[Feature] [Scheduler] Extract Integration (#1723)

2024-12-14 11:57:37 +00:00 · 2024-09-12 14:45:36 +02:00 · 2024-09-12 14:45:36 +02:00 · c5ffe866a0
commit c5ffe866a0
parent 0d6108158f
29 changed files with 2417 additions and 1993 deletions
--- a/docs/api/ArangoDeployment.V1.md
+++ b/docs/api/ArangoDeployment.V1.md
@ -3045,7 +3045,7 @@ Type: `boolean` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.
 ### .spec.gateway.dynamic
-Type: `boolean` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L38)</sup>
+Type: `boolean` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L36)</sup>
 Dynamic setting enables/disables support dynamic configuration of the gateway in the cluster.
 When enabled, gateway config will be reloaded by ConfigMap live updates.
@ -3056,7 +3056,7 @@ Default Value: `false`
 ### .spec.gateway.enabled
-Type: `boolean` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L33)</sup>
+Type: `boolean` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L31)</sup>
 Enabled setting enables/disables support for gateway in the cluster.
 When enabled, the cluster will contain a number of `gateway` servers.
@ -3067,217 +3067,13 @@ Default Value: `false`
 ### .spec.gateway.image
-Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L42)</sup>
+Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L40)</sup>
 Image is the image to use for the gateway.
 By default, the image is determined by the operator.
 ***
 ### .spec.gateway.sidecar.args
 Type: `array` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L54)</sup>
 Arguments to the entrypoint.
 The container image's CMD is used if this is not provided.
 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
 of whether the variable exists or not. Cannot be updated.
 Links:
 * [Kubernetes Docs](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
 ***
 ### .spec.gateway.sidecar.command
 Type: `array` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L44)</sup>
 Entrypoint array. Not executed within a shell.
 The container image's ENTRYPOINT is used if this is not provided.
 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
 of whether the variable exists or not. Cannot be updated.
 Links:
 * [Kubernetes Docs](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
 ***
 ### .spec.gateway.sidecar.controllerListenPort
 Type: `integer` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/integration/integration.go#L36)</sup>
 ControllerListenPort defines on which port the sidecar container will be listening for controller requests
 Default Value: `9202`
 ***
 ### .spec.gateway.sidecar.env
 Type: `core.EnvVar` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/environments.go#L36)</sup>
 Env keeps the information about environment variables provided to the container
 Links:
 * [Kubernetes Docs](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#envvar-v1-core)
 ***
 ### .spec.gateway.sidecar.envFrom
 Type: `core.EnvFromSource` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/environments.go#L41)</sup>
 EnvFrom keeps the information about environment variable sources provided to the container
 Links:
 * [Kubernetes Docs](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#envfromsource-v1-core)
 ***
 ### .spec.gateway.sidecar.image
 Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/image.go#L35)</sup>
 Image define image details
 ***
 ### .spec.gateway.sidecar.imagePullPolicy
 Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/image.go#L39)</sup>
 ImagePullPolicy define Image pull policy
 Default Value: `IfNotPresent`
 ***
 ### .spec.gateway.sidecar.lifecycle
 Type: `core.Lifecycle` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/lifecycle.go#L35)</sup>
 Lifecycle keeps actions that the management system should take in response to container lifecycle events.
 ***
 ### .spec.gateway.sidecar.listenPort
 Type: `integer` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/integration/integration.go#L32)</sup>
 ListenPort defines on which port the sidecar container will be listening for connections
 Default Value: `9201`
 ***
 ### .spec.gateway.sidecar.livenessProbe
 Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L37)</sup>
 LivenessProbe keeps configuration of periodic probe of container liveness.
 Container will be restarted if the probe fails.
 Links:
 * [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
 ***
 ### .spec.gateway.sidecar.method
 Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/policy/merge.go#L32)</sup>
 Method defines the merge method
 Possible Values: 
 * `"override"` (default) - Overrides values during configuration merge
 * `"append"` - Appends, if possible, values during configuration merge
 ***
 ### .spec.gateway.sidecar.ports
 Type: `[]core.ContainerPort` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/networking.go#L39)</sup>
 Ports contains list of ports to expose from the container. Not specifying a port here
 DOES NOT prevent that port from being exposed. Any port which is
 listening on the default "0.0.0.0" address inside a container will be
 accessible from the network.
 ***
 ### .spec.gateway.sidecar.readinessProbe
 Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L42)</sup>
 ReadinessProbe keeps configuration of periodic probe of container service readiness.
 Container will be removed from service endpoints if the probe fails.
 Links:
 * [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
 ***
 ### .spec.gateway.sidecar.resources
 Type: `core.ResourceRequirements` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/resources.go#L37)</sup>
 Resources holds resource requests & limits for container
 Links:
 * [Documentation of core.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#resourcerequirements-v1-core)
 ***
 ### .spec.gateway.sidecar.securityContext
 Type: `core.SecurityContext` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/security.go#L35)</sup>
 SecurityContext holds container-level security attributes and common container settings.
 Links:
 * [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
 ***
 ### .spec.gateway.sidecar.startupProbe
 Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L50)</sup>
 StartupProbe indicates that the Pod has successfully initialized.
 If specified, no other probes are executed until this completes successfully.
 If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
 This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
 when it might take a long time to load data or warm a cache, than during steady-state operation.
 Links:
 * [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
 ***
 ### .spec.gateway.sidecar.volumeMounts
 Type: `[]core.VolumeMount` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/volume_mounts.go#L35)</sup>
 VolumeMounts keeps list of pod volumes to mount into the container's filesystem.
 ***
 ### .spec.gateway.sidecar.workingDir
 Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L59)</sup>
 Container's working directory.
 If not specified, the container runtime's default will be used, which
 might be configured in the container image.
 ***
 ### .spec.gateways.affinity
 Type: `core.PodAffinity` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/server_group_spec.go#L156)</sup>
@ -4478,6 +4274,210 @@ ImagePullSecrets specifies the list of image pull secrets for the docker image t
 ***
 ### .spec.integration.sidecar.args
 Type: `array` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L54)</sup>
 Arguments to the entrypoint.
 The container image's CMD is used if this is not provided.
 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
 of whether the variable exists or not. Cannot be updated.
 Links:
 * [Kubernetes Docs](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
 ***
 ### .spec.integration.sidecar.command
 Type: `array` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L44)</sup>
 Entrypoint array. Not executed within a shell.
 The container image's ENTRYPOINT is used if this is not provided.
 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
 of whether the variable exists or not. Cannot be updated.
 Links:
 * [Kubernetes Docs](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
 ***
 ### .spec.integration.sidecar.controllerListenPort
 Type: `integer` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/integration/integration.go#L36)</sup>
 ControllerListenPort defines on which port the sidecar container will be listening for controller requests
 Default Value: `9202`
 ***
 ### .spec.integration.sidecar.env
 Type: `core.EnvVar` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/environments.go#L36)</sup>
 Env keeps the information about environment variables provided to the container
 Links:
 * [Kubernetes Docs](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#envvar-v1-core)
 ***
 ### .spec.integration.sidecar.envFrom
 Type: `core.EnvFromSource` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/environments.go#L41)</sup>
 EnvFrom keeps the information about environment variable sources provided to the container
 Links:
 * [Kubernetes Docs](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#envfromsource-v1-core)
 ***
 ### .spec.integration.sidecar.image
 Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/image.go#L35)</sup>
 Image define image details
 ***
 ### .spec.integration.sidecar.imagePullPolicy
 Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/image.go#L39)</sup>
 ImagePullPolicy define Image pull policy
 Default Value: `IfNotPresent`
 ***
 ### .spec.integration.sidecar.lifecycle
 Type: `core.Lifecycle` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/lifecycle.go#L35)</sup>
 Lifecycle keeps actions that the management system should take in response to container lifecycle events.
