diff --git a/Makefile b/Makefile
index 8f9af5740..f94a14000 100644
--- a/Makefile
+++ b/Makefile
@@ -113,6 +113,9 @@ ifneq ($(shell git status --porcelain),)
 	BUILD_VERSION := $(BUILD_VERSION)-dirty
 endif
 
+OAUTH_IMAGE ?= registry.redhat.io/openshift4/ose-oauth-proxy:latest
+CERT_GENERATOR_IMAGE ?= registry.redhat.io/ubi9:latest
+
 .PHONY: all
 all: build
 
@@ -167,6 +170,8 @@ build: fmt vet ## Build manager binary.
 		-ldflags " \
 			-X 'main.OperatorVersion=$(BUILD_VERSION)' \
 			-X 'main.BuildDate=$(BUILD_DATE)' \
+			-X 'github.com/project-codeflare/codeflare-operator/pkg/controllers.CertGeneratorImage=$(CERT_GENERATOR_IMAGE)' \
+			-X 'github.com/project-codeflare/codeflare-operator/pkg/controllers.OAuthProxyImage=$(OAUTH_IMAGE)' \
 		" \
 		-o bin/manager main.go
 
@@ -176,6 +181,8 @@ go-build-for-image: fmt vet ## Build manager binary.
 		-ldflags " \
 			-X 'main.OperatorVersion=$(BUILD_VERSION)' \
 			-X 'main.BuildDate=$(BUILD_DATE)' \
+			-X 'github.com/project-codeflare/codeflare-operator/pkg/controllers.CertGeneratorImage=$(CERT_GENERATOR_IMAGE)' \
+			-X 'github.com/project-codeflare/codeflare-operator/pkg/controllers.OAuthProxyImage=$(OAUTH_IMAGE)' \
 		" \
 		-tags strictfipsruntime -a -o manager main.go
 
diff --git a/main.go b/main.go
index 9c0d0437d..eb0d149aa 100644
--- a/main.go
+++ b/main.go
@@ -147,7 +147,6 @@ func main() {
 			RayDashboardOAuthEnabled: ptr.To(true),
 			IngressDomain:            "",
 			MTLSEnabled:              ptr.To(true),
-			CertGeneratorImage:       "registry.redhat.io/ubi9@sha256:770cf07083e1c85ae69c25181a205b7cdef63c11b794c89b3b487d4670b4c328",
 		},
 		AppWrapper: &config.AppWrapperConfiguration{
 			Enabled: ptr.To(false),
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 49749dfec..ddbff27ce 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -50,8 +50,6 @@ type KubeRayConfiguration struct {
 	IngressDomain string `json:"ingressDomain"`
 
 	MTLSEnabled *bool `json:"mTLSEnabled,omitempty"`
-
-	CertGeneratorImage string `json:"certGeneratorImage"`
 }
 
 type ControllerManager struct {
diff --git a/pkg/controllers/raycluster_webhook.go b/pkg/controllers/raycluster_webhook.go
index dab128115..4e4b259f6 100644
--- a/pkg/controllers/raycluster_webhook.go
+++ b/pkg/controllers/raycluster_webhook.go
@@ -231,7 +231,7 @@ func validateHeadGroupServiceAccountName(rayCluster *rayv1.RayCluster) field.Err
 func oauthProxyContainer(rayCluster *rayv1.RayCluster) corev1.Container {
 	return corev1.Container{
 		Name:  oauthProxyContainerName,
-		Image: "registry.redhat.io/openshift4/ose-oauth-proxy@sha256:1ea6a01bf3e63cdcf125c6064cbd4a4a270deaf0f157b3eabb78f60556840366",
+		Image: OAuthProxyImage,
 		Ports: []corev1.ContainerPort{
 			{ContainerPort: 8443, Name: "oauth-proxy"},
 		},
@@ -349,7 +349,7 @@ func rayHeadInitContainer(rayCluster *rayv1.RayCluster, config *config.KubeRayCo
 
 	initContainerHead := corev1.Container{
 		Name:  "create-cert",
-		Image: config.CertGeneratorImage,
+		Image: CertGeneratorImage,
 		Command: []string{
 			"sh",
 			"-c",
@@ -363,7 +363,7 @@ func rayHeadInitContainer(rayCluster *rayv1.RayCluster, config *config.KubeRayCo
 func rayWorkerInitContainer(config *config.KubeRayConfiguration) corev1.Container {
 	initContainerWorker := corev1.Container{
 		Name:  "create-cert",
-		Image: config.CertGeneratorImage,
+		Image: CertGeneratorImage,
 		Command: []string{
 			"sh",
 			"-c",
diff --git a/pkg/controllers/raycluster_webhook_test.go b/pkg/controllers/raycluster_webhook_test.go
index 44927309d..22612ab98 100644
--- a/pkg/controllers/raycluster_webhook_test.go
+++ b/pkg/controllers/raycluster_webhook_test.go
@@ -243,7 +243,7 @@ func TestValidateCreate(t *testing.T) {
 						Containers: []corev1.Container{
 							{
 								Name:  oauthProxyContainerName,
-								Image: "registry.redhat.io/openshift4/ose-oauth-proxy@sha256:1ea6a01bf3e63cdcf125c6064cbd4a4a270deaf0f157b3eabb78f60556840366",
+								Image: OAuthProxyImage,
 								Ports: []corev1.ContainerPort{
 									{ContainerPort: 8443, Name: "oauth-proxy"},
 								},
@@ -363,7 +363,7 @@ func TestValidateUpdate(t *testing.T) {
 						Containers: []corev1.Container{
 							{
 								Name:  oauthProxyContainerName,
-								Image: "registry.redhat.io/openshift4/ose-oauth-proxy@sha256:1ea6a01bf3e63cdcf125c6064cbd4a4a270deaf0f157b3eabb78f60556840366",
+								Image: OAuthProxyImage,
 								Ports: []corev1.ContainerPort{
 									{ContainerPort: 8443, Name: "oauth-proxy"},
 								},
diff --git a/pkg/controllers/support.go b/pkg/controllers/support.go
index 24285ff1b..3bc730787 100644
--- a/pkg/controllers/support.go
+++ b/pkg/controllers/support.go
@@ -14,6 +14,11 @@ import (
 	routeapply "github.com/openshift/client-go/route/applyconfigurations/route/v1"
 )
 
+var (
+	CertGeneratorImage = ""
+	OAuthProxyImage    = ""
+)
+
 func serviceNameFromCluster(cluster *rayv1.RayCluster) string {
 	return cluster.Name + "-head-svc"
 }
diff --git a/test/odh/resources/custom-nb-small.yaml b/test/odh/resources/custom-nb-small.yaml
index 791a2d98a..42ab1098a 100644
--- a/test/odh/resources/custom-nb-small.yaml
+++ b/test/odh/resources/custom-nb-small.yaml
@@ -107,7 +107,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: registry.redhat.io/openshift4/ose-oauth-proxy:v4.10
+        image: registry.redhat.io/openshift4/ose-oauth-proxy:latest
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 3