diff --git a/chart/gatekeeper-operator/templates/gatekeeper.yaml b/chart/gatekeeper-operator/templates/gatekeeper.yaml
index b4686b5cadf..aa02fff4449 100644
--- a/chart/gatekeeper-operator/templates/gatekeeper.yaml
+++ b/chart/gatekeeper-operator/templates/gatekeeper.yaml
@@ -444,6 +444,10 @@ spec:
               fieldPath: metadata.name
         image: '{{ .Values.image.repository }}:{{ .Values.image.release }}'
         imagePullPolicy: '{{ .Values.image.pullPolicy }}'
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 9090
         name: manager
         ports:
         - containerPort: 8443
@@ -452,7 +456,14 @@ spec:
         - containerPort: 8888
           name: metrics
           protocol: TCP
-        resources: 
+        - containerPort: 9090
+          name: healthz
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 9090
+        resources:
 {{ toYaml .Values.resources | indent 10 }}
         securityContext:
           allowPrivilegeEscalation: false
@@ -463,7 +474,7 @@ spec:
         - mountPath: /certs
           name: cert
           readOnly: true
-      nodeSelector: 
+      nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 8 }}
       affinity:
 {{ toYaml .Values.affinity | indent 8 }}
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 871002f4c10..6da150552e3 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -36,6 +36,9 @@ spec:
         - containerPort: 8888
           name: metrics
           protocol: TCP
+        - containerPort: 9090
+          name: healthz
+          protocol: TCP
         env:
           - name: POD_NAMESPACE
             valueFrom:
@@ -53,6 +56,14 @@ spec:
           requests:
             cpu: 100m
             memory: 256Mi
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 9090
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 9090
         securityContext:
           runAsUser: 1000
           runAsGroup: 999
diff --git a/deploy/gatekeeper.yaml b/deploy/gatekeeper.yaml
index 6bffde34e5a..bb825858383 100644
--- a/deploy/gatekeeper.yaml
+++ b/deploy/gatekeeper.yaml
@@ -298,6 +298,10 @@ spec:
               fieldPath: metadata.name
         image: quay.io/open-policy-agent/gatekeeper:v3.1.0-beta.2
         imagePullPolicy: Always
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 9090
         name: manager
         ports:
         - containerPort: 8443
@@ -306,6 +310,13 @@ spec:
         - containerPort: 8888
           name: metrics
           protocol: TCP
+        - containerPort: 9090
+          name: healthz
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 9090
         resources:
           limits:
             cpu: 1000m
diff --git a/go.mod b/go.mod
index 379f81670b4..aa01a988c04 100644
--- a/go.mod
+++ b/go.mod
@@ -11,12 +11,15 @@ require (
 	github.com/go-openapi/spec v0.19.4 // indirect
 	github.com/go-openapi/strfmt v0.19.3 // indirect
 	github.com/go-openapi/validate v0.19.4 // indirect
+	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 	github.com/google/go-cmp v0.3.1
 	github.com/onsi/ginkgo v1.10.1 // indirect
 	github.com/onsi/gomega v1.7.0
 	github.com/open-policy-agent/frameworks/constraint v0.0.0-20200106214430-991b84509bcf
 	github.com/open-policy-agent/opa v0.15.0
 	github.com/pkg/errors v0.8.1
+	github.com/spf13/cobra v0.0.5
+	github.com/spf13/pflag v1.0.3
 	go.opencensus.io v0.22.2
 	go.uber.org/zap v1.10.0
 	golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297
diff --git a/main.go b/main.go
index b36edd9d9df..152170f3a13 100644
--- a/main.go
+++ b/main.go
@@ -41,6 +41,7 @@ import (
 	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
 	ctrl "sigs.k8s.io/controller-runtime"
 	k8sCli "sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	crzap "sigs.k8s.io/controller-runtime/pkg/log/zap"
 	// +kubebuilder:scaffold:imports
 )
@@ -52,6 +53,7 @@ var (
 
 var (
 	logLevel    = flag.String("log-level", "INFO", "Minimum log level. For example, DEBUG, INFO, WARNING, ERROR. Defaulted to INFO if unspecified.")
+	healthAddr  = flag.String("health-addr", ":9090", "The address to which the health endpoint binds.")
 	metricsAddr = flag.String("metrics-addr", "0", "The address the metric endpoint binds to.")
 	port        = flag.Int("port", 443, "port for the server. defaulted to 443 if unspecified ")
 	certDir     = flag.String("cert-dir", "/certs", "The directory where certs are stored, defaults to /certs")
@@ -82,11 +84,12 @@ func main() {
 	ctrl.SetLogger(crzap.Logger(true))
 
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
-		Scheme:             scheme,
-		MetricsBindAddress: *metricsAddr,
-		LeaderElection:     false,
-		Port:               *port,
-		CertDir:            *certDir,
+		Scheme:                 scheme,
+		MetricsBindAddress:     *metricsAddr,
+		LeaderElection:         false,
+		Port:                   *port,
+		CertDir:                *certDir,
+		HealthProbeBindAddress: *healthAddr,
 	})
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")
@@ -148,6 +151,15 @@ func main() {
 
 	// +kubebuilder:scaffold:builder
 
+	if err := mgr.AddReadyzCheck("default", healthz.Ping); err != nil {
+		setupLog.Error(err, "unable to create ready check")
+		os.Exit(1)
+	}
+	if err := mgr.AddHealthzCheck("default", healthz.Ping); err != nil {
+		setupLog.Error(err, "unable to create health check")
+		os.Exit(1)
+	}
+
 	setupLog.Info("starting manager")
 	hadError := false
 	if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {