diff --git a/Makefile b/Makefile
index 1524d478a98..ce947b28974 100644
--- a/Makefile
+++ b/Makefile
@@ -66,7 +66,7 @@ clean:
 	@rm -rf dist/
 
 regen-crd:
-	@go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.15.0
+	@go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.16.5
 	@${GOPATH}/bin/controller-gen crd:maxDescLen=0,generateEmbeddedObjectMeta=true webhook paths="./..." output:crd:artifacts:config=$(KUSTOMIZE_CRDS)
 	@sed 's#namespace: minio-operator#namespace: {{ .Release.Namespace }}#g' resources/base/crds/minio.min.io_tenants.yaml > $(HELM_TEMPLATES)/minio.min.io_tenants.yaml
 	@sed 's#namespace: minio-operator#namespace: {{ .Release.Namespace }}#g' resources/base/crds/sts.min.io_policybindings.yaml > $(HELM_TEMPLATES)/sts.min.io_policybindings.yaml
diff --git a/cmd/operator/controller.go b/cmd/operator/controller.go
index ff4ad600163..1c2286213d7 100644
--- a/cmd/operator/controller.go
+++ b/cmd/operator/controller.go
@@ -15,6 +15,9 @@
 package main
 
 import (
+	"flag"
+	"strconv"
+
 	"github.com/minio/cli"
 	"github.com/minio/operator/pkg/controller"
 )
@@ -30,9 +33,17 @@ var controllerCmd = cli.Command{
 			Name:  "kubeconfig",
 			Usage: "Load configuration from `KUBECONFIG`",
 		},
+		cli.IntFlag{
+			Name:  "v",
+			Usage: "logging level",
+		},
 	},
 }
 
 func startController(ctx *cli.Context) {
+	if ctx.Int("v") > 0 {
+		flag.Set("v", strconv.Itoa(ctx.Int("v")))
+		flag.Parse()
+	}
 	controller.StartOperator(ctx.String("kubeconfig"))
 }
diff --git a/go.mod b/go.mod
index 774fbd42e82..2edf83839df 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/fatih/color v1.17.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible
-	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
 	github.com/google/go-containerregistry v0.19.2
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/mux v1.8.1
diff --git a/go.sum b/go.sum
index 2710d19040e..2e725cff7e0 100644
--- a/go.sum
+++ b/go.sum
@@ -66,6 +66,8 @@ github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keL
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
+github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
diff --git a/helm/tenant/templates/tenant.yaml b/helm/tenant/templates/tenant.yaml
index 15c8f79136a..173e44f4ff6 100644
--- a/helm/tenant/templates/tenant.yaml
+++ b/helm/tenant/templates/tenant.yaml
@@ -25,6 +25,9 @@ spec:
   imagePullSecret:
     name: {{ dig "imagePullSecret" "name" "" . }}
   {{- end }}
+  {{- with (dig "initContainers" (list) .) }}
+  initContainers: {{- toYaml . | nindent 4 }}
+  {{- end }}
   ## Secret with default environment variable configurations
   configuration:
     name: {{ .configuration.name }}
@@ -35,62 +38,56 @@ spec:
   {{- end }}
   {{- end }}
   pools:
-    {{- range (dig "pools" (list) .) }}
-    - servers: {{ dig "servers" 4 . }}
-      name: {{ dig "name" "" . }}
-      volumesPerServer: {{ dig "volumesPerServer" 4 . }}
-      {{- if dig "runtimeClassName" "" . }}
-      runtimeClassName: {{ dig "runtimeClassName" "" . }}
+    {{- range .pools }}
+    - servers: {{ .servers | default 4 }}
+      name: {{ .name | default "" }}
+      volumesPerServer: {{ .volumesPerServer | default 4 }}
+      {{- if .runtimeClassName }}
+      runtimeClassName: {{ .runtimeClassName }}
       {{- end }}
       volumeClaimTemplate:
         metadata:
           name: data
-      {{- with (dig "storageAnnotations" (dict) .) }}
+          {{- with .storageAnnotations }}
           annotations: {{- toYaml . | nindent 12 }}
-      {{- end }}
-      {{- with (dig "storageLabels" (dict) .) }}
+          {{- end }}
+          {{- with .storageLabels }}
           labels: {{- toYaml . | nindent 12 }}
-      {{- end }}
+          {{- end }}
         spec:
-          {{- if dig "storageClassName" "" . }}
-          storageClassName: {{ dig "storageClassName" "" . }}
+          {{- if .storageClassName }}
+          storageClassName: {{ .storageClassName }}
           {{- end }}
           accessModes:
             - ReadWriteOnce
           resources:
             requests:
-              storage: {{ dig "size" "10Gi" . }}
-      {{- with (dig "annotations" (dict) .) }}
+              storage: {{ .size | default "10Gi" }}
+      {{- with .annotations }}
       annotations: {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with (dig "labels" (dict) .) }}
+      {{- with .labels }}
       labels: {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with (dig "tolerations" (list) .) }}
+      {{- with .tolerations }}
       tolerations: {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with (dig "nodeSelector" (dict) .) }}
+      {{- with .nodeSelector }}
       nodeSelector: {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with (dig "affinity" (dict) .) }}
+      {{- with .affinity }}
       affinity: {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with (dig "resources" (dict) .) }}
+      {{- with .resources }}
       resources: {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- if hasKey . "securityContext" }}
-      securityContext: {{- if eq (len .securityContext) 0 }} {} {{- end }}
-      {{- with (dig "securityContext" (dict) .) }}
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- end }}
-      {{- if hasKey . "containerSecurityContext" }}
-      containerSecurityContext: {{- if eq (len .containerSecurityContext) 0 }} {} {{- end }}
-      {{- with (dig "containerSecurityContext" (dict) .) }}
-      {{- toYaml . | nindent 8 }}
+      {{- if .securityContext }}
+      securityContext: {{- toYaml .securityContext | nindent 8 }}
       {{- end }}
+      {{- if .containerSecurityContext }}
+      containerSecurityContext: {{- toYaml .containerSecurityContext | nindent 8 }}
       {{- end }}
-      {{- with (dig "topologySpreadConstraints" (list) .) }}
+      {{- with .topologySpreadConstraints }}
       topologySpreadConstraints: {{- toYaml . | nindent 8 }}
       {{- end }}
     {{- end }}
diff --git a/helm/tenant/values.yaml b/helm/tenant/values.yaml
index 3dc4ddcf0fe..1ddfaf7bc80 100644
--- a/helm/tenant/values.yaml
+++ b/helm/tenant/values.yaml
@@ -38,6 +38,30 @@ tenant:
   # Only one array element is supported at this time.
   imagePullSecret: { }
   ###
+  #
+  # Specify `initContainers <https://kubernetes.io/docs/concepts/workloads/pods/init-containers/>`__ to perform setup or configuration tasks before the main Tenant pods starts.
+  #
+  # Example of init container which waits for idenity provider to be reachable before starting MinIO Tenant:
+  # 
+  # .. code-block:: yaml
+  #
+  # initContainers:
+  #  - name: wait-for-idp
+  #    image: busybox
+  #    command:
+  #      - sh
+  #      - -c
+  #      - |
+  #        URL="https://idp-url"
+  #        echo "Checking IdP reachability (${URL})"
+  #        until $(wget -q -O "/dev/null" ${URL}) ; do
+  #          echo "IdP (${URL}) not reachable. Waiting to be reachable..."
+  #          sleep 5
+  #        done
+  #        echo "IdP (${URL}) reachable. Starting MinIO..."
+  #
+  initContainers: [ ]
+  ###
   # The Kubernetes `Scheduler <https://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/>`__ to use for dispatching Tenant pods.
   #
   # Specify an empty dictionary ``{}`` to dispatch pods with the default scheduler.
diff --git a/release.sh b/release.sh
index 0436b378496..aa5af8361a4 100755
--- a/release.sh
+++ b/release.sh
@@ -4,49 +4,52 @@ set -e
 
 # Parse command line arguments
 while [[ "$#" -gt 0 ]]; do
-    case $1 in
-        --release-sidecar)
-            RELEASE_SIDECAR="$2"
-            shift 2
-            ;;
-        *)
-            ;;
-    esac
-    shift
+	case $1 in
+	--release-sidecar)
+		RELEASE_SIDECAR="$2"
+		shift 2
+		;;
+	*) ;;
+	esac
+	shift
 done
 
+sed_inplace() {
+	if [[ "$OSTYPE" == "darwin"* ]]; then
+		sed -i "" -E "$@"
+	else
+		sed -i -r "$@"
+	fi
+}
+
 get_latest_release() {
-  curl --silent "https://api.github.com/repos/$1/releases/latest" | # Get latest release from GitHub api
-    grep '"tag_name":' |                                            # Get tag line
-    sed -E 's/.*"([^"]+)".*/\1/'                                    # Pluck JSON value
+	curl --silent "https://api.github.com/repos/$1/releases/latest" | # Get latest release from GitHub api
+		grep '"tag_name":' |                                             # Get tag line
+		sed -E 's/.*"([^"]+)".*/\1/'                                     # Pluck JSON value
 }
 
 MINIO_RELEASE=$(get_latest_release minio/minio)
 KES_RELEASE=$(get_latest_release minio/kes)
-MC_RELEASE=$(get_latest_release minio/mc)
 
 MINIO_CURRENT_RELEASE=$(sed -nr 's/.*(minio\/minio\:)([v]?.*)"/\2/p' pkg/apis/minio.min.io/v2/constants.go)
 KES_CURRENT_RELEASE=$(sed -nr 's/.*(minio\/kes\:)([v]?.*)"/\2/p' pkg/apis/minio.min.io/v2/constants.go)
 
 files=(
-  "README.md"
-  "pkg/apis/job.min.io/v1alpha1/types.go"
-  "docs/tenant_crd.adoc"
-  "docs/policybinding_crd.adoc"
-  "docs/job_crd.adoc"
-  "docs/minio-job.md"
-  "docs/templates/asciidoctor/gv_list.tpl"
-  "examples/kustomization/base/tenant.yaml"
-  "examples/kustomization/tenant-certmanager-kes/tenant.yaml"
-  "examples/kustomization/tenant-kes-encryption/tenant.yaml"
-  "helm/operator/Chart.yaml"
-  "helm/operator/values.yaml"
-  "helm/tenant/Chart.yaml"
-  "helm/tenant/values.yaml"
-  "pkg/apis/minio.min.io/v2/constants.go"
-  "pkg/controller/operator.go"
-  "resources/base/deployment.yaml"
-  "testing/console-tenant+kes.sh"
+	"README.md"
+	"docs/tenant_crd.adoc"
+	"docs/policybinding_crd.adoc"
+	"docs/templates/asciidoctor/gv_list.tpl"
+	"examples/kustomization/base/tenant.yaml"
+	"examples/kustomization/tenant-certmanager-kes/tenant.yaml"
+	"examples/kustomization/tenant-kes-encryption/tenant.yaml"
+	"helm/operator/Chart.yaml"
+	"helm/operator/values.yaml"
+	"helm/tenant/Chart.yaml"
+	"helm/tenant/values.yaml"
+	"pkg/apis/minio.min.io/v2/constants.go"
+	"pkg/controller/operator.go"
+	"resources/base/deployment.yaml"
+	"testing/console-tenant+kes.sh"
 )
 
 CURRENT_RELEASE=$(get_latest_release minio/operator)
@@ -55,36 +58,33 @@ CURRENT_RELEASE="${CURRENT_RELEASE:1}"
 echo "Upgrade: $CURRENT_RELEASE => $RELEASE"
 echo "MinIO: $MINIO_RELEASE => $MINIO_RELEASE"
 echo "KES: $KES_CURRENT_RELEASE => $KES_RELEASE"
-echo "MC: $MC_CURRENT_RELEASE => $MC_RELEASE"
 
 if [ -z "$MINIO_RELEASE" ]; then
-  echo "\$MINIO_RELEASE is empty"
-  exit 0
+	echo "\$MINIO_RELEASE is empty"
+	exit 0
 fi
 
 for file in "${files[@]}"; do
-	sed -i -e "s/${KES_CURRENT_RELEASE}/${KES_RELEASE}/g" "$file"
-	sed -i -e "s/${MC_CURRENT_RELEASE}/${MC_RELEASE}/g" "$file"
-  sed -i -e "s/${CURRENT_RELEASE}/${RELEASE}/g" "$file"
-  sed -i -e "s/${MINIO_CURRENT_RELEASE}/${MINIO_RELEASE}/g" "$file"
+	sed_inplace "s/${KES_CURRENT_RELEASE}/${KES_RELEASE}/g" "$file"
+	sed_inplace "s/${CURRENT_RELEASE}/${RELEASE}/g" "$file"
+	sed_inplace "s/${MINIO_CURRENT_RELEASE}/${MINIO_RELEASE}/g" "$file"
 done
 
 annotations_files=(
-  "pkg/apis/job.min.io/v1alpha1/types.go"
-  "pkg/apis/minio.min.io/v2/types.go"
-  "pkg/apis/sts.min.io/v1beta1/types.go"
+	"pkg/apis/minio.min.io/v2/types.go"
+	"pkg/apis/sts.min.io/v1beta1/types.go"
 )
 
 for file in "${annotations_files[@]}"; do
-  sed -i -e "s~operator.min.io/version=.*~operator.min.io/version=v${RELEASE}~g" "$file"
+	sed_inplace "s~operator.min.io/version=.*~operator.min.io/version=v${RELEASE}~g" "$file"
 done
 
 # Update annotation in kustomization yaml
-sed -i -e "s~operator.min.io/version: .*~operator.min.io/version: v${RELEASE}~g" "resources/kustomization.yaml"
+sed_inplace "s~operator.min.io/version: .*~operator.min.io/version: v${RELEASE}~g" "resources/kustomization.yaml"
 
 if [ "${RELEASE_SIDECAR}" = "true" ]; then
 
-  sed -i -e 's~quay.io/minio/operator-sidecar:.*\"~quay.io/minio/operator-sidecar:v'$RELEASE'\"~g' "pkg/resources/statefulsets/minio-sidecar.go"
+	sed_inplace 's~quay.io/minio/operator-sidecar:.*\"~quay.io/minio/operator-sidecar:v'$RELEASE'\"~g' "pkg/resources/statefulsets/minio-sidecar.go"
 fi
 
 # Add all the generated files to git
diff --git a/sidecar/go.mod b/sidecar/go.mod
index 4bf5f52397d..19dc79bd75b 100644
--- a/sidecar/go.mod
+++ b/sidecar/go.mod
@@ -29,7 +29,7 @@ require (
 	github.com/goccy/go-json v0.10.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
diff --git a/sidecar/go.sum b/sidecar/go.sum
index 0fe5d557195..125532541a2 100644
--- a/sidecar/go.sum
+++ b/sidecar/go.sum
@@ -32,6 +32,8 @@ github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keL
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
+github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=