 ***
 ### .spec.integration.sidecar.listenPort
 Type: `integer` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/integration/integration.go#L32)</sup>
 ListenPort defines on which port the sidecar container will be listening for connections
 Default Value: `9201`
 ***
 ### .spec.integration.sidecar.livenessProbe
 Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L37)</sup>
 LivenessProbe keeps configuration of periodic probe of container liveness.
 Container will be restarted if the probe fails.
 Links:
 * [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
 ***
 ### .spec.integration.sidecar.method
 Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/policy/merge.go#L32)</sup>
 Method defines the merge method
 Possible Values: 
 * `"override"` (default) - Overrides values during configuration merge
 * `"append"` - Appends, if possible, values during configuration merge
 ***
 ### .spec.integration.sidecar.ports
 Type: `[]core.ContainerPort` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/networking.go#L39)</sup>
 Ports contains list of ports to expose from the container. Not specifying a port here
 DOES NOT prevent that port from being exposed. Any port which is
 listening on the default "0.0.0.0" address inside a container will be
 accessible from the network.
 ***
 ### .spec.integration.sidecar.readinessProbe
 Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L42)</sup>
 ReadinessProbe keeps configuration of periodic probe of container service readiness.
 Container will be removed from service endpoints if the probe fails.
 Links:
 * [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
 ***
 ### .spec.integration.sidecar.resources
 Type: `core.ResourceRequirements` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/resources.go#L37)</sup>
 Resources holds resource requests & limits for container
 Links:
 * [Documentation of core.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#resourcerequirements-v1-core)
 ***
 ### .spec.integration.sidecar.securityContext
 Type: `core.SecurityContext` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/security.go#L35)</sup>
 SecurityContext holds container-level security attributes and common container settings.
 Links:
 * [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
 ***
 ### .spec.integration.sidecar.startupProbe
 Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L50)</sup>
 StartupProbe indicates that the Pod has successfully initialized.
 If specified, no other probes are executed until this completes successfully.
 If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
 This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
 when it might take a long time to load data or warm a cache, than during steady-state operation.
 Links:
 * [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
 ***
 ### .spec.integration.sidecar.volumeMounts
 Type: `[]core.VolumeMount` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/volume_mounts.go#L35)</sup>
 VolumeMounts keeps list of pod volumes to mount into the container's filesystem.
 ***
 ### .spec.integration.sidecar.workingDir
 Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L59)</sup>
 Container's working directory.
 If not specified, the container runtime's default will be used, which
 might be configured in the container image.
 ***
 ### .spec.labels
 Type: `object` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec.go#L127)</sup>
--- a/docs/cli/arangodb_operator_integration.md
+++ b/docs/cli/arangodb_operator_integration.md
@ -18,65 +18,65 @@ Available Commands:
  help        Help about any command
 Flags:
-      --health.address string                                      Address to expose health service (default "0.0.0.0:9091")
+      --health.address string                                      Address to expose health service (Env: HEALTH_ADDRESS) (default "0.0.0.0:9091")
-      --health.auth.token string                                   Token for health service (when auth service is token)
+      --health.auth.token string                                   Token for health service (when auth service is token) (Env: HEALTH_AUTH_TOKEN)
-      --health.auth.type string                                    Auth type for health service (default "None")
+      --health.auth.type string                                    Auth type for health service (Env: HEALTH_AUTH_TYPE) (default "None")
-      --health.shutdown.enabled                                    Determines if shutdown service should be enabled and exposed (default true)
+      --health.shutdown.enabled                                    Determines if shutdown service should be enabled and exposed (Env: HEALTH_SHUTDOWN_ENABLED) (default true)
-      --health.tls.keyfile string                                  Path to the keyfile
+      --health.tls.keyfile string                                  Path to the keyfile (Env: HEALTH_TLS_KEYFILE)
  -h, --help                                                       help for arangodb_operator_integration
-      --integration.authentication.v1                              Enable AuthenticationV1 Integration Service
+      --integration.authentication.v1                              Enable AuthenticationV1 Integration Service (Env: INTEGRATION_AUTHENTICATION_V1)
-      --integration.authentication.v1.enabled                      Defines if Authentication is enabled (default true)
+      --integration.authentication.v1.enabled                      Defines if Authentication is enabled (Env: INTEGRATION_AUTHENTICATION_V1_ENABLED) (default true)
-      --integration.authentication.v1.external                     Defones if External access to service authentication.v1 is enabled
+      --integration.authentication.v1.external                     Defones if External access to service authentication.v1 is enabled (Env: INTEGRATION_AUTHENTICATION_V1_EXTERNAL)
-      --integration.authentication.v1.internal                     Defones if Internal access to service authentication.v1 is enabled (default true)
+      --integration.authentication.v1.internal                     Defones if Internal access to service authentication.v1 is enabled (Env: INTEGRATION_AUTHENTICATION_V1_INTERNAL) (default true)
-      --integration.authentication.v1.path string                  Path to the JWT Folder
+      --integration.authentication.v1.path string                  Path to the JWT Folder (Env: INTEGRATION_AUTHENTICATION_V1_PATH)
-      --integration.authentication.v1.token.allowed strings        Allowed users for the Token
+      --integration.authentication.v1.token.allowed strings        Allowed users for the Token (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_ALLOWED)
-      --integration.authentication.v1.token.max-size uint16        Max Token max size in bytes (default 64)
+      --integration.authentication.v1.token.max-size uint16        Max Token max size in bytes (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_MAX_SIZE) (default 64)
-      --integration.authentication.v1.token.ttl.default duration   Default Token TTL (default 1h0m0s)
+      --integration.authentication.v1.token.ttl.default duration   Default Token TTL (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_TTL_DEFAULT) (default 1h0m0s)
-      --integration.authentication.v1.token.ttl.max duration       Max Token TTL (default 1h0m0s)
+      --integration.authentication.v1.token.ttl.max duration       Max Token TTL (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_TTL_MAX) (default 1h0m0s)
-      --integration.authentication.v1.token.ttl.min duration       Min Token TTL (default 1m0s)
+      --integration.authentication.v1.token.ttl.min duration       Min Token TTL (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_TTL_MIN) (default 1m0s)
-      --integration.authentication.v1.token.user string            Default user of the Token (default "root")
+      --integration.authentication.v1.token.user string            Default user of the Token (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_USER) (default "root")
-      --integration.authentication.v1.ttl duration                 TTL of the JWT cache (default 15s)
+      --integration.authentication.v1.ttl duration                 TTL of the JWT cache (Env: INTEGRATION_AUTHENTICATION_V1_TTL) (default 15s)
-      --integration.authorization.v0                               Enable AuthorizationV0 Integration Service
+      --integration.authorization.v0                               Enable AuthorizationV0 Integration Service (Env: INTEGRATION_AUTHORIZATION_V0)
-      --integration.authorization.v0.external                      Defones if External access to service authorization.v0 is enabled
+      --integration.authorization.v0.external                      Defones if External access to service authorization.v0 is enabled (Env: INTEGRATION_AUTHORIZATION_V0_EXTERNAL)
-      --integration.authorization.v0.internal                      Defones if Internal access to service authorization.v0 is enabled (default true)
+      --integration.authorization.v0.internal                      Defones if Internal access to service authorization.v0 is enabled (Env: INTEGRATION_AUTHORIZATION_V0_INTERNAL) (default true)
-      --integration.config.v1                                      Enable ConfigV1 Integration Service
+      --integration.config.v1                                      Enable ConfigV1 Integration Service (Env: INTEGRATION_CONFIG_V1)
-      --integration.config.v1.external                             Defones if External access to service config.v1 is enabled
+      --integration.config.v1.external                             Defones if External access to service config.v1 is enabled (Env: INTEGRATION_CONFIG_V1_EXTERNAL)
-      --integration.config.v1.internal                             Defones if Internal access to service config.v1 is enabled (default true)
+      --integration.config.v1.internal                             Defones if Internal access to service config.v1 is enabled (Env: INTEGRATION_CONFIG_V1_INTERNAL) (default true)
-      --integration.config.v1.module strings                       Module in the reference <name>=<abs path>
+      --integration.config.v1.module strings                       Module in the reference <name>=<abs path> (Env: INTEGRATION_CONFIG_V1_MODULE)
-      --integration.envoy.auth.v3                                  Enable EnvoyAuthV3 Integration Service
+      --integration.envoy.auth.v3                                  Enable EnvoyAuthV3 Integration Service (Env: INTEGRATION_ENVOY_AUTH_V3)
-      --integration.envoy.auth.v3.external                         Defones if External access to service envoy.auth.v3 is enabled
+      --integration.envoy.auth.v3.external                         Defones if External access to service envoy.auth.v3 is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_EXTERNAL)
-      --integration.envoy.auth.v3.internal                         Defones if Internal access to service envoy.auth.v3 is enabled (default true)
+      --integration.envoy.auth.v3.internal                         Defones if Internal access to service envoy.auth.v3 is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_INTERNAL) (default true)
-      --integration.scheduler.v1                                   SchedulerV1 Integration
+      --integration.scheduler.v1                                   SchedulerV1 Integration (Env: INTEGRATION_SCHEDULER_V1)
-      --integration.scheduler.v1.external                          Defones if External access to service scheduler.v1 is enabled
+      --integration.scheduler.v1.external                          Defones if External access to service scheduler.v1 is enabled (Env: INTEGRATION_SCHEDULER_V1_EXTERNAL)
-      --integration.scheduler.v1.internal                          Defones if Internal access to service scheduler.v1 is enabled (default true)
+      --integration.scheduler.v1.internal                          Defones if Internal access to service scheduler.v1 is enabled (Env: INTEGRATION_SCHEDULER_V1_INTERNAL) (default true)
-      --integration.scheduler.v1.namespace string                  Kubernetes Namespace (default "default")
+      --integration.scheduler.v1.namespace string                  Kubernetes Namespace (Env: INTEGRATION_SCHEDULER_V1_NAMESPACE) (default "default")
-      --integration.scheduler.v1.verify-access                     Verify the CRD Access (default true)
+      --integration.scheduler.v1.verify-access                     Verify the CRD Access (Env: INTEGRATION_SCHEDULER_V1_VERIFY_ACCESS) (default true)
-      --integration.shutdown.v1                                    ShutdownV1 Handler
+      --integration.shutdown.v1                                    ShutdownV1 Handler (Env: INTEGRATION_SHUTDOWN_V1)
-      --integration.shutdown.v1.external                           Defones if External access to service shutdown.v1 is enabled
+      --integration.shutdown.v1.external                           Defones if External access to service shutdown.v1 is enabled (Env: INTEGRATION_SHUTDOWN_V1_EXTERNAL)
-      --integration.shutdown.v1.internal                           Defones if Internal access to service shutdown.v1 is enabled (default true)
+      --integration.shutdown.v1.internal                           Defones if Internal access to service shutdown.v1 is enabled (Env: INTEGRATION_SHUTDOWN_V1_INTERNAL) (default true)
-      --integration.storage.v1                                     StorageBucket Integration
+      --integration.storage.v1                                     StorageBucket Integration (Env: INTEGRATION_STORAGE_V1)
-      --integration.storage.v1.external                            Defones if External access to service storage.v1 is enabled
+      --integration.storage.v1.external                            Defones if External access to service storage.v1 is enabled (Env: INTEGRATION_STORAGE_V1_EXTERNAL)
-      --integration.storage.v1.internal                            Defones if Internal access to service storage.v1 is enabled (default true)
+      --integration.storage.v1.internal                            Defones if Internal access to service storage.v1 is enabled (Env: INTEGRATION_STORAGE_V1_INTERNAL) (default true)
-      --integration.storage.v1.s3.access-key string                Path to file containing S3 AccessKey
+      --integration.storage.v1.s3.access-key string                Path to file containing S3 AccessKey (Env: INTEGRATION_STORAGE_V1_S3_ACCESS_KEY)
-      --integration.storage.v1.s3.allow-insecure                   If set to true, the Endpoint certificates won't be checked
+      --integration.storage.v1.s3.allow-insecure                   If set to true, the Endpoint certificates won't be checked (Env: INTEGRATION_STORAGE_V1_S3_ALLOW_INSECURE)
-      --integration.storage.v1.s3.bucket string                    Bucket name
+      --integration.storage.v1.s3.bucket string                    Bucket name (Env: INTEGRATION_STORAGE_V1_S3_BUCKET)
-      --integration.storage.v1.s3.ca-crt string                    Path to file containing CA certificate to validate endpoint connection
+      --integration.storage.v1.s3.ca-crt string                    Path to file containing CA certificate to validate endpoint connection (Env: INTEGRATION_STORAGE_V1_S3_CA_CRT)
-      --integration.storage.v1.s3.ca-key string                    Path to file containing keyfile to validate endpoint connection
+      --integration.storage.v1.s3.ca-key string                    Path to file containing keyfile to validate endpoint connection (Env: INTEGRATION_STORAGE_V1_S3_CA_KEY)
-      --integration.storage.v1.s3.disable-ssl                      If set to true, the SSL won't be used when connecting to Endpoint
+      --integration.storage.v1.s3.disable-ssl                      If set to true, the SSL won't be used when connecting to Endpoint (Env: INTEGRATION_STORAGE_V1_S3_DISABLE_SSL)
-      --integration.storage.v1.s3.endpoint string                  Endpoint of S3 API implementation
+      --integration.storage.v1.s3.endpoint string                  Endpoint of S3 API implementation (Env: INTEGRATION_STORAGE_V1_S3_ENDPOINT)
-      --integration.storage.v1.s3.region string                    Region
+      --integration.storage.v1.s3.region string                    Region (Env: INTEGRATION_STORAGE_V1_S3_REGION)
-      --integration.storage.v1.s3.secret-key string                Path to file containing S3 SecretKey
+      --integration.storage.v1.s3.secret-key string                Path to file containing S3 SecretKey (Env: INTEGRATION_STORAGE_V1_S3_SECRET_KEY)
-      --integration.storage.v1.type string                         Type of the Storage Integration (default "s3")
+      --integration.storage.v1.type string                         Type of the Storage Integration (Env: INTEGRATION_STORAGE_V1_TYPE) (default "s3")
-      --services.address string                                    Address to expose internal services (default "127.0.0.1:9092")
+      --services.address string                                    Address to expose internal services (Env: SERVICES_ADDRESS) (default "127.0.0.1:9092")
-      --services.auth.token string                                 Token for internal service (when auth service is token)
+      --services.auth.token string                                 Token for internal service (when auth service is token) (Env: SERVICES_AUTH_TOKEN)
-      --services.auth.type string                                  Auth type for internal service (default "None")
+      --services.auth.type string                                  Auth type for internal service (Env: SERVICES_AUTH_TYPE) (default "None")
-      --services.enabled                                           Defines if internal access is enabled (default true)
+      --services.enabled                                           Defines if internal access is enabled (Env: SERVICES_ENABLED) (default true)
-      --services.external.address string                           Address to expose external services (default "0.0.0.0:9093")
+      --services.external.address string                           Address to expose external services (Env: SERVICES_EXTERNAL_ADDRESS) (default "0.0.0.0:9093")
-      --services.external.auth.token string                        Token for external service (when auth service is token)
+      --services.external.auth.token string                        Token for external service (when auth service is token) (Env: SERVICES_EXTERNAL_AUTH_TOKEN)
-      --services.external.auth.type string                         Auth type for external service (default "None")
+      --services.external.auth.type string                         Auth type for external service (Env: SERVICES_EXTERNAL_AUTH_TYPE) (default "None")
-      --services.external.enabled                                  Defines if external access is enabled
+      --services.external.enabled                                  Defines if external access is enabled (Env: SERVICES_EXTERNAL_ENABLED)
-      --services.external.tls.keyfile string                       Path to the keyfile
+      --services.external.tls.keyfile string                       Path to the keyfile (Env: SERVICES_EXTERNAL_TLS_KEYFILE)
-      --services.tls.keyfile string                                Path to the keyfile
+      --services.tls.keyfile string                                Path to the keyfile (Env: SERVICES_TLS_KEYFILE)
 Use "arangodb_operator_integration [command] --help" for more information about a command.
 ```
--- a/pkg/apis/deployment/v1/deployment_spec.go
+++ b/pkg/apis/deployment/v1/deployment_spec.go
@ -262,6 +262,9 @@ type DeploymentSpec struct {
 	// Gateway defined main Gateway configuration.
 	Gateway *DeploymentSpecGateway `json:"gateway,omitempty"`
 	// Integration defined main Integration configuration.
 	Integration *DeploymentSpecIntegration `json:"integration,omitempty"`
 }
 // GetAllowMemberRecreation returns member recreation policy based on group and settings
@ -582,7 +585,10 @@ func (s *DeploymentSpec) Validate() error {
 		return errors.WithStack(errors.Wrap(err, "spec.architecture"))
 	}
 	if err := s.Gateway.Validate(); err != nil {
-		return errors.WithStack(errors.Wrap(err, "spec.architecture"))
+		return errors.WithStack(errors.Wrap(err, "spec.gateway"))
 	}
 	if err := s.Integration.Validate(); err != nil {
 		return errors.WithStack(errors.Wrap(err, "spec.integration"))
 	}
 	return nil
 }
--- a/pkg/apis/deployment/v1/deployment_spec_gateway.go
+++ b/pkg/apis/deployment/v1/deployment_spec_gateway.go
@ -21,8 +21,6 @@
 package v1
 import (
 	schedulerIntegrationApi "github.com/arangodb/kube-arangodb/pkg/apis/scheduler/v1beta1/integration"
 	shared "github.com/arangodb/kube-arangodb/pkg/apis/shared"
 	"github.com/arangodb/kube-arangodb/pkg/util"
 )
@ -40,9 +38,6 @@ type DeploymentSpecGateway struct {
 	// Image is the image to use for the gateway.
 	// By default, the image is determined by the operator.
 	Image *string `json:"image"`
 	// Sidecar define the integration sidecar spec
 	Sidecar *schedulerIntegrationApi.Sidecar `json:"sidecar,omitempty"`
 }
 // IsEnabled returns whether the gateway is enabled.
@ -63,22 +58,9 @@ func (d *DeploymentSpecGateway) IsDynamic() bool {
 	return *d.Dynamic
 }
 func (d *DeploymentSpecGateway) GetSidecar() *schedulerIntegrationApi.Sidecar {
 	if d == nil || d.Sidecar == nil {
 		return nil
 	}
 	return d.Sidecar
 }
 // Validate the given spec
 func (d *DeploymentSpecGateway) Validate() error {
-	if d == nil {
+	return nil
 		d = &DeploymentSpecGateway{}
 	}
 	return shared.WithErrors(
 		shared.PrefixResourceErrors("integrationSidecar", d.GetSidecar().Validate()),
 	)
 }
 // GetImage returns the image to use for the gateway.
--- a/pkg/apis/deployment/v1/deployment_spec_integration.go
+++ b/pkg/apis/deployment/v1/deployment_spec_integration.go
@ -0,0 +1,49 @@
 //
 // DISCLAIMER
 //
 // Copyright 2024 ArangoDB GmbH, Cologne, Germany
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 // http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 // Copyright holder is ArangoDB GmbH, Cologne, Germany
 //
 package v1
 import (
 	schedulerIntegrationApi "github.com/arangodb/kube-arangodb/pkg/apis/scheduler/v1beta1/integration"
 	shared "github.com/arangodb/kube-arangodb/pkg/apis/shared"
 )
 type DeploymentSpecIntegration struct {
 	// Sidecar define the integration sidecar spec
 	Sidecar *schedulerIntegrationApi.Sidecar `json:"sidecar,omitempty"`
 }
 func (d *DeploymentSpecIntegration) GetSidecar() *schedulerIntegrationApi.Sidecar {
 	if d == nil || d.Sidecar == nil {
 		return nil
 	}
 	return d.Sidecar
 }
 // Validate the given spec
 func (d *DeploymentSpecIntegration) Validate() error {
 	if d == nil {
 		d = &DeploymentSpecIntegration{}
 	}
 	return shared.WithErrors(
 		shared.PrefixResourceErrors("sidecar", d.GetSidecar().Validate()),
 	)
 }
--- a/pkg/apis/deployment/v1/zz_generated.deepcopy.go
+++ b/pkg/apis/deployment/v1/zz_generated.deepcopy.go
@ -1159,6 +1159,11 @@ func (in *DeploymentSpec) DeepCopyInto(out *DeploymentSpec) {
 		*out = new(DeploymentSpecGateway)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.Integration != nil {
 		in, out := &in.Integration, &out.Integration
 		*out = new(DeploymentSpecIntegration)
 		(*in).DeepCopyInto(*out)
 	}
 	return
 }
@ -1190,11 +1195,6 @@ func (in *DeploymentSpecGateway) DeepCopyInto(out *DeploymentSpecGateway) {
 		*out = new(string)
 		**out = **in
 	}
 	if in.Sidecar != nil {
 		in, out := &in.Sidecar, &out.Sidecar
 		*out = new(integration.Sidecar)
 		(*in).DeepCopyInto(*out)
 	}
 	return
 }
@ -1208,6 +1208,27 @@ func (in *DeploymentSpecGateway) DeepCopy() *DeploymentSpecGateway {
 	return out
 }
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *DeploymentSpecIntegration) DeepCopyInto(out *DeploymentSpecIntegration) {
 	*out = *in
 	if in.Sidecar != nil {
 		in, out := &in.Sidecar, &out.Sidecar
 		*out = new(integration.Sidecar)
 		(*in).DeepCopyInto(*out)
 	}
 	return
 }
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentSpecIntegration.
 func (in *DeploymentSpecIntegration) DeepCopy() *DeploymentSpecIntegration {
 	if in == nil {
 		return nil
 	}
 	out := new(DeploymentSpecIntegration)
 	in.DeepCopyInto(out)
 	return out
 }
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *DeploymentStatus) DeepCopyInto(out *DeploymentStatus) {
 	*out = *in
--- a/pkg/apis/deployment/v2alpha1/deployment_spec.go
+++ b/pkg/apis/deployment/v2alpha1/deployment_spec.go
@ -262,6 +262,9 @@ type DeploymentSpec struct {
 	// Gateway defined main Gateway configuration.
 	Gateway *DeploymentSpecGateway `json:"gateway,omitempty"`
 	// Integration defined main Integration configuration.
 	Integration *DeploymentSpecIntegration `json:"integration,omitempty"`
 }
 // GetAllowMemberRecreation returns member recreation policy based on group and settings
@ -582,7 +585,10 @@ func (s *DeploymentSpec) Validate() error {
 		return errors.WithStack(errors.Wrap(err, "spec.architecture"))
 	}
 	if err := s.Gateway.Validate(); err != nil {
-		return errors.WithStack(errors.Wrap(err, "spec.architecture"))
+		return errors.WithStack(errors.Wrap(err, "spec.gateway"))
 	}
 	if err := s.Integration.Validate(); err != nil {
 		return errors.WithStack(errors.Wrap(err, "spec.integration"))
 	}
 	return nil
 }
--- a/pkg/apis/deployment/v2alpha1/deployment_spec_gateway.go
+++ b/pkg/apis/deployment/v2alpha1/deployment_spec_gateway.go
@ -21,8 +21,6 @@
 package v2alpha1
 import (
 	schedulerIntegrationApi "github.com/arangodb/kube-arangodb/pkg/apis/scheduler/v1beta1/integration"
 	shared "github.com/arangodb/kube-arangodb/pkg/apis/shared"
 	"github.com/arangodb/kube-arangodb/pkg/util"
 )
@ -40,9 +38,6 @@ type DeploymentSpecGateway struct {
 	// Image is the image to use for the gateway.
