diff --git a/charts/config-syncer/Chart.yaml b/charts/config-syncer/Chart.yaml
index dd3513c9..4b449925 100755
--- a/charts/config-syncer/Chart.yaml
+++ b/charts/config-syncer/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 description: 'Config Syncer by AppsCode'
 name: config-syncer
-version: v0.14.7
-appVersion: v0.14.7
+version: v0.15.0
+appVersion: v0.15.0
 home: https://github.com/kubeops/config-syncer
 icon: https://cdn.appscode.com/images/products/kubed/icons/android-icon-192x192.png
 sources:
diff --git a/charts/config-syncer/README.md b/charts/config-syncer/README.md
index 71e6d4b8..10fcdff7 100644
--- a/charts/config-syncer/README.md
+++ b/charts/config-syncer/README.md
@@ -7,8 +7,8 @@
 ```bash
 $ helm repo add appscode https://charts.appscode.com/stable/
 $ helm repo update
-$ helm search repo appscode/config-syncer --version=v0.14.7
-$ helm upgrade -i config-syncer appscode/config-syncer -n kubeops --create-namespace --version=v0.14.7
+$ helm search repo appscode/config-syncer --version=v0.15.0
+$ helm upgrade -i config-syncer appscode/config-syncer -n kubeops --create-namespace --version=v0.15.0
 ```
 
 ## Introduction
@@ -24,7 +24,7 @@ This chart deploys a Config Syncer operator on a [Kubernetes](http://kubernetes.
 To install/upgrade the chart with the release name `config-syncer`:
 
 ```bash
-$ helm upgrade -i config-syncer appscode/config-syncer -n kubeops --create-namespace --version=v0.14.7
+$ helm upgrade -i config-syncer appscode/config-syncer -n kubeops --create-namespace --version=v0.15.0
 ```
 
 The command deploys a Config Syncer operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
@@ -87,12 +87,12 @@ The following table lists the configurable parameters of the `config-syncer` cha
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
 
 ```bash
-$ helm upgrade -i config-syncer appscode/config-syncer -n kubeops --create-namespace --version=v0.14.7 --set replicaCount=1
+$ helm upgrade -i config-syncer appscode/config-syncer -n kubeops --create-namespace --version=v0.15.0 --set replicaCount=1
 ```
 
 Alternatively, a YAML file that specifies the values for the parameters can be provided while
 installing the chart. For example:
 
 ```bash
-$ helm upgrade -i config-syncer appscode/config-syncer -n kubeops --create-namespace --version=v0.14.7 --values values.yaml
+$ helm upgrade -i config-syncer appscode/config-syncer -n kubeops --create-namespace --version=v0.15.0 --values values.yaml
 ```
diff --git a/charts/config-syncer/templates/apiregistration.yaml b/charts/config-syncer/templates/apiregistration.yaml
deleted file mode 100644
index 844dc346..00000000
--- a/charts/config-syncer/templates/apiregistration.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
-{{- $serverCrt := "" }}
-{{- $serverKey := "" }}
-{{- if .Values.apiserver.servingCerts.generate }}
-{{- $ca := genCA "ca" 3650 }}
-{{- $cn := include "config-syncer.fullname" . -}}
-{{- $altName1 := printf "%s.%s" $cn .Release.Namespace }}
-{{- $altName2 := printf "%s.%s.svc" $cn .Release.Namespace }}
-{{- $server := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }}
-{{- $serverCrt = b64enc $server.Cert }}
-{{- $serverKey = b64enc $server.Key }}
-{{- else }}
-{{- $serverCrt = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverCrt }}
-{{- $serverKey = required "Required when apiserver.servingCerts.generate is false" .Values.apiserver.servingCerts.serverKey }}
-{{- end }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ template "config-syncer.fullname" . }}-apiserver-cert
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "config-syncer.labels" . | nindent 4 }}
-type: Opaque
-data:
-  tls.crt: {{ $serverCrt }}
-  tls.key: {{ $serverKey }}
----
-# to read the config for terminating authentication
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ template "config-syncer.fullname" . }}-apiserver-extension-server-authentication-reader
-  namespace: kube-system
-  labels:
-    {{- include "config-syncer.labels" . | nindent 4 }}
-roleRef:
-  kind: Role
-  apiGroup: rbac.authorization.k8s.io
-  name: extension-apiserver-authentication-reader
-subjects:
-- kind: ServiceAccount
-  name: {{ template "config-syncer.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
----
-# to delegate authentication and authorization
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "config-syncer.fullname" . }}-apiserver-auth-delegator
-  labels:
-    {{- include "config-syncer.labels" . | nindent 4 }}
-roleRef:
-  kind: ClusterRole
-  apiGroup: rbac.authorization.k8s.io
-  name: system:auth-delegator
-subjects:
-- kind: ServiceAccount
-  name: {{ template "config-syncer.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
diff --git a/charts/config-syncer/templates/cluster-role.yaml b/charts/config-syncer/templates/cluster-role.yaml
index 2253b6eb..2242b223 100644
--- a/charts/config-syncer/templates/cluster-role.yaml
+++ b/charts/config-syncer/templates/cluster-role.yaml
@@ -17,7 +17,7 @@ rules:
 - apiGroups: [""]
   resources:
   - nodes
-  verbs: ["list"]
+  verbs: ["get", "list", "watch"]
 - apiGroups: [""]
   resources:
   - events
diff --git a/charts/config-syncer/templates/deployment.yaml b/charts/config-syncer/templates/deployment.yaml
index 722a031c..e91cb15e 100644
--- a/charts/config-syncer/templates/deployment.yaml
+++ b/charts/config-syncer/templates/deployment.yaml
@@ -22,7 +22,6 @@ spec:
       labels:
         {{- include "config-syncer.selectorLabels" . | nindent 8 }}
       annotations:
-        checksum/apiregistration.yaml: {{ include (print $.Template.BasePath "/apiregistration.yaml") . | sha256sum }}
       {{- if $criticalAddon }}
         scheduler.alpha.kubernetes.io/critical-pod: ''
       {{- end }}
@@ -42,43 +41,44 @@ spec:
         image: {{ include "image.registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}{{if include "mode.enterprise" .}}-ent{{end}}
         imagePullPolicy: {{ .Values.imagePullPolicy }}
         args:
-        - run
-        - --v={{ .Values.logLevel }}
-        - --secure-port={{ default "8443" .Values.apiserver.securePort }}
-        - --audit-log-path=-
-        - --tls-cert-file=/var/serving-cert/tls.crt
-        - --tls-private-key-file=/var/serving-cert/tls.key
-        - --use-kubeapiserver-fqdn-for-aks={{ .Values.apiserver.useKubeapiserverFqdnForAks }}
-      {{- if .Values.license }}
-        - --license-file=/var/run/secrets/appscode/license/key.txt
-      {{- end }}
-      {{- with .Values.config.clusterName }}
-        - --cluster-name={{ . }}
-      {{- end }}
-      {{- with .Values.config.configSourceNamespace }}
-        - --config-source-namespace={{ . }}
-      {{- end }}
-      {{- if .Values.config.kubeconfigContent }}
-        - --kubeconfig-file=/srv/config-syncer/kubeconfig
-      {{- end }}
-      {{- range .Values.config.additionalOptions }}
-        - {{ . }}
-      {{- end }}
-        ports:
-        - containerPort: {{ default "8443" .Values.apiserver.securePort }}
+          - run
+        {{- if .Values.license }}
+          - --license-file=/var/run/secrets/appscode/license/key.txt
+        {{- end }}
+        {{- with .Values.config.clusterName }}
+          - --cluster-name={{ . }}
+        {{- end }}
+        {{- with .Values.config.configSourceNamespace }}
+          - --config-source-namespace={{ . }}
+        {{- end }}
+        {{- if .Values.config.kubeconfigContent }}
+          - --kubeconfig-file=/srv/config-syncer/kubeconfig
+        {{- end }}
+        {{- range .Values.config.additionalOptions }}
+          - {{ . }}
+        {{- end }}
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
       {{- if .Values.apiserver.healthcheck.enabled }}
         readinessProbe:
           httpGet:
-            path: /healthz
-            port: {{ default "8443" .Values.apiserver.securePort }}
-            scheme: HTTPS
+            path: /readyz
+            port: 8081
           initialDelaySeconds: 5
+          periodSeconds: 10
         livenessProbe:
           httpGet:
             path: /healthz
-            port: {{ default "8443" .Values.apiserver.securePort }}
-            scheme: HTTPS
-          initialDelaySeconds: 5
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
       {{- end }}
         resources:
           {{- toYaml .Values.image.resources | nindent 10 }}
@@ -87,8 +87,6 @@ spec:
           mountPath: /srv/config-syncer
         - name: scratch
           mountPath: /tmp
-        - mountPath: /var/serving-cert
-          name: serving-cert
         {{- if .Values.license }}
         - mountPath: /var/run/secrets/appscode/license
           name: license
@@ -99,10 +97,6 @@ spec:
           secretName: {{ template "config-syncer.fullname" . }}
       - name: scratch
         emptyDir: {}
-      - name: serving-cert
-        secret:
-          defaultMode: 420
-          secretName: {{ template "config-syncer.fullname" . }}-apiserver-cert
       {{- if .Values.license }}
       - name: license
         secret: