419,5 +425,4 @@ Each release of the Redis Enterprise Operator deployment is thoroughly tested ag
 | GKE 1.14          | supported           |
 | GKE 1.15          | supported           |
 | GKE 1.16          | supported           |
-| Rancher 2.4.5     | supported           |
-
+| Rancher 2.4       | supported           |
diff --git a/admission.bundle.yaml b/admission.bundle.yaml
index 07525e6..6fdb982 100644
--- a/admission.bundle.yaml
+++ b/admission.bundle.yaml
@@ -4,15 +4,6 @@ kind: ServiceAccount
 metadata:
   name: redis-enterprise-admission
 ---
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: redis-enterprise-admission
-rules:
-  - apiGroups: ["certificates.k8s.io"]
-    resources: ["certificatesigningrequests"]
-    verbs: ["create", "watch"]
----
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -38,19 +29,6 @@ roleRef:
   name: redis-enterprise-admission
   apiGroup: rbac.authorization.k8s.io
 ---
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: redis-enterprise-admission
-subjects:
-- kind: ServiceAccount
-  namespace: NAMESPACE_OF_SERVICE_ACCOUNT
-  name: redis-enterprise-admission
-roleRef:
-  kind: ClusterRole
-  name: redis-enterprise-admission
-  apiGroup: rbac.authorization.k8s.io
----
 apiVersion: v1
 kind: Service
 metadata:
@@ -79,11 +57,9 @@ spec:
       serviceAccountName: redis-enterprise-admission
       containers:
       - name: admin
-        image: redislabs/operator:6.0.6-24
+        image: redislabs/operator:6.0.8-1
         command:
         - /usr/local/bin/admission
-        args:
-        - '-v=0'
         imagePullPolicy: Always
         ports:
         - containerPort: 443
@@ -110,12 +86,11 @@ spec:
             scheme: HTTPS
       initContainers:
       - name: admin-init
-        image: redislabs/operator:6.0.6-24
+        image: redislabs/operator:6.0.8-1
         command:
         - /usr/local/bin/admission
         args:
         - '-generate-tls'
-        - '-v=1'
         imagePullPolicy: Always
         env:
         - name: POD_NAME
@@ -139,23 +114,3 @@ spec:
             memory: 256Mi
 
 ---
-apiVersion: admissionregistration.k8s.io/v1beta1
-kind: ValidatingWebhookConfiguration
-metadata:
-  name: redb-admission
-webhooks:
-- name: redb.admission.redislabs
-  failurePolicy: Fail
-  rules:
-  - apiGroups:   ["app.redislabs.com"]
-    apiVersions: ["v1alpha1"]
-    operations:  ["*"]
-    resources:   ["redisenterprisedatabases"]
-  clientConfig:
-    service:
-      namespace: NAMESPACE_OF_SERVICE_ACCOUNT
-      name: admission
-      path: /admission
-    caBundle: "" # Fill in with BASE64 encoded signed cert
-  admissionReviewVersions: ["v1beta1"]
----
diff --git a/admission.openshift.bundle.yaml b/admission.openshift.bundle.yaml
deleted file mode 100644
index 07525e6..0000000
--- a/admission.openshift.bundle.yaml
+++ /dev/null
@@ -1,161 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: redis-enterprise-admission
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: redis-enterprise-admission
-rules:
-  - apiGroups: ["certificates.k8s.io"]
-    resources: ["certificatesigningrequests"]
-    verbs: ["create", "watch"]
----
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: redis-enterprise-admission
-rules:
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["*"]
-  - apiGroups: ["app.redislabs.com"]
-    resources: ["*"]
-    verbs: ["*"]
-
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: redis-enterprise-admission
-subjects:
-- kind: ServiceAccount
-  name: redis-enterprise-admission
-roleRef:
-  kind: Role
-  name: redis-enterprise-admission
-  apiGroup: rbac.authorization.k8s.io
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: redis-enterprise-admission
-subjects:
-- kind: ServiceAccount
-  namespace: NAMESPACE_OF_SERVICE_ACCOUNT
-  name: redis-enterprise-admission
-roleRef:
-  kind: ClusterRole
-  name: redis-enterprise-admission
-  apiGroup: rbac.authorization.k8s.io
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: admission
-spec:
-  ports:
-  - port: 443
-    protocol: TCP
-    targetPort: 8443
-  selector:
-    app: redb-admission
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: admission-deploy
-spec:
-  selector:
-    matchLabels:
-      app: redb-admission
-  template:
-    metadata:
-      labels:
-        app: redb-admission
-    spec:
-      serviceAccountName: redis-enterprise-admission
-      containers:
-      - name: admin
-        image: redislabs/operator:6.0.6-24
-        command:
-        - /usr/local/bin/admission
-        args:
-        - '-v=0'
-        imagePullPolicy: Always
-        ports:
-        - containerPort: 443
-        env:
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        resources:
-          limits:
-            cpu: 100m
-            memory: 512Mi
-          requests:
-            cpu: 25m
-            memory: 256Mi
-        readinessProbe:
-          failureThreshold: 3
-          successThreshold: 1
-          periodSeconds: 30
-          timeoutSeconds: 10
-          httpGet:
-            path: /healthz
-            port: 8443
-            scheme: HTTPS
-      initContainers:
-      - name: admin-init
-        image: redislabs/operator:6.0.6-24
-        command:
-        - /usr/local/bin/admission
-        args:
-        - '-generate-tls'
-        - '-v=1'
-        imagePullPolicy: Always
-        env:
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-                fieldPath: metadata.namespace
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-        resources:
-          limits:
-            cpu: 2000m
-            memory: 256Mi
-          requests:
-            cpu: 100m
-            memory: 256Mi
-
----
-apiVersion: admissionregistration.k8s.io/v1beta1
-kind: ValidatingWebhookConfiguration
-metadata:
-  name: redb-admission
-webhooks:
-- name: redb.admission.redislabs
-  failurePolicy: Fail
-  rules:
-  - apiGroups:   ["app.redislabs.com"]
-    apiVersions: ["v1alpha1"]
-    operations:  ["*"]
-    resources:   ["redisenterprisedatabases"]
-  clientConfig:
-    service:
-      namespace: NAMESPACE_OF_SERVICE_ACCOUNT
-      name: admission
-      path: /admission
-    caBundle: "" # Fill in with BASE64 encoded signed cert
-  admissionReviewVersions: ["v1beta1"]
----
diff --git a/admission/GESHER.md b/admission/GESHER.md
new file mode 100644
index 0000000..ec275cc
--- /dev/null
+++ b/admission/GESHER.md
@@ -0,0 +1,250 @@
+# Admission Conrol with Gesher Installation for Redis Enterprise Operator
+
+## Gesher Background
+
+Gesher is an operator that enables Kubernetes administrator to delegate the ability to setup webhook validating admisison controllers to users for running within their own namespace.
+
+Gesher is configured by two custom resources.
+ 
+1) A cluster-scoped **NamespacedValidatingType** that defines what Kubernetes resources and operations Gesher is allowed to Proxy
+2) A namespace-scoped **NamespacedValidatingRule** that is a namespaced equivalent to Kubernetes **ValidatingWebhookConfiguration** but only effects resources within its same namespace.
+
+### Choosing Traditional Cluster or Gesher's Delegated installation methods.
+
+Redis Labs provides two methods for integrating admission control into one's system, what we refer to as *cluster* and *delegated* configurations.
+
+*Cluster* configuration integrates admission via the standard Kubernetes **ValidatingWebhookConfiguration** resource.  This is a cluster-scoped kubernetes resource that can only be configured by a cluster administrator.
+
+*Delegated* configuration integrates admission via the open source [Gesher admission proxy operator](https://github.com/redislabs/gesher).  Gesher enables an administrator to setup an operator that delegates the ability to setup admission control on namespaced objects to users with the appropriate RBAC permissions within the same namespace as the object.  Instead of requiring a cluster-scoped resource that can impact all resources on a machine, Gesher's namespaced-scoped custom resources only impact resources within the same namespace.  This avoids the needs for administrator intervention for every namespaced operator that will be deployed.  
+
+We recommend using *Cluster* configuration when the cluster administrator is the one installing and managing the operator, as well as in clusters where one only expects a single operator to be used.  
+
+*Delegated* configuration is meant for cases where the cluster administrator expects multiple namespaced operators to be used without their direct knowledge or intervention.
+
+If the cluster administrator involvement will always be required, using Gesher just adds complexity without any significant gain.     
+
+## Installing Gesher
+
+## Gesher Bundle Installation
+
+Install the Gesher bundle into its own namespace:
+
+This must be done by the Kubernetes cluster administrator.
+
+**NOTE**: One must replace REPLACE_WITH_GESHER_NAMESPACE in the following command with the proper namespace
+**NOTE**: If one is using openshift, one should replace `gesher.bundle.yaml` with `gesher.openshift.bundle.yaml` 
+
+```shell script
+sed 's/NAMESPACE_OF_SERVICE_ACCOUNT/REPLACE_WITH_GESHER_NAMESPACE/g' gesher.bundle.yaml | kubectl create -f -
+```
+
+This will deploy the admission proxy, and via an included **NamespacedValidatingType** custom resource, allow forwarding of REDB admission requests.  However, until a **NamespacedValidatingRule** is installed into a namespace, admission is not setup.
+
+## Individual Yaml Installation
+
+1. Create, and switch to, a dedicated namespace for the Gesher Admission proxy
+
+    If installing using Cluster Admission Controller method, skip this, and other steps related to Gesher, to step 11.
+
+    ```shell script
+    kubectl create namespace gesher
+    kubectl config set-context --current --namespace=gesher
+    ```
+
+2. ServiceAccount for the Gesher Admission proxy to run as
+
+    ```shell script
+    kubectl apply -f gesher/service_account.yaml
+    ```
+
+3. namespaced Role that allows the Gesher Admission proxy to function as an operator in its namespace.
+
+    ```shell script
+    kubectl apply -f gesher/role.yaml
+    ```
+
+4. Cluster Role that allows controlling the Kubernetes cluster's Admission webhook configuration, and the CRDs of the Gesher operator
+
+    ```shell script
+    kubectl apply -f gesher/cluster_role.yaml
+    ```
+
+5. Binding namespaced Role, and the Cluster Role to the service account of the Gesher Admission proxy
+
+    NOTE: One must replace REPLACE_WITH_NAMESPACE in the following command with the namespace Gesher is being installed to, from above.
+
+    ```shell script
+    kubectl apply -f gesher/role_binding.yaml
+    kubectl apply -f gesher/cluster_role_binding.yaml
+    ```
+
+6. Kubernetes Service that is used to access the Gesher Admission Control HTTP proxy
+
+    ```shell script
+    kubectl apply -f gesher/service.yaml
+    ```
+
+8. Deployment for the Gesher operator
+
+**Note:** if one is using openshift, one should replace `operator.yaml` with `operator.openshift.yaml`
+
+    ```shell script
+    kubectl apply -f gesher/operator.yaml
+    ```
+
+9. NamespacedValidatingType and NamespacedValidatingRule CRDs
+
+    **NamespacedValidatingTypes** and **NamespacedValidatingRules** are Custom Resource Definition that allow creating resources of the corresponding type.
+
+    **NamespacedValidatingTypes** resources allow the Kubernetes cluster administrator to specify which resources _can_ be proxied by the Gesher Admission Controller proxy. Having a resource of this type is required - but not sufficient - to forward Admission requests to a namespaced Admission Controller.
+    A resource of this type will be created in the next step, to allow Admission Control of Redis Enterprise Database resources.
+
+    **NamespacedValidatingRules** functions as the 'implementation' to **NamespacedValidatingTypes** 'interface'. A resource of this type represents a namespaced Admission Controller, and will usually be created in the same namespace as the Admission Controller, and possibly, the operator for the CRDs being admission controlled.
+    A resource of this type, that will register the Admission Controller for Redis Enterprise Database resources, will be created in the last step.
+
+    ```shell script
+    kubectl apply -f gesher/crds/app.redislabs.com_namespacedvalidatingtype_crd.yaml
+    kubectl apply -f gesher/crds/app.redislabs.com_namespacedvalidatingrule_crd.yaml
+    ```
+
+10. **NamespacedValidatingType** Custom Resource
+
+    This is the Custom resource, mentioned in the previous step, that allows forwarding of Admission Control requests for Redis Enterprise Database resources.
+
+    ```shell script
+    kubectl apply -f gesher/type.yaml
+    ```
+    
+## Verifying Gesher installation
+
+One can verify that gesher is running correctly by verifying that the **ValidatingWebhookConfiguration** it creates to point at itself has been created and has the appropriate data corresponding to the **NamespacedValidatingType** that was loaded
+
+```shell script
+$ kubectl get ValidatingWebhookConfiguration
+NAME                   CREATED AT
+proxy.webhook.gesher   2020-10-05T16:18:21Z
+```
+
+and
+
+```shell script
+$ kubectl get -o yaml ValidatingWebhookConfiguration proxy.webhook.gesher
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: proxy.webhook.gesher
+  <snipped>
+webhooks:
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
+    caBundle: <snipped>
+    service:
+      name: gesher
+      namespace: automation-1
+      path: /proxy
+      port: 443
+  failurePolicy: Fail
+  matchPolicy: Exact
+  name: proxy.webhook.gesher
+  namespaceSelector: {}
+  objectSelector: {}
+  rules:
+  - apiGroups:
+    - app.redislabs.com
+    apiVersions:
+    - v1alpha1
+    operations:
+    - '*'
+    resources:
+    - redisenterprisedatabases
+    scope: Namespaced
+  sideEffects: Unknown
+  timeoutSeconds: 30
+```
+
+## Installing Admission Controller
+
+Installing the admission controller with gesher is similiar to the traditional installation.  It is a 2 step process
+
+1. Installing the admission controller via a single bundle or individual yaml files
+2. Hooking up the admission webhook via gesher
+
+## Admission Control via Bundle Installation
+
+1. Install the Admission Controller via a bundle into the same namespace the REC was installed into.
+
+```shell script
+kubectl create -f admission.bundle.yaml
+```
+
+## Individual Yaml Installation
+
+1. namespaced Role that allows creation and reading of Secrets
+
+    ```shell script
+    kubectl apply -f role.yaml
+    ```
+
+2. ServiceAccount for admission controller to run as
+
+    ```shell script
+    kubectl apply -f service_account.yaml
+    ```
+
+3. Binding namespaced Role to the service account
+
+    ```shell script
+    kubectl apply -f role_binding.yaml
+    ```
+
+4. Kubernetes Service that is used to access the Admission Control HTTP Server
+
+    ```shell script
+    kubectl apply -f service.yaml
+    ```
+
+5. TLS Key generator + Admission Controller HTTP Server
+
+    ```shell script
+    kubectl apply -f deployment.yaml
+    ```
+   
+## Hooking up the Admission controller with Gesher
+
+**NOTE**: This only has to be done the first time setting up the admission controller, it can be skipped on update
+
+1. Wait for the secret to be created
+
+    ```shell script
+    kubectl get secret admission-tls
+    NAME            TYPE     DATA   AGE
+    admission-tls   Opaque   2      2m43s
+    ```
+
+2. Enable the gesher rule using the generated certificate
+
+      ```shell script
+      # save cert
+      CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'`
+      sed -e "s#CERTIFICATE_PLACEHOLDER#${CERT}#g" gesher/rule.yaml | kubectl create -f -
+      ```
+ 
+## Verifying Installation
+
+In order to verify that the all the components of the Admission Controller are installed correctly, we will try to apply an invalid resource that should force the admission controller to reject it.  If it applies succesfully, it means the admission controller has not been hooked up correctly.
+
+```shell script
+$ kubectl apply -f - << EOF
+apiVersion: app.redislabs.com/v1alpha1
+kind: RedisEnterpriseDatabase
+metadata:
+  name: test-database-custom-resource
+EOF
+```
+
+This must fail with an error output by the admission webhook redb.admisison.redislabs that is being denied because it can't get the login credentials for the Redis Enterprise Cluster as none were specified.
+
+```shell script
+Error from server: error when creating "STDIN": admission webhook "proxy.webhook.gesher" denied the request: proxied webhook webhook denied the request: failed get RedisEnterpriseCluster client: custom resource (RedisEnterpriseCluster) not found: resource name may not be empty
+```
\ No newline at end of file
diff --git a/admission/README.md b/admission/README.md
index e53d36c..3557f04 100644
--- a/admission/README.md
+++ b/admission/README.md
@@ -1,126 +1,88 @@
-## REDB Admission Controller Setup
 
-In order to enable the REDB admission controller one has to deploy multiple Kubernetes resource.
 
-One can either install them via the provided yaml bundle, or individually.
+# REDB Admission Controller
 
-##### Bundle Installation
+Redis Labs' Redis Enterprise Operator provides an installable admission control that can be used to verify RedisEnterpriseDatabase resources on creation and modification for correctness.  This prevents end users from creating syntatically valid but functionally invalid database configurations.  The admission control leverages Kubernetes' built in [Dynamic Admission Control](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/).
 
-1. one installs them via a bundle after editing it to use the correct namespace.
+**Note:** Redis Labs' Redis Enterprise Operator can also be installed through the [Gesher Admission Proxy](GESHER.md) 
 
-**NOTE**: One must replace REPLACE_WITH_NAMESPACE in the following command with the proper namespace
+## Admission Control via Bundle Installation
 
-```shell script
-sed 's/NAMESPACE_OF_SERVICE_ACCOUNT/REPLACE_WITH_NAMESPACE/g' admission.bundle.yaml | kubectl create -f -
-```
-
-If this is the first time one is deploying the admission controller, one has to approve the CSR and setup the webhook to enable resource validation.  If one has already set these up, and one is just updating the admission controller, one skips steps 2 and 3 as they are already configured correctly   
-
-2. and waits for the secret to be created
+1. Install the Admission Controller via a bundle into the same namespace the REC was installed into.
 
 ```shell script
-kubectl get secret admission-tls
-NAME            TYPE     DATA   AGE
-admission-tls   Opaque   2      2m43s
+kubectl create -f admission.bundle.yaml
 ```
 
-3. and modifies the webhook to use the certificate generated
+## Individual Yaml Installation
 
-```shell script
-# save cert
-CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'`
-# create patch file
-cat > modified-webhook.yaml <<EOF
-webhooks:
-- admissionReviewVersions:
-  clientConfig:
-    caBundle: $CERT
-  name: redb.admission.redislabs
-  admissionReviewVersions: ["v1beta1"]
-EOF
-# patch webhook with caBundle
-kubectl patch ValidatingWebhookConfiguration redb-admission --patch "$(cat modified-webhook.yaml)"
-```
+1. namespaced Role that allows creation and reading of Secrets
 
-##### Individual Installation
+    ```shell script
+    kubectl apply -f role.yaml
+    ```
 
-1. ClusterRole that allows creation and watching of CertificateSigningRequest resources
+2. ServiceAccount for admission controller to run as
 
-```shell script
-kubectl apply -f cluster_role.yaml
-```
+    ```shell script
+    kubectl apply -f service_account.yaml
+    ```
 
-2. namespaced Role that allows creation and reading of Secrets
+3. Binding namespaced Role to the service account
 
-```shell script
-kubectl apply -f role.yaml
-```
+    ```shell script
+    kubectl apply -f role_binding.yaml
+    ```
 
-3. ServiceAccount for admission controller to run as
+4. Kubernetes Service that is used to access the Admission Control HTTP Server
 
-```shell script
-kubectl apply -f service_account.yaml
-```
+    ```shell script
+    kubectl apply -f service.yaml
+    ```
 
-4. Binding ClusterRole and namespaced Role to the service account
+5. TLS Key generator + Admission Controller HTTP Server
 
-**NOTE**: one must change the namespace for the ClusterRoleBinding to the namespace you are loading these resources into 
+    ```shell script
+    kubectl apply -f deployment.yaml
+    ```
 
-```shell script
-sed 's/NAMESPACE_OF_SERVICE_ACCOUNT/REPLACE_WITH_NAMESPACE/g' cluster_role_binding.yaml | kubectl apply -f -
-kubectl apply -f role_binding.yaml
-```
+## Hooking up the Admission controller directly with Kubernetes
 
-5. Kubernetes Service that is used to access the Admission Control HTTP Server
+**NOTE**: This only has to be done the first time setting up the admission controller, it can be skipped on update
 
-```shell script
-kubectl apply -f service.yaml
-```
-
-6. TLS Key generator and Signing Requester + Admission Controller HTTP Server
+1. Wait for the secret to be created
 
-```shell script
-kubectl apply -f deployment.yaml
-```
+    ```shell script
+    kubectl get secret admission-tls
+    NAME            TYPE     DATA   AGE
+    admission-tls   Opaque   2      2m43s
+    ```
 
-**Note**: Same as above with the bundle installation, the first time deploying the admission controller, one has to approve the CertificateSigningRequest and deploy the admisison webhook resource.
+2. Enable the Kubernetes webhook using the generated certificate
 
-1. approve CSR
+      **NOTE**: One must replace REPLACE_WITH_NAMESPACE in the following command with the namespace the REC was installed into.
 
-```shell script
-kubectl certificate approve admission-tls
-```
-or on openshift
+      ```shell script
+      # save cert
+      CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'`
+      sed 's/NAMESPACE_OF_SERVICE_ACCOUNT/REPLACE_WITH_NAMESPACE/g' webhook.yaml | kubectl create -f -
 
-```shell script
-oc adm certificate approve admission-tls
-```
+      # create patch file
+      cat > modified-webhook.yaml <<EOF
+      webhooks:
+      - admissionReviewVersions:
+        clientConfig:
+          caBundle: $CERT
+        name: redb.admission.redislabs
+        admissionReviewVersions: ["v1beta1"]
+      EOF
+      # patch webhook with caBundle
+      kubectl patch ValidatingWebhookConfiguration redb-admission --patch "$(cat modified-webhook.yaml)"
+      ```
+          
+## Verifying Installation
 
-2. and modifies the webhook to use the certificate generated
-
-```shell script
-# replace REPLACE_WITH_NAMESPACE with the correct namespace
-sed 's/NAMESPACE_OF_SERVICE_ACCOUNT/REPLACE_WITH_NAMESPACE/g' webhook.yaml | kubectl apply -f -
-
-# save cert
-CERT=`kubectl get csr admission-tls -o jsonpath='{.status.certificate}'`
-
-# create patch file
-cat > modified-webhook.yaml <<EOF
-webhooks:
-- admissionReviewVersions:
-  clientConfig:
-    caBundle: $CERT
-  name: redb.admission.redislabs
-  admissionReviewVersions: ["v1beta1"]
-EOF
-# patch webhook with caBundle
-kubectl patch ValidatingWebhookConfiguration redb-admission --patch "$(cat modified-webhook.yaml)"
-```
-
-##### Verifying Installation
-
-In order to verify that the all the components of the webhook are installed correctly, we will try to apply an invalid resource that should force the admission controller to reject it.  If it applies succesfully, it means the admission controller has not been hooked up correctly.
+In order to verify that the all the components of the Admission Controller are installed correctly, we will try to apply an invalid resource that should force the admission controller to reject it.  If it applies succesfully, it means the admission controller has not been hooked up correctly.
 
 ```shell script
 $ kubectl apply -f - << EOF
@@ -131,8 +93,8 @@ metadata:
 EOF
 ```
 