 	// By default, the image is determined by the operator.
 	Image *string `json:"image"`
 	// Sidecar define the integration sidecar spec
 	Sidecar *schedulerIntegrationApi.Sidecar `json:"sidecar,omitempty"`
 }
 // IsEnabled returns whether the gateway is enabled.
@ -63,22 +58,9 @@ func (d *DeploymentSpecGateway) IsDynamic() bool {
 	return *d.Dynamic
 }
 func (d *DeploymentSpecGateway) GetSidecar() *schedulerIntegrationApi.Sidecar {
 	if d == nil || d.Sidecar == nil {
 		return nil
 	}
 	return d.Sidecar
 }
 // Validate the given spec
 func (d *DeploymentSpecGateway) Validate() error {
-	if d == nil {
+	return nil
 		d = &DeploymentSpecGateway{}
 	}
 	return shared.WithErrors(
 		shared.PrefixResourceErrors("integrationSidecar", d.GetSidecar().Validate()),
 	)
 }
 // GetImage returns the image to use for the gateway.
--- a/pkg/apis/deployment/v2alpha1/deployment_spec_integration.go
+++ b/pkg/apis/deployment/v2alpha1/deployment_spec_integration.go
@ -0,0 +1,49 @@
 //
 // DISCLAIMER
 //
 // Copyright 2024 ArangoDB GmbH, Cologne, Germany
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 // http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 // Copyright holder is ArangoDB GmbH, Cologne, Germany
 //
 package v2alpha1
 import (
 	schedulerIntegrationApi "github.com/arangodb/kube-arangodb/pkg/apis/scheduler/v1beta1/integration"
 	shared "github.com/arangodb/kube-arangodb/pkg/apis/shared"
 )
 type DeploymentSpecIntegration struct {
 	// Sidecar define the integration sidecar spec
 	Sidecar *schedulerIntegrationApi.Sidecar `json:"sidecar,omitempty"`
 }
 func (d *DeploymentSpecIntegration) GetSidecar() *schedulerIntegrationApi.Sidecar {
 	if d == nil || d.Sidecar == nil {
 		return nil
 	}
 	return d.Sidecar
 }
 // Validate the given spec
 func (d *DeploymentSpecIntegration) Validate() error {
 	if d == nil {
 		d = &DeploymentSpecIntegration{}
 	}
 	return shared.WithErrors(
 		shared.PrefixResourceErrors("sidecar", d.GetSidecar().Validate()),
 	)
 }
--- a/pkg/apis/deployment/v2alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/deployment/v2alpha1/zz_generated.deepcopy.go
@ -1159,6 +1159,11 @@ func (in *DeploymentSpec) DeepCopyInto(out *DeploymentSpec) {
 		*out = new(DeploymentSpecGateway)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.Integration != nil {
 		in, out := &in.Integration, &out.Integration
 		*out = new(DeploymentSpecIntegration)
 		(*in).DeepCopyInto(*out)
 	}
 	return
 }
@ -1190,11 +1195,6 @@ func (in *DeploymentSpecGateway) DeepCopyInto(out *DeploymentSpecGateway) {
 		*out = new(string)
 		**out = **in
 	}
 	if in.Sidecar != nil {
 		in, out := &in.Sidecar, &out.Sidecar
 		*out = new(integration.Sidecar)
 		(*in).DeepCopyInto(*out)
 	}
 	return
 }
@ -1208,6 +1208,27 @@ func (in *DeploymentSpecGateway) DeepCopy() *DeploymentSpecGateway {
 	return out
 }
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *DeploymentSpecIntegration) DeepCopyInto(out *DeploymentSpecIntegration) {
 	*out = *in
 	if in.Sidecar != nil {
 		in, out := &in.Sidecar, &out.Sidecar
 		*out = new(integration.Sidecar)
 		(*in).DeepCopyInto(*out)
 	}
 	return
 }
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentSpecIntegration.
 func (in *DeploymentSpecIntegration) DeepCopy() *DeploymentSpecIntegration {
 	if in == nil {
 		return nil
 	}
 	out := new(DeploymentSpecIntegration)
 	in.DeepCopyInto(out)
 	return out
 }
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *DeploymentStatus) DeepCopyInto(out *DeploymentStatus) {
 	*out = *in
--- a/pkg/crd/crds/database-deployment.schema.generated.yaml
+++ b/pkg/crd/crds/database-deployment.schema.generated.yaml
--- a/pkg/deployment/resources/config_map_gateway.go
+++ b/pkg/deployment/resources/config_map_gateway.go
@ -135,7 +135,7 @@ func (r *Resources) renderGatewayConfig(cachedStatus inspectorInterface.Inspecto
 	cfg.IntegrationSidecar = &gateway.ConfigDestinationTarget{
 		Host: "127.0.0.1",
-		Port: int32(r.context.GetSpec().Gateway.GetSidecar().GetListenPort()),
+		Port: int32(r.context.GetSpec().Integration.GetSidecar().GetListenPort()),
 	}
 	cfg.DefaultDestination = gateway.ConfigDestination{
--- a/pkg/deployment/resources/pod_creator_gateway_pod.go
+++ b/pkg/deployment/resources/pod_creator_gateway_pod.go
@ -238,7 +238,13 @@ func (m *MemberGatewayPod) Labels() map[string]string {
 func (m *MemberGatewayPod) Profiles() (schedulerApi.ProfileTemplates, error) {
 	integration, err := sidecar.NewIntegration(&schedulerContainerResourcesApi.Image{
 		Image: util.NewType(m.resources.context.GetOperatorImage()),
-	}, m.spec.Gateway.GetSidecar(), []string{shared.ServerContainerName},
+	}, m.spec.Integration.GetSidecar())
 	if err != nil {
 		return nil, err
 	}
 	integrations, err := sidecar.NewIntegrationEnablement(
 		sidecar.IntegrationEnvoyV3{
 			Spec: m.spec,
 		}, sidecar.IntegrationAuthenticationV1{
@ -250,5 +256,7 @@ func (m *MemberGatewayPod) Profiles() (schedulerApi.ProfileTemplates, error) {
 		return nil, err
 	}
-	return []*schedulerApi.ProfileTemplate{integration}, nil
+	shutdownAnnotation := sidecar.NewShutdownAnnotations([]string{shared.ServerContainerName})
 	return []*schedulerApi.ProfileTemplate{integration, integrations, shutdownAnnotation}, nil
 }
--- a/pkg/integrations/authentication_v1.go
+++ b/pkg/integrations/authentication_v1.go
@ -27,6 +27,7 @@ import (
 	pbImplAuthenticationV1 "github.com/arangodb/kube-arangodb/integrations/authentication/v1"
 	pbAuthenticationV1 "github.com/arangodb/kube-arangodb/integrations/authentication/v1/definition"
 	"github.com/arangodb/kube-arangodb/pkg/util/errors"
 	"github.com/arangodb/kube-arangodb/pkg/util/svc"
 )
@ -40,20 +41,18 @@ type authenticationV1 struct {
 	config pbImplAuthenticationV1.Configuration
 }
-func (a *authenticationV1) Register(cmd *cobra.Command, arg ArgGen) error {
+func (a *authenticationV1) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
-	f := cmd.Flags()
+	return errors.Errors(
-
+		fs.StringVar(&a.config.Path, "path", "", "Path to the JWT Folder"),
-	f.StringVar(&a.config.Path, arg("path"), "", "Path to the JWT Folder")
+		fs.BoolVar(&a.config.Enabled, "enabled", true, "Defines if Authentication is enabled"),
-	f.BoolVar(&a.config.Enabled, arg("enabled"), true, "Defines if Authentication is enabled")
+		fs.DurationVar(&a.config.TTL, "ttl", pbImplAuthenticationV1.DefaultTTL, "TTL of the JWT cache"),
-	f.DurationVar(&a.config.TTL, arg("ttl"), pbImplAuthenticationV1.DefaultTTL, "TTL of the JWT cache")
+		fs.StringVar(&a.config.Create.DefaultUser, "token.user", pbImplAuthenticationV1.DefaultUser, "Default user of the Token"),
