diff --git a/.github/workflows/push-chart.yaml b/.github/workflows/push-chart.yaml
index 6e4a3aec..6cfafb9f 100644
--- a/.github/workflows/push-chart.yaml
+++ b/.github/workflows/push-chart.yaml
@@ -30,10 +30,11 @@ jobs:
       - name: start minikube
         id: minikube
         uses: medyagh/setup-minikube@master
-      - uses: azure/setup-helm@v1
+      - uses: azure/setup-helm@v3
       - name: install atlas-operator
         run: |
-          helm install atlas-operator charts/atlas-operator --wait --set image.pullPolicy=Always
+          helm install atlas-operator charts/atlas-operator --wait \
+          --set image.pullPolicy=Always
       - name: apply test resources
         run: |
           kubectl apply -k config/integration
@@ -46,6 +47,16 @@ jobs:
             kubectl describe deployments
             exit 1
           fi
+      - name: test env vars
+        run: |
+          kubectl apply -k config/integration/env
+          helm upgrade atlas-operator charts/atlas-operator -f ./config/integration/env/values.yaml --wait
+          # Find the operator pod
+          OPERATOR=$(kubectl get pods -o jsonpath='{.items[0].metadata.name}')
+          # Extract the env from the operator pod
+          kubectl exec $OPERATOR -- env | grep NORMAL_ENV
+          kubectl exec $OPERATOR -- env | grep CONFIGMAP_REF_ENV
+          kubectl exec $OPERATOR -- env | grep SECRET_REF_ENV
   helm-push:
     name: Push to ghcr.io
     needs: [helm-test]
diff --git a/.github/workflows/push-images.yaml b/.github/workflows/push-images.yaml
index 29974408..93632d0c 100644
--- a/.github/workflows/push-images.yaml
+++ b/.github/workflows/push-images.yaml
@@ -36,6 +36,12 @@ jobs:
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Fetch Atlas version
+        id: atlas
+        run: |
+          # All distributions are built from the same version
+          # so we only need to fetch it once.
+          echo "version=$(curl -s https://release.ariga.io/atlas/atlas-linux-amd64-latest.version)" >> $GITHUB_OUTPUT
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v4
@@ -46,6 +52,7 @@ jobs:
             type=ref,event=branch
             type=semver,pattern={{version}}
           labels: |
+            io.ariga.atlas.version=${{ steps.atlas.outputs.version }}
             org.opencontainers.image.title=atlas-operator
             org.opencontainers.image.description=Atlas Operator
             org.opencontainers.image.url=https://atlasgo.io
@@ -56,6 +63,7 @@ jobs:
         with:
           context: .
           build-args: |
+            ATLAS_VERSION=${{ steps.atlas.outputs.version }}
             OPERATOR_VERSION=v${{ steps.meta.outputs.version }}
           file: ./Dockerfile
           platforms: linux/amd64,linux/arm64
@@ -73,4 +81,4 @@ jobs:
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: 'trivy-results.sarif'
\ No newline at end of file
+          sarif_file: 'trivy-results.sarif'
diff --git a/Dockerfile b/Dockerfile
index e7c492e8..7ca08192 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,7 +14,7 @@
 # limitations under the License.
 
 # Build the manager binary
-FROM golang:1.21.5-alpine as builder
+FROM golang:1.21.6-alpine3.19 as builder
 ARG TARGETOS
 ARG TARGETARCH
 ARG OPERATOR_VERSION
@@ -37,16 +37,20 @@ COPY internal/ internal/
 
 RUN --mount=type=cache,target=/go/pkg/mod \
     --mount=type=cache,target=/root/.cache/go-build \
-    CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build \
-    -ldflags "-X 'main.version=${OPERATOR_VERSION}'" \
-     -a -o manager main.go
+    GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} CGO_ENABLED=0 \
+    go build -ldflags "-X 'main.version=${OPERATOR_VERSION}'" \
+    -o manager -a main.go
 
-FROM arigaio/atlas:latest-alpine as atlas
+FROM alpine:3.19 as atlas
+RUN apk add --no-cache curl
+ARG ATLAS_VERSION=latest
+ENV ATLAS_VERSION=${ATLAS_VERSION}
+RUN curl -sSf https://atlasgo.sh | sh
 
-FROM alpine:3.19.0
+FROM alpine:3.19
 WORKDIR /
 COPY --from=builder /workspace/manager .
-COPY --from=atlas /atlas .
+COPY --from=atlas /usr/local/bin/atlas .
 RUN chmod +x /atlas
 ENV ATLAS_NO_UPDATE_NOTIFIER=1
 ENV ATLAS_KUBERNETES_OPERATOR=1
diff --git a/README.md b/README.md
index 8aeb0fac..a1ffb543 100644
--- a/README.md
+++ b/README.md
@@ -63,6 +63,49 @@ To configure the operator, you can set the following values in the `values.yaml`
 
 - `prewarmDevDB`: The Operator always keeps devdb resources around to speed up the migration process. Set this to `false` to disable this feature.
 
+- `extraEnvs`: Used to set environment variables for the operator
+
+```yaml
+  extraEnvs: []
+  # extraEnvs:
+  #   - name: FOO
+  #     value: "foo"
+  #   - name: BAR
+  #     valueFrom:
+  #       secretKeyRef:
+  #         key: BAR
+  #         name: secret-resource
+  #   - name: BAZ
+  #     valueFrom:
+  #       configMapKeyRef:
+  #         key: BAZ
+  #         name: configmap-resource
+```
+
+- `extraVolumes`: Used to mount additional volumes to the operator
+
+```yaml
+  extraVolumes: []
+  # extraVolumes:
+  #   - name: my-volume
+  #     secret:
+  #       secretName: my-secret
+  #   - name: my-volume
+  #     configMap:
+  #       name: my-configmap
+```
+
+- `extraVolumeMounts`: Used to mount additional volumes to the operator
+
+```yaml
+  extraVolumeMounts: []
+  # extraVolumeMounts:
+  #   - name: my-volume
+  #     mountPath: /path/to/mount
+  #   - name: my-volume
+  #     mountPath: /path/to/mount
+```
+
 ### Getting started
 
 In this example, we will create a MySQL database and apply a schema to it. After installing the
diff --git a/charts/atlas-operator/Chart.yaml b/charts/atlas-operator/Chart.yaml
index 27cb3669..703fed2a 100644
--- a/charts/atlas-operator/Chart.yaml
+++ b/charts/atlas-operator/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
 name: atlas-operator
 description: The Atlas Kubernetes Operator
 type: application
-version: 0.3.9
-appVersion: 0.3.9
+version: 0.4.2
+appVersion: 0.4.2
diff --git a/charts/atlas-operator/templates/deployment.yaml b/charts/atlas-operator/templates/deployment.yaml
index 2f14f588..b964666b 100644
--- a/charts/atlas-operator/templates/deployment.yaml
+++ b/charts/atlas-operator/templates/deployment.yaml
@@ -19,12 +19,19 @@ spec:
       labels:
         control-plane: controller-manager
       {{- include "atlas-operator.selectorLabels" . | nindent 8 }}
+      {{- with .Values.podLabels }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.podAnnotations }}
       annotations:
         {{- toYaml . | nindent 8 }}
         kubectl.kubernetes.io/default-container: manager
       {{- end }}
     spec:
+      {{- with .Values.extraVolumes }}
+      volumes:
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
       containers:
       - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
@@ -42,12 +49,19 @@ spec:
           initialDelaySeconds: 5
           periodSeconds: 10
         resources:
-          {{- toYaml .Values.resources | nindent 12 }}
+          {{- toYaml .Values.resources | nindent 10 }}
         securityContext:
-          {{- toYaml .Values.containerSecurityContext | nindent 12 }}
+          {{- toYaml .Values.containerSecurityContext | nindent 10 }}
         env:
         - name: PREWARM_DEVDB
           value: "{{ .Values.prewarmDevDB }}"
+        {{- with .Values.extraEnvs }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+        {{- with .Values.extraVolumeMounts }}
+        volumeMounts:
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
diff --git a/charts/atlas-operator/templates/serviceaccount.yaml b/charts/atlas-operator/templates/serviceaccount.yaml
index 902f40a0..c3c5ab27 100644
--- a/charts/atlas-operator/templates/serviceaccount.yaml
+++ b/charts/atlas-operator/templates/serviceaccount.yaml
@@ -7,6 +7,9 @@ metadata:
     app.kubernetes.io/component: rbac
     app.kubernetes.io/created-by: atlas-operator
     app.kubernetes.io/part-of: atlas-operator
+  {{- with .Values.serviceAccount.labels }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
   {{- include "atlas-operator.labels" . | nindent 4 }}
   {{- with .Values.serviceAccount.annotations }}
   annotations:
diff --git a/charts/atlas-operator/values.yaml b/charts/atlas-operator/values.yaml
index 38ae71bf..6960b238 100644
--- a/charts/atlas-operator/values.yaml
+++ b/charts/atlas-operator/values.yaml
@@ -19,10 +19,13 @@ fullnameOverride: ""
 serviceAccount:
   create: true
   annotations: {}
+  labels: {}
   name: ""
 
 podAnnotations: {}
 
+podLabels: {}
+
 podSecurityContext:
   runAsNonRoot: true
 
@@ -43,4 +46,31 @@ affinity: {}
 
 # By default, the operator will recreate devdb pods after migration
 # Set this to true to keep the devdb pods around.
-prewarmDevDB: true
\ No newline at end of file
+prewarmDevDB: true
+
+# -- Additional environment variables to set
+extraEnvs: []
+# extraEnvs:
+#   - name: FOO
+#     valueFrom:
+#       secretKeyRef:
+#         key: FOO
+#         name: secret-resource
+#   - name: BAR
+#     valueFrom:
+#      configMapKeyRef:
+#        key: BAR
+#        name: config-map-resource
+
+extraVolumes: []
+# extraVolumes:
+#   - name: extra-volume
+#     secret:
+#       secretName: extra-volume-secret
+
+extraVolumeMounts: []
+# extraVolumeMounts:
+#   - name: extra-volume
+#     mountPath: /extra-volume
+#     readOnly: true
+
diff --git a/config/integration/env/configmap.yaml b/config/integration/env/configmap.yaml
new file mode 100644
index 00000000..00649dab
--- /dev/null
+++ b/config/integration/env/configmap.yaml
@@ -0,0 +1,20 @@
+# Copyright 2024 The Atlas Operator Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: "operator-env-configmap"
+data:
+  CONFIGMAP_REF_ENV: "value"
\ No newline at end of file
diff --git a/config/integration/env/kustomization.yaml b/config/integration/env/kustomization.yaml
new file mode 100644
index 00000000..c80d4836
--- /dev/null
+++ b/config/integration/env/kustomization.yaml
@@ -0,0 +1,19 @@
+# Copyright 2023 The Atlas Operator Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## Append samples you want in your CSV to this file as resources ##
+resources:
+  - configmap.yaml
+  - secret.yaml
+#+kubebuilder:scaffold:manifestskustomizesamples
diff --git a/config/integration/env/secret.yaml b/config/integration/env/secret.yaml
new file mode 100644
index 00000000..667dc73d
--- /dev/null
+++ b/config/integration/env/secret.yaml
@@ -0,0 +1,21 @@
+# Copyright 2024 The Atlas Operator Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "operator-env-secret"
+type: Opaque
+data:
+  SECRET_REF_ENV: "dmFsdWU="
\ No newline at end of file
diff --git a/config/integration/env/values.yaml b/config/integration/env/values.yaml
new file mode 100644
index 00000000..dbab8f2c
--- /dev/null
+++ b/config/integration/env/values.yaml
@@ -0,0 +1,27 @@
+# Copyright 2024 The Atlas Operator Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+extraEnvs: 
+  - name: NORMAL_ENV
+    value: "value"
+  - name: SECRET_REF_ENV
+    valueFrom:
+      secretKeyRef:
+        key: SECRET_REF_ENV
+        name: operator-env-secret
+  - name: CONFIGMAP_REF_ENV
+    valueFrom:
+      configMapKeyRef:
+        key: CONFIGMAP_REF_ENV
+        name: operator-env-configmap
\ No newline at end of file