-This must fail with an error output by the admissio nwebhook redb.admisison.redislabs that is being denied becuase it can't get the login crendentials for the Redis Enterprise Cluster as none was specified.
+This must fail with an error output by the admission webhook redb.admisison.redislabs that is being denied because it can't get the login credentials for the Redis Enterprise Cluster as none were specified.
 
 ```shell script
 Error from server: error when creating "STDIN": admission webhook "redb.admission.redislabs" denied the request: createRECClient: GetLoginInfo: resource name may not be empty
-```
\ No newline at end of file
+```
diff --git a/admission/cluster_role.yaml b/admission/cluster_role.yaml
deleted file mode 100644
index b74e13f..0000000
--- a/admission/cluster_role.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: redis-enterprise-admission
-rules:
-  - apiGroups: ["certificates.k8s.io"]
-    resources: ["certificatesigningrequests"]
-    verbs: ["create", "watch"]
diff --git a/admission/deployment.yaml b/admission/deployment.yaml
index 328414e..584811d 100644
--- a/admission/deployment.yaml
+++ b/admission/deployment.yaml
@@ -14,11 +14,9 @@ spec:
       serviceAccountName: redis-enterprise-admission
       containers:
       - name: admin
-        image: redislabs/operator:6.0.6-24
+        image: redislabs/operator:6.0.8-1
         command:
         - /usr/local/bin/admission
-        args:
-        - '-v=0'
         imagePullPolicy: Always
         ports:
         - containerPort: 443
@@ -45,12 +43,11 @@ spec:
             scheme: HTTPS
       initContainers:
       - name: admin-init
-        image: redislabs/operator:6.0.6-24
+        image: redislabs/operator:6.0.8-1
         command:
         - /usr/local/bin/admission
         args:
         - '-generate-tls'
-        - '-v=1'
         imagePullPolicy: Always
         env:
         - name: POD_NAME
diff --git a/admission/deployment_openshift.yaml b/admission/deployment_openshift.yaml
deleted file mode 100644
index 328414e..0000000
--- a/admission/deployment_openshift.yaml
+++ /dev/null
@@ -1,75 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: admission-deploy
-spec:
-  selector:
-    matchLabels:
-      app: redb-admission
-  template:
-    metadata:
-      labels:
-        app: redb-admission
-    spec:
-      serviceAccountName: redis-enterprise-admission
-      containers:
-      - name: admin
-        image: redislabs/operator:6.0.6-24
-        command:
-        - /usr/local/bin/admission
-        args:
-        - '-v=0'
-        imagePullPolicy: Always
-        ports:
-        - containerPort: 443
-        env:
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        resources:
-          limits:
-            cpu: 100m
-            memory: 512Mi
-          requests:
-            cpu: 25m
-            memory: 256Mi
-        readinessProbe:
-          failureThreshold: 3
-          successThreshold: 1
-          periodSeconds: 30
-          timeoutSeconds: 10
-          httpGet:
-            path: /healthz
-            port: 8443
-            scheme: HTTPS
-      initContainers:
-      - name: admin-init
-        image: redislabs/operator:6.0.6-24
-        command:
-        - /usr/local/bin/admission
-        args:
-        - '-generate-tls'
-        - '-v=1'
-        imagePullPolicy: Always
-        env:
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-                fieldPath: metadata.namespace
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-        resources:
-          limits:
-            cpu: 2000m
-            memory: 256Mi
-          requests:
-            cpu: 100m
-            memory: 256Mi
-
diff --git a/admission/gesher/cluster_role.yaml b/admission/gesher/cluster_role.yaml
new file mode 100644
index 0000000..5829db5
--- /dev/null
+++ b/admission/gesher/cluster_role.yaml
@@ -0,0 +1,25 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gesher
+rules:
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - app.redislabs.com
+  resources:
+  - namespacedvalidatingtypes
+  - namespacedvalidatingtypes/status
+  - namespacedvalidatingrules
+  - namespacedvalidatingrules/status
+  verbs: ["*"]
diff --git a/admission/cluster_role_binding.yaml b/admission/gesher/cluster_role_binding.yaml
similarity index 67%
rename from admission/cluster_role_binding.yaml
rename to admission/gesher/cluster_role_binding.yaml
index c8f91d6..1baf752 100644
--- a/admission/cluster_role_binding.yaml
+++ b/admission/gesher/cluster_role_binding.yaml
@@ -1,12 +1,12 @@
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: redis-enterprise-admission
+  name: gesher
 subjects:
 - kind: ServiceAccount
+  name: gesher
   namespace: NAMESPACE_OF_SERVICE_ACCOUNT
-  name: redis-enterprise-admission
 roleRef:
   kind: ClusterRole
-  name: redis-enterprise-admission
+  name: gesher
   apiGroup: rbac.authorization.k8s.io
diff --git a/admission/gesher/crds/app.redislabs.com_namespacedvalidatingrule_crd.yaml b/admission/gesher/crds/app.redislabs.com_namespacedvalidatingrule_crd.yaml
new file mode 100644
index 0000000..d444757
--- /dev/null
+++ b/admission/gesher/crds/app.redislabs.com_namespacedvalidatingrule_crd.yaml
@@ -0,0 +1,18 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: namespacedvalidatingrules.app.redislabs.com
+spec:
+  group: app.redislabs.com
+  names:
+    kind: NamespacedValidatingRule
+    listKind: NamespacedValidatingRuleList
+    plural: namespacedvalidatingrules
+    singular: namespacedvalidatingrule
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+  subresources:
+    status: {}
diff --git a/admission/gesher/crds/app.redislabs.com_namespacedvalidatingtype_crd.yaml b/admission/gesher/crds/app.redislabs.com_namespacedvalidatingtype_crd.yaml
new file mode 100644
index 0000000..173e34a
--- /dev/null
+++ b/admission/gesher/crds/app.redislabs.com_namespacedvalidatingtype_crd.yaml
@@ -0,0 +1,18 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: namespacedvalidatingtypes.app.redislabs.com
+spec:
+  group: app.redislabs.com
+  names:
+    kind: NamespacedValidatingType
+    listKind: NamespacedValidatingTypeList
+    plural: namespacedvalidatingtypes
+    singular: namespacedvalidatingtype
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+  subresources:
+    status: {}
diff --git a/admission/gesher/operator.openshift.yaml b/admission/gesher/operator.openshift.yaml
new file mode 100644
index 0000000..5d33309
--- /dev/null
+++ b/admission/gesher/operator.openshift.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gesher
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: gesher
+  template:
+    metadata:
+      labels:
+        name: gesher
+    spec:
+      serviceAccountName: gesher
+      volumes:
+      - name: certs
+        emptyDir:
+          medium: Memory
+      containers:
+        - name: gesher
+          volumeMounts:
+          - mountPath: /certs
+            name: certs
+          image: redislabs/gesher:0.4
+          command:
+          - "/manager"
+          args:
+          - "--namespace"
+          - "$(POD_NAMESPACE)"
+          imagePullPolicy: Always
+          env:
+            - name: WATCH_NAMESPACE
+              value: ""
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: OPERATOR_NAME
+              value: "gesher"
+          resources:
+            limits:
+              cpu: 4000m
+              memory: 512Mi
+            requests:
+              cpu: 500m
+              memory: 256Mi
+              
diff --git a/admission/gesher/operator.yaml b/admission/gesher/operator.yaml
new file mode 100644
index 0000000..a750f3c
--- /dev/null
+++ b/admission/gesher/operator.yaml
@@ -0,0 +1,56 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gesher
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: gesher
+  template:
+    metadata:
+      labels:
+        name: gesher
+    spec:
+      securityContext:
+        runAsUser: 1001
+        runAsGroup: 1001
+        fsGroup: 1001
+      serviceAccountName: gesher
+      volumes:
+      - name: certs
+        emptyDir:
+          medium: Memory
+      containers:
+        - name: gesher
+          volumeMounts:
+          - mountPath: /certs
+            name: certs
+          image: redislabs/gesher:0.4
+          command:
+          - "/manager"
+          args:
+          - "--namespace"
+          - "$(POD_NAMESPACE)"
+          imagePullPolicy: Always
+          env:
+            - name: WATCH_NAMESPACE
+              value: ""
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: OPERATOR_NAME
+              value: "gesher"
+          resources:
+            limits:
+              cpu: 4000m
+              memory: 512Mi
+            requests:
+              cpu: 500m
+              memory: 256Mi
+              
diff --git a/admission/gesher/role.yaml b/admission/gesher/role.yaml
new file mode 100644
index 0000000..0a72eb4
--- /dev/null
+++ b/admission/gesher/role.yaml
@@ -0,0 +1,61 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: gesher
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  - services/finalizers
+  - endpoints
+  - persistentvolumeclaims
+  - events
+  - configmaps
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - daemonsets
+  - replicasets
+  - statefulsets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs:
+  - get
+  - create
+- apiGroups:
+  - apps
+  resourceNames:
+  - gesher
+  resources:
+  - deployments/finalizers
+  verbs:
+  - update
+- apiGroups: ["extensions"]
+  resources: ["podsecuritypolicies"]
+  resourceNames:
+  - redis-enterprise-psp
+  verbs:
+  - use
+  
diff --git a/admission/gesher/role_binding.yaml b/admission/gesher/role_binding.yaml
new file mode 100644
index 0000000..48fe47d
--- /dev/null
+++ b/admission/gesher/role_binding.yaml
@@ -0,0 +1,11 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: gesher
+subjects:
+- kind: ServiceAccount
+  name: gesher
+roleRef:
+  kind: Role
+  name: gesher
+  apiGroup: rbac.authorization.k8s.io
diff --git a/admission/gesher/rule.yaml b/admission/gesher/rule.yaml
new file mode 100644
index 0000000..207f036
--- /dev/null
+++ b/admission/gesher/rule.yaml
@@ -0,0 +1,21 @@
+apiVersion: app.redislabs.com/v1alpha1
+kind: NamespacedValidatingRule
+metadata:
+  name: redb
+spec:
+  webhooks:
+  - name: "redb-admission"
+    failurePolicy: "fail"
+    timeoutSeconds: 25
+    clientConfig:
+      service:
+        name: "admission"
+        port: 443
+        path: "/admission"
+      caBundle: CERTIFICATE_PLACEHOLDER
+    rules:
+    - apiGroups: ["app.redislabs.com"]
+      apiVersions: ["v1alpha1"]
+      resources: ["redisenterprisedatabases"]
+      operations: ["*"]
+
diff --git a/admission/gesher/service.yaml b/admission/gesher/service.yaml
new file mode 100644
index 0000000..c1e47e0
--- /dev/null
+++ b/admission/gesher/service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: gesher
+spec:
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 8443
+  selector:
+    name: gesher
diff --git a/admission/gesher/service_account.yaml b/admission/gesher/service_account.yaml
new file mode 100644
index 0000000..6068496
--- /dev/null
+++ b/admission/gesher/service_account.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gesher
diff --git a/admission/gesher/type.yaml b/admission/gesher/type.yaml
new file mode 100644
index 0000000..eabeadb
--- /dev/null
+++ b/admission/gesher/type.yaml
@@ -0,0 +1,10 @@
+apiVersion: app.redislabs.com/v1alpha1
+kind: NamespacedValidatingType
+metadata:
+  name: redb
+spec:
+  types:
+  - operations: ["*"]
+    apiGroups: ["app.redislabs.com"]
+    apiVersions: ["v1alpha1"]
+    resources: ["redisenterprisedatabases"]
diff --git a/bundle.yaml b/bundle.yaml
index a24a40c..1c28781 100644
--- a/bundle.yaml
+++ b/bundle.yaml
@@ -115,7 +115,7 @@ spec:
       serviceAccountName: redis-enterprise-operator
       containers:
         - name: redis-enterprise-operator
-          image: redislabs/operator:6.0.6-24
+          image: redislabs/operator:6.0.8-1
           command:
           - redis-enterprise-operator
           imagePullPolicy: Always
diff --git a/gesher.bundle.yaml b/gesher.bundle.yaml
new file mode 100644
index 0000000..d6c1365
--- /dev/null
+++ b/gesher.bundle.yaml
@@ -0,0 +1,237 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gesher
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gesher
+rules:
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - app.redislabs.com
+  resources:
+  - namespacedvalidatingtypes
+  - namespacedvalidatingtypes/status
+  - namespacedvalidatingrules
+  - namespacedvalidatingrules/status
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: gesher
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  - services/finalizers
+  - endpoints
+  - persistentvolumeclaims
+  - events
+  - configmaps
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - daemonsets
+  - replicasets
+  - statefulsets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs:
+  - get
+  - create
+- apiGroups:
+  - apps
+  resourceNames:
+  - gesher
+  resources:
+  - deployments/finalizers
+  verbs:
+  - update
+- apiGroups: ["extensions"]
+  resources: ["podsecuritypolicies"]
+  resourceNames:
+  - redis-enterprise-psp
+  verbs:
+  - use
+  
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: gesher
+subjects:
+- kind: ServiceAccount
+  name: gesher
+roleRef:
+  kind: Role
+  name: gesher
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: gesher
+subjects:
+- kind: ServiceAccount
+  name: gesher
+  namespace: NAMESPACE_OF_SERVICE_ACCOUNT
+roleRef:
+  kind: ClusterRole
+  name: gesher
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gesher
+spec:
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 8443
+  selector:
+    name: gesher
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: namespacedvalidatingrules.app.redislabs.com
+spec:
+  group: app.redislabs.com
+  names:
+    kind: NamespacedValidatingRule
+    listKind: NamespacedValidatingRuleList
+    plural: namespacedvalidatingrules
+    singular: namespacedvalidatingrule
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+  subresources:
+    status: {}
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: namespacedvalidatingtypes.app.redislabs.com
+spec:
+  group: app.redislabs.com
+  names:
+    kind: NamespacedValidatingType
+    listKind: NamespacedValidatingTypeList
+    plural: namespacedvalidatingtypes
+    singular: namespacedvalidatingtype
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+  subresources:
+    status: {}
+---
+apiVersion: app.redislabs.com/v1alpha1
+kind: NamespacedValidatingType
+metadata:
+  name: redb
+spec:
+  types:
+  - operations: ["*"]
+    apiGroups: ["app.redislabs.com"]
+    apiVersions: ["v1alpha1"]
+    resources: ["redisenterprisedatabases"]
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gesher
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: gesher
+  template:
+    metadata:
+      labels:
+        name: gesher
+    spec:
+      securityContext:
+        runAsUser: 1001
+        runAsGroup: 1001
+        fsGroup: 1001
+      serviceAccountName: gesher
+      volumes:
+      - name: certs
+        emptyDir:
+          medium: Memory
+      containers:
+        - name: gesher
+          volumeMounts:
+          - mountPath: /certs
+            name: certs
+          image: redislabs/gesher:0.4
+          command:
+          - "/manager"
+          args:
+          - "--namespace"
+          - "$(POD_NAMESPACE)"
+          imagePullPolicy: Always
+          env:
+            - name: WATCH_NAMESPACE
+              value: ""
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: OPERATOR_NAME
+              value: "gesher"
+          resources:
+            limits:
+              cpu: 4000m
+              memory: 512Mi
+            requests:
+              cpu: 500m
+              memory: 256Mi
+              
+---
diff --git a/gesher.openshift.bundle.yaml b/gesher.openshift.bundle.yaml
new file mode 100644
index 0000000..8b5a24a
--- /dev/null
+++ b/gesher.openshift.bundle.yaml
@@ -0,0 +1,233 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gesher
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gesher
+rules:
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - app.redislabs.com
+  resources:
+  - namespacedvalidatingtypes
+  - namespacedvalidatingtypes/status
+  - namespacedvalidatingrules
+  - namespacedvalidatingrules/status
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: gesher
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  - services/finalizers
+  - endpoints
+  - persistentvolumeclaims
+  - events
+  - configmaps
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - daemonsets
+  - replicasets
+  - statefulsets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs:
+  - get
+  - create
+- apiGroups:
+  - apps
+  resourceNames:
+  - gesher
+  resources:
+  - deployments/finalizers
+  verbs:
+  - update
+- apiGroups: ["extensions"]
+  resources: ["podsecuritypolicies"]
+  resourceNames:
+  - redis-enterprise-psp
+  verbs:
+  - use
+  
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: gesher
+subjects:
+- kind: ServiceAccount
+  name: gesher
+roleRef:
+  kind: Role
+  name: gesher
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: gesher
+subjects:
+- kind: ServiceAccount
+  name: gesher
+  namespace: NAMESPACE_OF_SERVICE_ACCOUNT
+roleRef:
+  kind: ClusterRole
+  name: gesher
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gesher
+spec:
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 8443
+  selector:
+    name: gesher
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: namespacedvalidatingrules.app.redislabs.com
