diff --git a/manifests/function/baremetal-operator/entrypoint/dnsmasq-entrypoint b/manifests/function/baremetal-operator/entrypoint/dnsmasq-entrypoint
new file mode 100644
index 000000000..69b0bcff3
--- /dev/null
+++ b/manifests/function/baremetal-operator/entrypoint/dnsmasq-entrypoint
@@ -0,0 +1,9 @@
+#!/usr/bin/bash
+
+cp -f /tftpboot/undionly.kpxe /tftpboot/ipxe.efi /tftpboot/snponly.efi /shared/tftpboot
+cp -f /shared/inspector.ipxe /shared/html/inspector.ipxe
+cp -f /shared/dualboot.ipxe /shared/html/dualboot.ipxe
+cp -f /tmp/uefi_esp.img /shared/html/uefi_esp.img
+
+/bin/runhealthcheck "dnsmasq" &>/dev/null &
+exec /usr/sbin/dnsmasq -d -q -C /shared/dnsmasq.conf
diff --git a/manifests/function/baremetal-operator/entrypoint/httpd-entrypoint b/manifests/function/baremetal-operator/entrypoint/httpd-entrypoint
new file mode 100644
index 000000000..c12441fc2
--- /dev/null
+++ b/manifests/function/baremetal-operator/entrypoint/httpd-entrypoint
@@ -0,0 +1,6 @@
+#!/usr/bin/bash
+
+cp -f /shared/httpd.conf /etc/httpd/conf/httpd.conf
+
+/bin/runhealthcheck "httpd" "80" &>/dev/null &
+exec /usr/sbin/httpd -DFOREGROUND
diff --git a/manifests/function/baremetal-operator/entrypoint/init-bootstrap b/manifests/function/baremetal-operator/entrypoint/init-bootstrap
new file mode 100644
index 000000000..8830561ae
--- /dev/null
+++ b/manifests/function/baremetal-operator/entrypoint/init-bootstrap
@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+set -xe
+
+#Configure vars for rendering
+pushd /ironic-vars
+rm -f /shared/sed_commands
+for var_name in $( ls ) ; do
+    echo -n s!\$\($var_name\)! >> /shared/sed_commands
+    cat $var_name >> /shared/sed_commands
+    echo ! >> /shared/sed_commands
+    export $var_name=$(cat $var_name)
+done
+popd
+
+while ! ip -br addr show | grep -q "$PROVISIONING_IP/"; do
+    echo 'Waiting for provisioning ip'
+    sleep 5;
+done
+
+mkdir -p /shared/{tftpboot,ironic_prometheus_exporter,html/{images,pxelinux.cfg},log/{dnsmasq,httpd,ironic,ironic-inspector/ramdisk,mariadb}/}
+
+# Remove log files from last deployment
+rm -rf /shared/log/httpd/*
+rm -rf /shared/log/ironic/*
+rm -rf /shared/log/ironic-inspector/*
+
+# Rendering files to shared mount
+pushd /cfg
+for f in $( ls ); do
+    sed -f /shared/sed_commands $f > /shared/$f
+done
+popd
+
+pushd /shared/html/images
+STATUSCODE=$(curl --silent --insecure --location -O --write-out "%{http_code}" ${IRONIC_PYTHON_AGENT})
+if test $STATUSCODE -ne 200; then
+    echo "Failed to load ${ARTS[${art}]}"
+    exit 1
+fi
+tar -xf ironic-python-agent.tar
+popd
+
+chmod -R 0777 /shared/html
+
+touch /shared/init_finished
diff --git a/manifests/function/baremetal-operator/entrypoint/inspector-entrypoint b/manifests/function/baremetal-operator/entrypoint/inspector-entrypoint
new file mode 100644
index 000000000..de791960c
--- /dev/null
+++ b/manifests/function/baremetal-operator/entrypoint/inspector-entrypoint
@@ -0,0 +1,5 @@
+#!/usr/bin/bash
+
+exec /usr/bin/ironic-inspector --config-file /etc/ironic-inspector/inspector-dist.conf \
+	--config-file /shared/inspector.conf \
+	--log-file /shared/log/ironic-inspector/ironic-inspector.log
diff --git a/manifests/function/baremetal-operator/entrypoint/ironic-entrypoint b/manifests/function/baremetal-operator/entrypoint/ironic-entrypoint
new file mode 100644
index 000000000..ffd84b808
--- /dev/null
+++ b/manifests/function/baremetal-operator/entrypoint/ironic-entrypoint
@@ -0,0 +1,12 @@
+#!/usr/bin/bash
+
+cp -f /shared/ironic.conf /etc/ironic/ironic.conf
+
+ironic-dbsync --config-file /etc/ironic/ironic.conf upgrade
+
+/usr/bin/ironic-conductor &
+/usr/bin/ironic-api &
+
+/bin/runhealthcheck "ironic" &>/dev/null &
+
+sleep infinity
diff --git a/manifests/function/baremetal-operator/entrypoint/kustomization.yaml b/manifests/function/baremetal-operator/entrypoint/kustomization.yaml
new file mode 100644
index 000000000..f6c84e6c5
--- /dev/null
+++ b/manifests/function/baremetal-operator/entrypoint/kustomization.yaml
@@ -0,0 +1,12 @@
+generatorOptions:
+ disableNameSuffixHash: true
+
+configMapGenerator:
+- name: ironic-entrypoints
+  files:
+    - dnsmasq-entrypoint
+    - httpd-entrypoint
+    - init-bootstrap
+    - inspector-entrypoint
+    - ironic-entrypoint
+    - mariadb-entrypoint
diff --git a/manifests/function/baremetal-operator/entrypoint/mariadb-entrypoint b/manifests/function/baremetal-operator/entrypoint/mariadb-entrypoint
new file mode 100644
index 000000000..63b0d67f3
--- /dev/null
+++ b/manifests/function/baremetal-operator/entrypoint/mariadb-entrypoint
@@ -0,0 +1,18 @@
+#!/usr/bin/bash
+PATH=$PATH:/usr/sbin/
+DATADIR="/var/lib/mysql"
+MARIADB_CONF_FILE="/etc/my.cnf.d/mariadb-server.cnf"
+
+ln -sf /proc/self/fd/1 /var/log/mariadb/mariadb.log
+
+if [ ! -d "${DATADIR}/mysql" ]; then
+    cp -f /shared/my.cnf $MARIADB_CONF_FILE
+    mysql_install_db --datadir="$DATADIR"
+    chown -R mysql "$DATADIR"
+
+    # mysqld_safe closes stdout/stderr if no bash options are set ($- == '')
+    # turn on tracing to prevent this
+    exec bash -x /usr/bin/mysqld_safe --init-file /shared/configure-mysql.sql
+else
+    exec bash -x /usr/bin/mysqld_safe
+fi
diff --git a/manifests/function/baremetal-operator/ironic-pv.yaml b/manifests/function/baremetal-operator/ironic-pv.yaml
new file mode 100644
index 000000000..381f13d88
--- /dev/null
+++ b/manifests/function/baremetal-operator/ironic-pv.yaml
@@ -0,0 +1,26 @@
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: ironic-pv-volume
+spec:
+  storageClassName: default
+  capacity:
+    storage: "10Gi"
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/opt/metal3-dev-env/ironic"
+
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: ironic-pv-claim
+spec:
+  storageClassName: default
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: "10Gi"
diff --git a/manifests/function/baremetal-operator/ironic-vars.yaml b/manifests/function/baremetal-operator/ironic-vars.yaml
index 3bd41f813..df67b81ac 100644
--- a/manifests/function/baremetal-operator/ironic-vars.yaml
+++ b/manifests/function/baremetal-operator/ironic-vars.yaml
@@ -18,4 +18,4 @@ data:
   IRONIC_VOLUME_CAPACITY: "10Gi"
   IRONIC_STORAGE_CLASS_NAME: "default"
   IRONIC_HOST_PATH: "/opt/metal3-dev-env/ironic/"
-  IRONIC_PYTHON_AGENT: "http://192.168.100.1/images/ironic-python-agent.tar"
+  IRONIC_PYTHON_AGENT: "https://images.rdoproject.org/master/rdo_trunk/current-tripleo/ironic-python-agent.tar"
diff --git a/manifests/function/baremetal-operator/ironic.yaml b/manifests/function/baremetal-operator/ironic.yaml
new file mode 100644
index 000000000..6405f033c
--- /dev/null
+++ b/manifests/function/baremetal-operator/ironic.yaml
@@ -0,0 +1,118 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ironic
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: ironic
+  template:
+    metadata:
+      labels:
+        name: ironic
+    spec:
+      hostNetwork: true
+      volumes:
+        - name: ironic-storage
+          persistentVolumeClaim:
+           claimName: ironic-pv-claim
+        - name: ironic-config-files
+          configMap:
+            name: ironic-config-files
+            defaultMode: 0644
+        - name: ironic-entrypoints
+          configMap:
+            name: ironic-entrypoints
+            defaultMode: 0700
+        - name: ironic-vars
+          configMap:
+            name: ironic-vars
+            defaultMode: 0644
+      nodeSelector: {}
+      initContainers:
+        - name: init-bootstrap
+          image: "centos"
+          imagePullPolicy: Always
+          command: ['/bin/init-bootstrap']
+          volumeMounts:
+            - name: ironic-storage
