diff --git a/examples/kafka-access-with-user.yaml b/examples/kafka-access-with-user.yaml
new file mode 100644
index 0000000..16eb148
--- /dev/null
+++ b/examples/kafka-access-with-user.yaml
@@ -0,0 +1,20 @@
+# The operator will look up the Kafka instance specified and
+# create a secret with the details to connect to the listener specified.
+# It will also look up the KafkaUser specified and check it has the correct
+# authentication mechanism to connect to the listener. If so it will add the
+# user credentials to the secret it creates.
+# If no listener is specified it will choose one based on the user authentication.
+apiVersion: access.strimzi.io/v1alpha1
+kind: KafkaAccess
+metadata:
+  name: my-kafka-access
+spec:
+  kafka:
+    name: my-cluster
+    namespace: kafka
+    listener: tls
+  user:
+    kind: KafkaUser
+    apiGroup: kafka.strimzi.io
+    name: my-user
+    namespace: kafka
diff --git a/examples/kafka-access.yaml b/examples/kafka-access.yaml
new file mode 100644
index 0000000..fd07934
--- /dev/null
+++ b/examples/kafka-access.yaml
@@ -0,0 +1,12 @@
+# The operator will look up the Kafka instance specified and
+# create a secret with the details to connect to the listener specified.
+# If no listener is specified it will choose one, preferring an internal listener.
+apiVersion: access.strimzi.io/v1alpha1
+kind: KafkaAccess
+metadata:
+  name: my-kafka-access
+spec:
+  kafka:
+    name: my-cluster
+    namespace: kafka
+    listener: plain
diff --git a/install/000-Namespace.yaml b/install/000-Namespace.yaml
new file mode 100644
index 0000000..7d930b8
--- /dev/null
+++ b/install/000-Namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: strimzi-access-operator
+  labels:
+    app: strimzi-access-operator
diff --git a/install/010-ServiceAccount.yaml b/install/010-ServiceAccount.yaml
new file mode 100644
index 0000000..90fcd85
--- /dev/null
+++ b/install/010-ServiceAccount.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: strimzi-access-operator
+  labels:
+    app: strimzi-access-operator
+  namespace: strimzi-access-operator
diff --git a/install/020-ClusterRole.yaml b/install/020-ClusterRole.yaml
new file mode 100644
index 0000000..48f097c
--- /dev/null
+++ b/install/020-ClusterRole.yaml
@@ -0,0 +1,41 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: strimzi-access-operator
+  labels:
+    app: strimzi-access-operator
+rules:
+  - apiGroups:
+      - "access.strimzi.io"
+    resources:
+      - kafkaaccesses
+      - kafkaaccesses/status
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - patch
+      - update
+  - apiGroups:
+      - "kafka.strimzi.io"
+    resources:
+      - kafkas
+      - kafkausers
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - patch
+      - update
diff --git a/install/030-ClusterRoleBinding.yaml b/install/030-ClusterRoleBinding.yaml
new file mode 100644
index 0000000..353e62b
--- /dev/null
+++ b/install/030-ClusterRoleBinding.yaml
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: strimzi-access-operator
+  labels:
+    app: strimzi-access-operator
+subjects:
+  - kind: ServiceAccount
+    name: strimzi-access-operator
+    namespace: strimzi-access-operator
+roleRef:
+  kind: ClusterRole
+  name: strimzi-access-operator
+  apiGroup: rbac.authorization.k8s.io
diff --git a/install/040-Crd-kafkaaccess.yaml b/install/040-Crd-kafkaaccess.yaml
new file mode 100644
index 0000000..2cf64a1
--- /dev/null
+++ b/install/040-Crd-kafkaaccess.yaml
@@ -0,0 +1,67 @@
+# Generated by Fabric8 CRDGenerator, manual edits might get overwritten!
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: kafkaaccesses.access.strimzi.io
+  labels:
+    servicebinding.io/provisioned-service: "true"
+spec:
+  group: access.strimzi.io
+  names:
+    kind: KafkaAccess
+    plural: kafkaaccesses
+    shortNames:
+      - ka
+    singular: kafkaaccess
+  scope: Namespaced
+  versions:
+    - name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          properties:
+            spec:
+              properties:
+                kafka:
+                  properties:
+                    name:
+                      type: string
+                    namespace:
+                      type: string
+                    listener:
+                      type: string
+                  required:
+                    - name
+                  type: object
+                user:
+                  properties:
+                    kind:
+                      type: string
+                    apiGroup:
+                      type: string
+                    name:
+                      type: string
+                    namespace:
+                      type: string
+                  required:
+                    - kind
+                    - apiGroup
+                    - name
+                  type: object
+              required:
+                - kafka
+              type: object
+            status:
+              properties:
+                binding:
+                  properties:
+                    name:
+                      type: string
+                  type: object
+                observedGeneration:
+                  type: integer
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
diff --git a/install/050-Deployment.yaml b/install/050-Deployment.yaml
new file mode 100644
index 0000000..72ccfb0
--- /dev/null
+++ b/install/050-Deployment.yaml
@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: strimzi-access-operator
+  labels:
+    app: strimzi-access-operator
+  namespace: strimzi-access-operator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: strimzi-access-operator
+      strimzi.io/kind: access-operator
+  template:
+    metadata:
+      labels:
+        app: strimzi-access-operator
+        strimzi.io/kind: access-operator
+    spec:
+      serviceAccountName: strimzi-access-operator
+      volumes:
+        - name: strimzi-tmp
+          emptyDir:
+            medium: Memory
+            sizeLimit: 1Mi
+      containers:
+        - name: access-operator
+          image: quay.io/strimzi/access-operator:99.99.99
+          ports:
+            - containerPort: 8080
+              name: http
+          args:
+            - /opt/strimzi/bin/access_operator_run.sh
+          volumeMounts:
+            - name: strimzi-tmp
+              mountPath: /tmp
+          resources:
+            limits:
+              memory: 256Mi
+              cpu: 500m
+            requests:
+              memory: 256Mi
+              cpu: 100m
+          livenessProbe:
+            httpGet:
+              path: /healthy
+              port: http
+            initialDelaySeconds: 10
+            periodSeconds: 30
+          readinessProbe:
+            httpGet:
+              path: /ready
+              port: http
+            initialDelaySeconds: 10
+            periodSeconds: 30
+  strategy:
+    type: Recreate
diff --git a/packaging/install/050-Deployment.yaml b/packaging/install/050-Deployment.yaml
index ac0f183..72ccfb0 100644
--- a/packaging/install/050-Deployment.yaml
+++ b/packaging/install/050-Deployment.yaml
@@ -25,7 +25,7 @@ spec:
             sizeLimit: 1Mi
       containers:
         - name: access-operator
-          image: quay.io/strimzi/access-operator:latest
+          image: quay.io/strimzi/access-operator:99.99.99
           ports:
             - containerPort: 8080
               name: http
diff --git a/pom.xml b/pom.xml
index 052ee97..2af8c79 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>io.strimzi</groupId>
     <artifactId>kafka-access-operator</artifactId>
-    <version>0.0.1-SNAPSHOT</version>
+    <version>99.99.99</version>
 
     <licenses>
         <license>