+spec:
+  group: app.redislabs.com
+  names:
+    kind: NamespacedValidatingRule
+    listKind: NamespacedValidatingRuleList
+    plural: namespacedvalidatingrules
+    singular: namespacedvalidatingrule
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+  subresources:
+    status: {}
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: namespacedvalidatingtypes.app.redislabs.com
+spec:
+  group: app.redislabs.com
+  names:
+    kind: NamespacedValidatingType
+    listKind: NamespacedValidatingTypeList
+    plural: namespacedvalidatingtypes
+    singular: namespacedvalidatingtype
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+  subresources:
+    status: {}
+---
+apiVersion: app.redislabs.com/v1alpha1
+kind: NamespacedValidatingType
+metadata:
+  name: redb
+spec:
+  types:
+  - operations: ["*"]
+    apiGroups: ["app.redislabs.com"]
+    apiVersions: ["v1alpha1"]
+    resources: ["redisenterprisedatabases"]
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gesher
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: gesher
+  template:
+    metadata:
+      labels:
+        name: gesher
+    spec:
+      serviceAccountName: gesher
+      volumes:
+      - name: certs
+        emptyDir:
+          medium: Memory
+      containers:
+        - name: gesher
+          volumeMounts:
+          - mountPath: /certs
+            name: certs
+          image: redislabs/gesher:0.4
+          command:
+          - "/manager"
+          args:
+          - "--namespace"
+          - "$(POD_NAMESPACE)"
+          imagePullPolicy: Always
+          env:
+            - name: WATCH_NAMESPACE
+              value: ""
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: OPERATOR_NAME
+              value: "gesher"
+          resources:
+            limits:
+              cpu: 4000m
+              memory: 512Mi
+            requests:
+              cpu: 500m
+              memory: 256Mi
+              
+---
diff --git a/log_collector/log_collector.py b/log_collector/log_collector.py
index eec8f2e..8815def 100755
--- a/log_collector/log_collector.py
+++ b/log_collector/log_collector.py
@@ -51,9 +51,12 @@
     "ValidatingWebhookConfiguration",
     "ClusterRole",
     "ClusterRoleBinding",
-    "Csv",
+    "ClusterServiceVersion",
     "Subscription",
-    "Installplan"
+    "Installplan",
+    "CatalogSource"
+    "PodSecurityPolicy",
+    "ReplicaSet",
 ]
 
 
diff --git a/openshift.bundle.yaml b/openshift.bundle.yaml
index ff49233..2683713 100644
--- a/openshift.bundle.yaml
+++ b/openshift.bundle.yaml
@@ -114,7 +114,7 @@ spec:
     served: true
     storage: true
 ---
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: redis-enterprise-operator
@@ -131,7 +131,7 @@ spec:
       serviceAccount: redis-enterprise-operator
       containers:
         - name: redis-enterprise-operator
-          image: redislabs/operator:6.0.6-24
+          image: redislabs/operator:6.0.8-1
           securityContext:
             runAsUser: 1001
           command:
diff --git a/openshift/operator_rhel.yaml b/openshift/operator_rhel.yaml
index de6cc60..24b4cf3 100644
--- a/openshift/operator_rhel.yaml
+++ b/openshift/operator_rhel.yaml
@@ -15,7 +15,7 @@ spec:
       serviceAccount: redis-enterprise-operator
       containers:
         - name: redis-enterprise-operator
-          image: redislabs/operator:6.0.6-24
+          image: redislabs/operator:6.0.8-1
           securityContext:
             runAsUser: 1001
           command:
diff --git a/openshift/redis-enterprise-cluster_rhel.yaml b/openshift/redis-enterprise-cluster_rhel.yaml
index 17ddd52..10c4d90 100644
--- a/openshift/redis-enterprise-cluster_rhel.yaml
+++ b/openshift/redis-enterprise-cluster_rhel.yaml
@@ -19,5 +19,5 @@ spec:
   redisEnterpriseImageSpec:
     imagePullPolicy:  IfNotPresent
     repository:       redislabs/redis
-    versionTag:       6.0.6-39.rhel7-openshift
+    versionTag:       6.0.8-28.rhel7-openshift
 
diff --git a/openshift/sb_cluster_role.yaml b/openshift/sb_cluster_role.yaml
deleted file mode 100644
index ce96a07..0000000
--- a/openshift/sb_cluster_role.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: redis-enterprise-operator-sb
-rules:
-- apiGroups: ["servicecatalog.k8s.io"]
-  resources: ["clusterservicebrokers"]
-  verbs: ["*"]
diff --git a/openshift/sb_cluster_role_binding.yaml b/openshift/sb_cluster_role_binding.yaml
deleted file mode 100644
index 44253d1..0000000
--- a/openshift/sb_cluster_role_binding.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: redis-enterprise-operator-sb
-subjects:
-- kind: ServiceAccount
-  namespace: NAMESPACE_OF_SERVICE_ACCOUNT
-  name: redis-enterprise-operator
-roleRef:
-  kind: ClusterRole
-  name: redis-enterprise-operator-sb
-  apiGroup: rbac.authorization.k8s.io
diff --git a/openshift/with_service_broker_rhel.yaml b/openshift/with_service_broker_rhel.yaml
deleted file mode 100644
index 2c73ac6..0000000
--- a/openshift/with_service_broker_rhel.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: "app.redislabs.com/v1"
-kind: "RedisEnterpriseCluster"
-metadata:
-  name: "redis-enterprise"
-spec:
-  nodes: 3
-  serviceBrokerSpec:
-    enabled: true
-    persistentSpec:
-      storageClassName: "gp2"
-  redisEnterpriseImageSpec:
-    imagePullPolicy:  IfNotPresent
-    repository:       redislabs/redis
-    versionTag:       6.0.6-39.rhel7-openshift
diff --git a/operator.yaml b/operator.yaml
index eb41365..030c19e 100644
--- a/operator.yaml
+++ b/operator.yaml
@@ -15,7 +15,7 @@ spec:
       serviceAccountName: redis-enterprise-operator
       containers:
         - name: redis-enterprise-operator
-          image: redislabs/operator:6.0.6-24
+          image: redislabs/operator:6.0.8-1
           command:
           - redis-enterprise-operator
           imagePullPolicy: Always
diff --git a/redis_enterprise_cluster_api.md b/redis_enterprise_cluster_api.md
index b1a0cc3..e28ffdc 100644
--- a/redis_enterprise_cluster_api.md
+++ b/redis_enterprise_cluster_api.md
@@ -5,13 +5,13 @@ This document describes the parameters for the Redis Enterprise Cluster custom r
 * [Objects](#objects)
   * [ActiveActive](#activeactive)
   * [ImageSpec](#imagespec)
+  * [Module](#module)
   * [PeerCluster](#peercluster)
   * [PersistentConfigurationSpec](#persistentconfigurationspec)
   * [RedisEnterpriseCluster](#redisenterprisecluster)
   * [RedisEnterpriseClusterList](#redisenterpriseclusterlist)
   * [RedisEnterpriseClusterSpec](#redisenterpriseclusterspec)
   * [RedisEnterpriseClusterStatus](#redisenterpriseclusterstatus)
-  * [ServiceBrokerSpec](#servicebrokerspec)
   * [ServicesRiggerConfigurationSpec](#servicesriggerconfigurationspec)
   * [SlaveHA](#slaveha)
   * [UpgradeSpec](#upgradespec)
@@ -31,7 +31,6 @@ This document describes the parameters for the Redis Enterprise Cluster custom r
 | apiIngressUrl | RS API URL | string |  | true |
 | dbIngressSuffix | DB ENDPOINT SUFFIX - will be used to set the db host ingress <db name><db ingress suffix> Creates a host name so it should be unique if more than one db is created on the cluster with the same name | string |  | true |
 | ingressAnnotations | Used for ingress controllers such as ha-proxy or nginx in GKE | map[string]string |  | false |
-| peerClusters | List of peer clusters to be used by the service broker | [][PeerCluster](#peercluster) |  | false |
 [Back to Table of Contents](#table-of-contents)
 
 ### ImageSpec
@@ -44,6 +43,16 @@ Image specification
 | imagePullPolicy |  | v1.PullPolicy |  | true |
 [Back to Table of Contents](#table-of-contents)
 
+### Module
+
+
+| Field | Description | Scheme | Default Value | Required |
+| ----- | ----------- | ------ | -------- | -------- |
+| name |  | string |  | true |
+| displayName |  | string |  | true |
+| versions |  | []string |  | true |
+[Back to Table of Contents](#table-of-contents)
+
 ### PeerCluster
 Active Active peer cluster
 
@@ -106,7 +115,6 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster
 | redisEnterpriseServicesRiggerResources | Compute resource requirements for Services Rigger pod | *[v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#resourcerequirements-v1-core) | 0.5 CPU and 0.5GB memory | false |
 | pullSecrets | PullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#localobjectreference-v1-core) | empty | false |
 | persistentSpec | Specification for Redis Enterprise Cluster persistence | [PersistentConfigurationSpec](#persistentconfigurationspec) |  | false |
-| serviceBrokerSpec | Specification for Service Broker | [ServiceBrokerSpec](#servicebrokerspec) | disabled | false |
 | sideContainersSpec | Specification for a side container that will be added to each Redis Enterprise pod | []v1.Container | empty | false |
 | extraLabels | Labels that the user defines for their convenience | map[string]string | empty | false |
 | podAntiAffinity | Override for the default anti-affinity rules of the Redis Enterprise pods | *v1.PodAntiAffinity |  | false |
@@ -132,17 +140,7 @@ RedisEnterpriseClusterStatus defines the observed state of RedisEnterpriseCluste
 | ----- | ----------- | ------ | -------- | -------- |
 | state | State of Redis Enterprise Cluster | [ClusterState](#clusterstate) |  | true |
 | specStatus | Validity of Redis Enterprise Cluster specification | [SpecStatusName](#specstatusname) |  | true |
-[Back to Table of Contents](#table-of-contents)
-
-### ServiceBrokerSpec
-Specification for Service Broker
-
-| Field | Description | Scheme | Default Value | Required |
-| ----- | ----------- | ------ | -------- | -------- |
-| enabled | Whether to deploy Service Broker | bool |  | true |
-| persistentSpec | Persistence specification for Service Broker | [PersistentConfigurationSpec](#persistentconfigurationspec) |  | false |
-| imageSpec | Image specification for Service Broker | *[ImageSpec](#imagespec) |  | false |
-| resources | Compute resource requirements for Service Broker | *[v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#resourcerequirements-v1-core) |  | false |
+| modules | Modules Available in Cluster | [][Module](#module) |  | false |
 [Back to Table of Contents](#table-of-contents)
 
 ### ServicesRiggerConfigurationSpec
diff --git a/redis_enterprise_database_api.md b/redis_enterprise_database_api.md
index 77c6b83..b448145 100644
--- a/redis_enterprise_database_api.md
+++ b/redis_enterprise_database_api.md
@@ -7,6 +7,7 @@ This document describes the parameters for the Redis Enterprise Database custom
   * [BackupSpec](#backupspec)
   * [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold)
   * [DbAlertsSettings](#dbalertssettings)
+  * [DbModule](#dbmodule)
   * [FtpStorage](#ftpstorage)
   * [GoogleStorage](#googlestorage)
   * [InternalEndpoint](#internalendpoint)
@@ -66,20 +67,31 @@ DbAlertsSettings An API object that represents the database alerts configuration
 
 | Field | Description | Scheme | Default Value | Required |
 | ----- | ----------- | ------ | -------- | -------- |
-| bdb_backup_delayed | Periodic backup has been delayed for longer than specified threshold value [minutes] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
-| bdb_crdt_src_high_syncer_lag | Active-active source - sync lag is higher than specified threshold value [seconds] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
-| bdb_crdt_src_syncer_connection_error | Active-active source - sync has connection error while trying to connect replica source | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
-| bdb_crdt_src_syncer_general_error | Active-active source - sync encountered in general error | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
-| bdb_high_latency | Latency is higher than specified threshold value [micro-sec] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
-| bdb_high_throughput | Throughput is higher than specified threshold value [requests / sec.] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
-| bdb_long_running_action | An alert for state-machines that are running for too long | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
-| bdb_low_throughput | Throughput is lower than specified threshold value [requests / sec.] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
-| bdb_ram_dataset_overhead | Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
-| bdb_ram_values | Percent of values kept in a shard's RAM is lower than [% of its key count] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
-| bdb_replica_src_high_syncer_lag | Replica-of source - sync lag is higher than specified threshold value [seconds] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
-| bdb_replica_src_syncer_connection_error | Replica-of source - sync has connection error while trying to connect replica source | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
-| bdb_shard_num_ram_values | Number of values kept in a shard's RAM is lower than [values] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
-| bdb_size | Dataset size has reached the threshold value [% of the memory limit] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
+| bdb_backup_delayed | Periodic backup has been delayed for longer than specified threshold value [minutes] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
+| bdb_crdt_src_high_syncer_lag | Active-active source - sync lag is higher than specified threshold value [seconds] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
+| bdb_crdt_src_syncer_connection_error | Active-active source - sync has connection error while trying to connect replica source | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
+| bdb_crdt_src_syncer_general_error | Active-active source - sync encountered in general error | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
+| bdb_high_latency | Latency is higher than specified threshold value [micro-sec] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
+| bdb_high_throughput | Throughput is higher than specified threshold value [requests / sec.] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
+| bdb_long_running_action | An alert for state-machines that are running for too long | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
+| bdb_low_throughput | Throughput is lower than specified threshold value [requests / sec.] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
+| bdb_ram_dataset_overhead | Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
+| bdb_ram_values | Percent of values kept in a shard's RAM is lower than [% of its key count] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
+| bdb_replica_src_high_syncer_lag | Replica-of source - sync lag is higher than specified threshold value [seconds] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
+| bdb_replica_src_syncer_connection_error | Replica-of source - sync has connection error while trying to connect replica source | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
+| bdb_shard_num_ram_values | Number of values kept in a shard's RAM is lower than [values] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
+| bdb_size | Dataset size has reached the threshold value [% of the memory limit] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) |  | false |
+[Back to Table of Contents](#table-of-contents)
+
+### DbModule
+Redis Enterprise Module: https://redislabs.com/redis-enterprise/modules/
+
+| Field | Description | Scheme | Default Value | Required |
+| ----- | ----------- | ------ | -------- | -------- |
+| name | The module's name e.g \"ft\" for redissearch | string |  | true |
+| version | Module's semantic version e.g \"1.6.12\" | string |  | true |
+| config | Module command line arguments e.g. VKEY_MAX_ENTITY_COUNT 30 | string |  | false |
+| uid | Module's uid - do not set, for system use only | string |  | false |
 [Back to Table of Contents](#table-of-contents)
 
 ### FtpStorage
@@ -162,6 +174,7 @@ RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase
 | replicaSources | What databases to replicate from | [][ReplicaSource](#replicasource) |  | false |
 | alertSettings | Settings for database alerts | *[DbAlertsSettings](#dbalertssettings) |  | false |
 | backup | Target for automatic database backups. | *[BackupSpec](#backupspec) |  | false |
+| modulesList | List of modules associated with database | *[][DbModule](#dbmodule) |  | false |
 [Back to Table of Contents](#table-of-contents)
 
 ### RedisEnterpriseDatabaseStatus
@@ -180,6 +193,7 @@ RedisEnterpriseDatabaseStatus defines the observed state of RedisEnterpriseDatab
 | version | Database compatibility version | string |  | false |
 | replicaSourceStatuses | ReplicaSource statuses | [][ReplicaSourceStatus](#replicasourcestatus) |  | false |
 | internalEndpoints | Endpoints listed internally by the Redis Enterprise Cluster. Can be used to correlate a ReplicaSourceStatus entry. | [][InternalEndpoint](#internalendpoint) |  | false |
+| observedGeneration | The generation (built in update counter of K8s) of the REDB resource that was fully acted upon, meaning that all changes were handled and sent as an API call to the Redis Enterprise Cluster (REC). This field value should equal the current generation when the resource changes were handled. Note: the lastActionStatus field tracks actions handled asynchronously by the Redis Enterprise Cluster. | int64 |  | false |
 [Back to Table of Contents](#table-of-contents)
 
 ### ReplicaSource
diff --git a/release_info.yaml b/release_info.yaml
index 44c2624..48c07fd 100644
--- a/release_info.yaml
+++ b/release_info.yaml
@@ -1,3 +1,2 @@
-operatorVersion: 6.0.6-24
-rsVersion: 6.0.6-39
-serviceBrokerVersion: 78_4b9b17f
\ No newline at end of file
+operatorVersion: 6.0.8-1
+rsVersion: 6.0.8-28