+              mountPath: "/shared"
+            - name: ironic-entrypoints
+              mountPath: /bin/init-bootstrap
+              subPath: init-bootstrap
+            - name: ironic-config-files
+              mountPath: /cfg
+            - name: ironic-vars
+              mountPath: /ironic-vars
+      containers:
+        - name: dnsmasq
+          image: "quay.io/metal3-io/ironic:latest"
+          imagePullPolicy: Always
+          command: ["/bin/rundnsmasq"]
+          securityContext:
+            privileged: true
+          volumeMounts:
+              - mountPath: "/shared"
+                name: ironic-storage
+              - name: ironic-entrypoints
+                mountPath: /bin/rundnsmasq
+                subPath: dnsmasq-entrypoint
+        - name: httpd
+          image: "quay.io/metal3-io/ironic:latest"
+          imagePullPolicy: Always
+          securityContext:
+             capabilities:
+               add: ["NET_ADMIN"]
+          securityContext:
+             capabilities:
+               add: ["NET_ADMIN"]
+          command: ["/bin/runhttpd"]
+          securityContext:
+            privileged: true
+          volumeMounts:
+              - mountPath: "/shared"
+                name: ironic-storage
+              - name: ironic-entrypoints
+                mountPath: /bin/runhttpd
+                subPath: httpd-entrypoint
+        - name: mariadb
+          image: "quay.io/metal3-io/ironic:latest"
+          imagePullPolicy: Always
+          command: ["/bin/runmariadb"]
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: "/shared"
+              name: ironic-storage
+            - mountPath: "/var/lib/mysql"
+              name: ironic-storage
+              subPath: mysql
+            - name: ironic-entrypoints
+              mountPath: /bin/runmariadb
+              subPath: mariadb-entrypoint
+        - name: ironic
+          image: "quay.io/metal3-io/ironic:latest"
+          imagePullPolicy: Always
+          command: ["/bin/runironic"]
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: "/shared"
+              name: ironic-storage
+            - name: ironic-entrypoints
+              mountPath: /bin/runironic
+              subPath: ironic-entrypoint
+        - name: ironic-inspector
+          image: "quay.io/metal3-io/ironic-inspector:latest"
+          imagePullPolicy: Always
+          command: ["/bin/runironic-inspector"]
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: "/shared"
+              name: ironic-storage
+            - name: ironic-entrypoints
+              mountPath: /bin/runironic-inspector
+              subPath: inspector-entrypoint
diff --git a/manifests/function/baremetal-operator/kustomization.yaml b/manifests/function/baremetal-operator/kustomization.yaml
index 7e2a7b5e0..d7bd1c0fd 100644
--- a/manifests/function/baremetal-operator/kustomization.yaml
+++ b/manifests/function/baremetal-operator/kustomization.yaml
@@ -2,8 +2,11 @@ resources:
   - ../../global/crd/baremetal-operator
   - config-file
   - rbac
+  - entrypoint
   - operator.yaml
-  - namespace.yaml
+  - ironic.yaml
+  - ironic-pv.yaml
   - ironic-vars.yaml
+  - namespace.yaml
 
 namespace: metal3
diff --git a/manifests/function/baremetal-operator/operator.yaml b/manifests/function/baremetal-operator/operator.yaml
index 02daceb96..c551c2bd6 100644
--- a/manifests/function/baremetal-operator/operator.yaml
+++ b/manifests/function/baremetal-operator/operator.yaml
@@ -12,6 +12,12 @@ spec:
       labels:
         name: metal3-baremetal-operator
     spec:
+      tolerations:
+      # Mark the pod as a critical add-on for rescheduling.
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
       serviceAccountName: metal3-baremetal-operator
       containers:
         - name: baremetal-operator