diff --git a/Makefile b/Makefile
index 269c6fd..43ae9f0 100644
--- a/Makefile
+++ b/Makefile
@@ -122,6 +122,11 @@ undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/confi
 	cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
 	$(KUSTOMIZE) build config/default | kubectl delete -f -
 
+.PHONY: undeploy-keep-crd
+undeploy-keep-crd: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Prevents down.sh from stomping on other CRD's in the same cluster.
+	cd config/default-keep-crd && $(KUSTOMIZE) edit set namespace ${NAMESPACE}
+	$(KUSTOMIZE) build config/default-keep-crd | kubectl delete -f -
+
 OS := $(shell uname -s | tr '[:upper:]' '[:lower:]')
 ARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')
 
diff --git a/config/default-keep-crd/manager_auth_proxy_patch.yaml b/config/default-keep-crd/manager_auth_proxy_patch.yaml
new file mode 100644
index 0000000..6cf4444
--- /dev/null
+++ b/config/default-keep-crd/manager_auth_proxy_patch.yaml
@@ -0,0 +1,65 @@
+# This patch inject a sidecar container which is a HTTP proxy for the
+# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                - key: kubernetes.io/arch
+                  operator: In
+                  values:
+                    - amd64
+                    - arm64
+                    - ppc64le
+                    - s390x
+                - key: kubernetes.io/os
+                  operator: In
+                  values:
+                    - linux
+      serviceAccountName: controller-manager
+      automountServiceAccountToken: false
+      containers:
+      - name: kube-rbac-proxy
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - "ALL"
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0
+        args:
+        - "--secure-listen-address=0.0.0.0:8443"
+        - "--upstream=http://127.0.0.1:8080/"
+        - "--logtostderr=true"
+        - "--v=0"
+        ports:
+        - containerPort: 8443
+          protocol: TCP
+          name: https
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 5m
+            memory: 64Mi
+      - name: eda-manager
+        args:
+        - "--health-probe-bind-address=:6789"
+        - "--metrics-bind-address=127.0.0.1:8080"
+        - "--leader-elect"
+        - "--leader-election-id=eda-server-operator"
+        resources:
+          limits:
+            cpu: 500m
+            memory: 1500Mi
+          requests:
+            cpu: 5m
+            memory: 64Mi
diff --git a/dev/eda-cr/eda-openshift-cr.yml b/dev/eda-cr/eda-openshift-cr.yml
index fd2c4d5..b70fc05 100644
--- a/dev/eda-cr/eda-openshift-cr.yml
+++ b/dev/eda-cr/eda-openshift-cr.yml
@@ -34,7 +34,7 @@ spec:
       value: "Always"
 
   # CA Bundle
-  bundle_cacert_secret: my-custom-certs
+  # bundle_cacert_secret: my-custom-certs
 
   # -- Resource Requirements
   api:
diff --git a/down.sh b/down.sh
index 2abc99e..ea0f503 100755
--- a/down.sh
+++ b/down.sh
@@ -21,9 +21,23 @@ kubectl delete edarestore --all
 # Delete old operator deployment
 kubectl delete deployment eda-server-operator-controller-manager
 
+# Parse command line arguments
+ALL_FLAG=false
+for arg in "$@"; do
+  case $arg in
+    --all)
+      ALL_FLAG=true
+      shift
+      ;;
+  esac
+done
+
 # Deploy Operator
-make undeploy IMG=$IMG NAMESPACE=$NAMESPACE
+if [ "$ALL_FLAG" = true ]; then
+  make undeploy IMG=$IMG NAMESPACE=$NAMESPACE
+else
+  make undeploy-keep-crd IMG=$IMG NAMESPACE=$NAMESPACE
+fi
 
 # Remove PVCs
 kubectl delete pvc postgres-15-$EDA_CR-postgres-15-0
-
diff --git a/up.sh b/up.sh
index db0e715..3c8e3c2 100755
--- a/up.sh
+++ b/up.sh
@@ -3,6 +3,7 @@
 
 # -- Usage
 #   NAMESPACE=eda TAG=dev QUAY_USER=developer ./up.sh
+#   EDA_CR=dev/eda-cr/eda-k8s-ing.yml ./up.sh
 
 # -- User Variables
 NAMESPACE=${NAMESPACE:-eda}
@@ -10,6 +11,7 @@ QUAY_USER=${QUAY_USER:-developer}
 TAG=${TAG:-$(git rev-parse --short HEAD)}
 DEV_TAG=${DEV_TAG:-dev}
 DEV_TAG_PUSH=${DEV_TAG_PUSH:-true}
+EDA_CR=${EDA_CR:-dev/eda-cr/eda-openshift-cr.yml}
 
 # -- Container Build Engine (podman or docker)
 ENGINE=${ENGINE:-podman}
@@ -111,11 +113,10 @@ fi
 # -- Deploy Operator
 make deploy IMG=$IMG:$TAG NAMESPACE=$NAMESPACE
 
+# -- Print Options for EDA CR
+echo "Available EDA CR files:"
+ls -1 dev/eda-cr
 
 # -- Create CR
-# uncomment the CR you want to use
-$KUBE_APPLY dev/eda-cr/eda-openshift-cr.yml
-# $KUBE_APPLY dev/eda-cr/eda-k8s-ing.yml
-# $KUBE_APPLY dev/eda-cr/eda-k8s-nodeport-cr.yml
-# $KUBE_APPLY dev/eda-cr/eda-resource-quota-cr.yml
-# $KUBE_APPLY dev/eda-cr/lightweight-eda.yml
+echo "Applying EDA CR: $EDA_CR"
+$KUBE_APPLY $EDA_CR