-	f.StringVar(&a.config.Create.DefaultUser, arg("token.user"), pbImplAuthenticationV1.DefaultUser, "Default user of the Token")
+		fs.DurationVar(&a.config.Create.DefaultTTL, "token.ttl.default", pbImplAuthenticationV1.DefaultTokenDefaultTTL, "Default Token TTL"),
-	f.DurationVar(&a.config.Create.DefaultTTL, arg("token.ttl.default"), pbImplAuthenticationV1.DefaultTokenDefaultTTL, "Default Token TTL")
+		fs.DurationVar(&a.config.Create.MinTTL, "token.ttl.min", pbImplAuthenticationV1.DefaultTokenMinTTL, "Min Token TTL"),
-	f.DurationVar(&a.config.Create.MinTTL, arg("token.ttl.min"), pbImplAuthenticationV1.DefaultTokenMinTTL, "Min Token TTL")
+		fs.DurationVar(&a.config.Create.MaxTTL, "token.ttl.max", pbImplAuthenticationV1.DefaultTokenMaxTTL, "Max Token TTL"),
-	f.DurationVar(&a.config.Create.MaxTTL, arg("token.ttl.max"), pbImplAuthenticationV1.DefaultTokenMaxTTL, "Max Token TTL")
+		fs.Uint16Var(&a.config.Create.MaxSize, "token.max-size", pbImplAuthenticationV1.DefaultMaxTokenSize, "Max Token max size in bytes"),
-	f.Uint16Var(&a.config.Create.MaxSize, arg("token.max-size"), pbImplAuthenticationV1.DefaultMaxTokenSize, "Max Token max size in bytes")
+		fs.StringSliceVar(&a.config.Create.AllowedUsers, "token.allowed", []string{}, "Allowed users for the Token"),
-	f.StringSliceVar(&a.config.Create.AllowedUsers, arg("token.allowed"), []string{}, "Allowed users for the Token")
+	)
 	return nil
 }
 func (a *authenticationV1) Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error) {
--- a/pkg/integrations/authorization_v0.go
+++ b/pkg/integrations/authorization_v0.go
@ -47,7 +47,7 @@ func (a authorizationV0) Description() string {
 	return "Enable AuthorizationV0 Integration Service"
 }
-func (a authorizationV0) Register(cmd *cobra.Command, arg ArgGen) error {
+func (a authorizationV0) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
 	return nil
 }
--- a/pkg/integrations/config_v1.go
+++ b/pkg/integrations/config_v1.go
@ -41,12 +41,10 @@ type configV1 struct {
 	modules []string
 }
-func (a *configV1) Register(cmd *cobra.Command, arg ArgGen) error {
+func (a *configV1) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
-	f := cmd.Flags()
+	return errors.Errors(
-
+		fs.StringSliceVar(&a.modules, "module", nil, "Module in the reference <name>=<abs path>"),
-	f.StringSliceVar(&a.modules, arg("module"), nil, "Module in the reference <name>=<abs path>")
+	)
 	return nil
 }
 func (a *configV1) Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error) {
--- a/pkg/integrations/envoy_auth_v3.go
+++ b/pkg/integrations/envoy_auth_v3.go
@ -48,7 +48,7 @@ func (a *envoyAuthV3) Description() string {
 	return "Enable EnvoyAuthV3 Integration Service"
 }
-func (a *envoyAuthV3) Register(cmd *cobra.Command, arg ArgGen) error {
+func (a *envoyAuthV3) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
 	return nil
 }
--- a/pkg/integrations/flags.go
+++ b/pkg/integrations/flags.go
@ -0,0 +1,243 @@
 //
 // DISCLAIMER
 //
 // Copyright 2024 ArangoDB GmbH, Cologne, Germany
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 // http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 // Copyright holder is ArangoDB GmbH, Cologne, Germany
 //
 package integrations
 import (
 	"fmt"
 	"os"
 	"reflect"
 	"strconv"
 	"strings"
 	"time"
 	flag "github.com/spf13/pflag"
 	"github.com/arangodb/kube-arangodb/pkg/util"
 	"github.com/arangodb/kube-arangodb/pkg/util/errors"
 )
 func NewFlagEnvHandler(fs *flag.FlagSet) FlagEnvHandler {
 	return flagEnvHandler{
 		fs: fs,
 	}
 }
 type FlagEnvHandler interface {
 	WithPrefix(prefix string) FlagEnvHandler
 	StringVar(p *string, name string, value string, usage string) error
 	String(name string, value string, usage string) error
 	StringSliceVar(p *[]string, name string, value []string, usage string) error
 	StringSlice(name string, value []string, usage string) error
 	BoolVar(p *bool, name string, value bool, usage string) error
 	Bool(name string, value bool, usage string) error
 	Uint16Var(p *uint16, name string, value uint16, usage string) error
 	Uint16(name string, value uint16, usage string) error
 	DurationVar(p *time.Duration, name string, value time.Duration, usage string) error
 	Duration(name string, value time.Duration, usage string) error
 }
 type flagEnvHandler struct {
 	prefix string
 	fs     *flag.FlagSet
 }
 func (f flagEnvHandler) StringVar(p *string, name string, value string, usage string) error {
 	v, err := parseEnvToString(f.getEnv(name), value)
 	if err != nil {
 		return err
 	}
 	f.fs.StringVar(p, f.name(name), v, f.varDesc(name, usage))
 	return nil
 }
 func (f flagEnvHandler) String(name string, value string, usage string) error {
 	v, err := parseEnvToString(f.getEnv(name), value)
 	if err != nil {
 		return err
 	}
 	f.fs.String(f.name(name), v, f.varDesc(name, usage))
 	return nil
 }
 func (f flagEnvHandler) StringSliceVar(p *[]string, name string, value []string, usage string) error {
 	v, err := parseEnvToStringArray(f.getEnv(name), value)
 	if err != nil {
 		return err
 	}
 	f.fs.StringSliceVar(p, f.name(name), v, f.varDesc(name, usage))
 	return nil
 }
 func (f flagEnvHandler) StringSlice(name string, value []string, usage string) error {
 	v, err := parseEnvToStringArray(f.getEnv(name), value)
 	if err != nil {
 		return err
 	}
 	f.fs.StringSlice(f.name(name), v, f.varDesc(name, usage))
 	return nil
 }
 func (f flagEnvHandler) BoolVar(p *bool, name string, value bool, usage string) error {
 	v, err := parseEnvToBool(f.getEnv(name), value)
 	if err != nil {
 		return err
 	}
 	f.fs.BoolVar(p, f.name(name), v, f.varDesc(name, usage))
 	return nil
 }
 func (f flagEnvHandler) Bool(name string, value bool, usage string) error {
 	v, err := parseEnvToBool(f.getEnv(name), value)
 	if err != nil {
 		return err
 	}
 	f.fs.Bool(f.name(name), v, f.varDesc(name, usage))
 	return nil
 }
 func (f flagEnvHandler) DurationVar(p *time.Duration, name string, value time.Duration, usage string) error {
 	v, err := parseEnvToDuration(f.getEnv(name), value)
 	if err != nil {
 		return err
 	}
 	f.fs.DurationVar(p, f.name(name), v, f.varDesc(name, usage))
 	return nil
 }
 func (f flagEnvHandler) Duration(name string, value time.Duration, usage string) error {
 	v, err := parseEnvToDuration(f.getEnv(name), value)
 	if err != nil {
 		return err
 	}
 	f.fs.Duration(f.name(name), v, f.varDesc(name, usage))
 	return nil
 }
 func (f flagEnvHandler) Uint16Var(p *uint16, name string, value uint16, usage string) error {
 	v, err := parseEnvToUint16(f.getEnv(name), value)
 	if err != nil {
 		return err
 	}
 	f.fs.Uint16Var(p, f.name(name), v, f.varDesc(name, usage))
 	return nil
 }
 func (f flagEnvHandler) Uint16(name string, value uint16, usage string) error {
 	v, err := parseEnvToUint16(f.getEnv(name), value)
 	if err != nil {
 		return err
 	}
 	f.fs.Uint16(f.name(name), v, f.varDesc(name, usage))
 	return nil
 }
 func (f flagEnvHandler) varDesc(name string, dest string) string {
 	return fmt.Sprintf("%s (Env: %s)", dest, f.getEnv(name))
 }
 func (f flagEnvHandler) getEnv(n string) string {
 	z := f.name(n)
 	z = strings.ReplaceAll(z, ".", "_")
 	z = strings.ReplaceAll(z, "-", "_")
 	return strings.ToUpper(z)
 }
 func (f flagEnvHandler) name(n string) string {
 	if f.prefix == "" {
 		return n
 	}
 	if n == "" {
 		return f.prefix
 	}
 	return fmt.Sprintf("%s.%s", f.prefix, n)
 }
 func (f flagEnvHandler) WithPrefix(prefix string) FlagEnvHandler {
 	return flagEnvHandler{
 		prefix: f.name(prefix),
 		fs:     f.fs,
 	}
 }
 func parseEnvToDuration(env string, def time.Duration) (time.Duration, error) {
 	return parseEnvToType(env, def, time.ParseDuration)
 }
 func parseEnvToUint16(env string, def uint16) (uint16, error) {
 	return parseEnvToType(env, def, func(in string) (uint16, error) {
 		v, err := strconv.ParseUint(in, 10, 16)
 		return uint16(v), err
 	})
 }
 func parseEnvToBool(env string, def bool) (bool, error) {
 	return parseEnvToType(env, def, strconv.ParseBool)
 }
 func parseEnvToStringArray(env string, def []string) ([]string, error) {
 	return parseEnvToType(env, def, func(in string) ([]string, error) {
 		return strings.Split(in, ","), nil
 	})
 }
 func parseEnvToString(env string, def string) (string, error) {
 	return parseEnvToType(env, def, func(in string) (string, error) {
 		return in, nil
 	})
 }
 func parseEnvToType[T any](env string, def T, parser func(in string) (T, error)) (T, error) {
 	if v, ok := os.LookupEnv(env); ok {
 		if q, err := parser(v); err != nil {
 			return util.Default[T](), errors.Wrapf(err, "Unable to parse env `%s` as %s", env, reflect.TypeOf(def).String())
 		} else {
 			return q, nil
 		}
 	}
 	return def, nil
 }
--- a/pkg/integrations/integration.go
+++ b/pkg/integrations/integration.go
@ -30,13 +30,11 @@ import (
 type Factory func() Integration
 type ArgGen func(name string) string
 type Integration interface {
 	Name() string
 	Description() string
-	Register(cmd *cobra.Command, arg ArgGen) error
+	Register(cmd *cobra.Command, fs FlagEnvHandler) error
 	Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error)
 }
--- a/pkg/integrations/register.go
+++ b/pkg/integrations/register.go
@ -125,37 +125,44 @@ func (c *configuration) Register(cmd *cobra.Command) error {
 	cmd.RunE = c.run
-	f := cmd.Flags()
+	f := NewFlagEnvHandler(cmd.Flags())
-	f.StringVar(&c.health.address, "health.address", "0.0.0.0:9091", "Address to expose health service")
+	if err := errors.Errors(
-	f.BoolVar(&c.health.shutdownEnabled, "health.shutdown.enabled", true, "Determines if shutdown service should be enabled and exposed")
+		f.StringVar(&c.health.address, "health.address", "0.0.0.0:9091", "Address to expose health service"),
-	f.StringVar(&c.health.auth.t, "health.auth.type", "None", "Auth type for health service")
+		f.BoolVar(&c.health.shutdownEnabled, "health.shutdown.enabled", true, "Determines if shutdown service should be enabled and exposed"),
-	f.StringVar(&c.health.auth.token, "health.auth.token", "", "Token for health service (when auth service is token)")
+		f.StringVar(&c.health.auth.t, "health.auth.type", "None", "Auth type for health service"),
-	f.StringVar(&c.health.tls.keyfile, "health.tls.keyfile", "", "Path to the keyfile")
+		f.StringVar(&c.health.auth.token, "health.auth.token", "", "Token for health service (when auth service is token)"),
 		f.StringVar(&c.health.tls.keyfile, "health.tls.keyfile", "", "Path to the keyfile"),
-	f.BoolVar(&c.services.internal.enabled, "services.enabled", true, "Defines if internal access is enabled")
+		f.BoolVar(&c.services.internal.enabled, "services.enabled", true, "Defines if internal access is enabled"),
-	f.StringVar(&c.services.internal.address, "services.address", "127.0.0.1:9092", "Address to expose internal services")
+		f.StringVar(&c.services.internal.address, "services.address", "127.0.0.1:9092", "Address to expose internal services"),
-	f.StringVar(&c.services.internal.auth.t, "services.auth.type", "None", "Auth type for internal service")
+		f.StringVar(&c.services.internal.auth.t, "services.auth.type", "None", "Auth type for internal service"),
-	f.StringVar(&c.services.internal.auth.token, "services.auth.token", "", "Token for internal service (when auth service is token)")
+		f.StringVar(&c.services.internal.auth.token, "services.auth.token", "", "Token for internal service (when auth service is token)"),
-	f.StringVar(&c.services.internal.tls.keyfile, "services.tls.keyfile", "", "Path to the keyfile")
+		f.StringVar(&c.services.internal.tls.keyfile, "services.tls.keyfile", "", "Path to the keyfile"),
 	f.BoolVar(&c.services.external.enabled, "services.external.enabled", false, "Defines if external access is enabled")
 	f.StringVar(&c.services.external.address, "services.external.address", "0.0.0.0:9093", "Address to expose external services")
 	f.StringVar(&c.services.external.auth.t, "services.external.auth.type", "None", "Auth type for external service")
 	f.StringVar(&c.services.external.auth.token, "services.external.auth.token", "", "Token for external service (when auth service is token)")
 	f.StringVar(&c.services.external.tls.keyfile, "services.external.tls.keyfile", "", "Path to the keyfile")
 		f.BoolVar(&c.services.external.enabled, "services.external.enabled", false, "Defines if external access is enabled"),
 		f.StringVar(&c.services.external.address, "services.external.address", "0.0.0.0:9093", "Address to expose external services"),
 		f.StringVar(&c.services.external.auth.t, "services.external.auth.type", "None", "Auth type for external service"),
 		f.StringVar(&c.services.external.auth.token, "services.external.auth.token", "", "Token for external service (when auth service is token)"),
 		f.StringVar(&c.services.external.tls.keyfile, "services.external.tls.keyfile", "", "Path to the keyfile"),
 	); err != nil {
 		return err
 	}
 	for _, service := range c.registered {
 		prefix := fmt.Sprintf("integration.%s", service.Name())
-		f.Bool(prefix, false, service.Description())
+		fs := f.WithPrefix(prefix)
 		internal, external := GetIntegrationEnablement(service)
 		f.Bool(fmt.Sprintf("%s.internal", prefix), internal, fmt.Sprintf("Defones if Internal access to service %s is enabled", service.Name()))
 		f.Bool(fmt.Sprintf("%s.external", prefix), external, fmt.Sprintf("Defones if External access to service %s is enabled", service.Name()))
-		if err := service.Register(cmd, func(name string) string {
+		if err := errors.Errors(
-			return fmt.Sprintf("%s.%s", prefix, name)
+			fs.Bool("", false, service.Description()),
-		}); err != nil {
+			fs.Bool("internal", internal, fmt.Sprintf("Defones if Internal access to service %s is enabled", service.Name())),
 			fs.Bool("external", external, fmt.Sprintf("Defones if External access to service %s is enabled", service.Name())),
 		); err != nil {
 			return err
 		}
 		if err := service.Register(cmd, fs); err != nil {
 			return errors.Wrapf(err, "Unable to register service %s", service.Name())
 		}
 	}
--- a/pkg/integrations/scheduler_v1.go
+++ b/pkg/integrations/scheduler_v1.go
@ -50,13 +50,11 @@ func (b *schedulerV1) Description() string {
 	return "SchedulerV1 Integration"
 }
-func (b *schedulerV1) Register(cmd *cobra.Command, arg ArgGen) error {
+func (b *schedulerV1) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
-	f := cmd.Flags()
+	return errors.Errors(
-
+		fs.StringVar(&b.Configuration.Namespace, "namespace", constants.NamespaceWithDefault("default"), "Kubernetes Namespace"),
-	f.StringVar(&b.Configuration.Namespace, arg("namespace"), constants.NamespaceWithDefault("default"), "Kubernetes Namespace")
+		fs.BoolVar(&b.Configuration.VerifyAccess, "verify-access", true, "Verify the CRD Access"),
-	f.BoolVar(&b.Configuration.VerifyAccess, arg("verify-access"), true, "Verify the CRD Access")
+	)
 	return nil
 }
 func (b *schedulerV1) Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error) {
--- a/pkg/integrations/shutdown_v1.go
+++ b/pkg/integrations/shutdown_v1.go
@ -52,7 +52,7 @@ func (s *shutdownV1) Description() string {
 	return "ShutdownV1 Handler"
 }
-func (s *shutdownV1) Register(cmd *cobra.Command, arg ArgGen) error {
+func (s *shutdownV1) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
 	return nil
 }
--- a/pkg/integrations/sidecar/core.go
+++ b/pkg/integrations/sidecar/core.go
@ -24,8 +24,9 @@ import (
 	"fmt"
 	"strings"
 	core "k8s.io/api/core/v1"
 	"github.com/arangodb/kube-arangodb/pkg/util"
 	"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
 )
 type Core struct {
@ -49,14 +50,22 @@ func (c *Core) GetExternal() bool {
 	return *c.External
 }
-func (c *Core) Args(int Integration) k8sutil.OptionPairs {
+func (c *Core) Envs(int Integration, envs ...core.EnvVar) []core.EnvVar {
 	var options k8sutil.OptionPairs
 	cmd := strings.Join(util.FormatList(int.Name(), func(a string) string {
-		return strings.ToLower(a)
+		return strings.ToUpper(a)
-	}), ".")
+	}), "_")
 	var r = []core.EnvVar{
 		{
 			Name:  fmt.Sprintf("INTEGRATION_%s_INTERNAL", cmd),
 			Value: util.BoolSwitch(c.GetInternal(), "true", "false"),
 		},
 		{
 			Name:  fmt.Sprintf("INTEGRATION_%s_EXTERNAL", cmd),
 			Value: util.BoolSwitch(c.GetExternal(), "true", "false"),
 		},
 	}
-	options.Add(fmt.Sprintf("--integration.%s.internal", cmd), c.GetInternal())
+	r = append(r, envs...)
 	options.Add(fmt.Sprintf("--integration.%s.external", cmd), c.GetExternal())
-	return options
+	return r
 }
--- a/pkg/integrations/sidecar/integration.authentication.v1.go
+++ b/pkg/integrations/sidecar/integration.authentication.v1.go
@ -26,11 +26,9 @@ import (
 	api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1"
 	shared "github.com/arangodb/kube-arangodb/pkg/apis/shared"
 	"github.com/arangodb/kube-arangodb/pkg/deployment/pod"
-	"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
+	"github.com/arangodb/kube-arangodb/pkg/util"
 )
 var _ IntegrationVolumes = IntegrationAuthenticationV1{}
 type IntegrationAuthenticationV1 struct {
 	Core *Core
@ -46,16 +44,27 @@ func (i IntegrationAuthenticationV1) Validate() error {
 	return nil
 }
-func (i IntegrationAuthenticationV1) Args() (k8sutil.OptionPairs, error) {
+func (i IntegrationAuthenticationV1) Envs() ([]core.EnvVar, error) {
-	options := k8sutil.CreateOptionPairs()
+	var envs = []core.EnvVar{
 		{
 			Name:  "INTEGRATION_AUTHENTICATION_V1",
 			Value: "true",
 		},
 		{
 			Name:  "INTEGRATION_AUTHENTICATION_V1_ENABLED",
 			Value: util.BoolSwitch(i.Spec.IsAuthenticated(), "true", "false"),
 		},
 		{
 			Name:  "INTEGRATION_AUTHENTICATION_V1_PATH",
 			Value: shared.ClusterJWTSecretVolumeMountDir,
 		},
 	}
-	options.Add("--integration.authentication.v1", true)
+	return i.Core.Envs(i, envs...), nil
-	options.Add("--integration.authentication.v1.enabled", i.Spec.IsAuthenticated())
+}
 	options.Add("--integration.authentication.v1.path", shared.ClusterJWTSecretVolumeMountDir)
-	options.Merge(i.Core.Args(i))
+func (i IntegrationAuthenticationV1) GlobalEnvs() ([]core.EnvVar, error) {
-
+	return nil, nil
 	return options, nil
 }
 func (i IntegrationAuthenticationV1) Volumes() ([]core.Volume, []core.VolumeMount, error) {
--- a/pkg/integrations/sidecar/integration.authorization.v0.go
+++ b/pkg/integrations/sidecar/integration.authorization.v0.go
@ -21,7 +21,7 @@
 package sidecar
 import (
-	"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
+	core "k8s.io/api/core/v1"
 )
 type IntegrationAuthorizationV0 struct {
@ -36,12 +36,21 @@ func (i IntegrationAuthorizationV0) Validate() error {
 	return nil
 }
-func (i IntegrationAuthorizationV0) Args() (k8sutil.OptionPairs, error) {
+func (i IntegrationAuthorizationV0) Envs() ([]core.EnvVar, error) {
-	options := k8sutil.CreateOptionPairs()
+	var envs = []core.EnvVar{
 		{
 			Name:  "INTEGRATION_AUTHENTICATION_V0",
 			Value: "true",
 		},
 	}
-	options.Add("--integration.authorization.v0", true)
+	return i.Core.Envs(i, envs...), nil
-
+}
-	options.Merge(i.Core.Args(i))
+
-
+func (i IntegrationAuthorizationV0) GlobalEnvs() ([]core.EnvVar, error) {
-	return options, nil
+	return nil, nil
 }
 func (i IntegrationAuthorizationV0) Volumes() ([]core.Volume, []core.VolumeMount, error) {
 	return nil, nil, nil
 }
--- a/pkg/integrations/sidecar/integration.envoy.v3.go
+++ b/pkg/integrations/sidecar/integration.envoy.v3.go
@ -21,8 +21,9 @@
 package sidecar
 import (
 	core "k8s.io/api/core/v1"
 	api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1"
 	"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
 )
 type IntegrationEnvoyV3 struct {
@ -38,12 +39,21 @@ func (i IntegrationEnvoyV3) Validate() error {
 	return nil
 }
-func (i IntegrationEnvoyV3) Args() (k8sutil.OptionPairs, error) {
+func (i IntegrationEnvoyV3) Envs() ([]core.EnvVar, error) {
-	options := k8sutil.CreateOptionPairs()
+	var envs = []core.EnvVar{
 		{
 			Name:  "INTEGRATION_ENVOY_AUTH_V3",
 			Value: "true",
 		},
 	}
-	options.Add("--integration.envoy.auth.v3", true)
+	return i.Core.Envs(i, envs...), nil
-
+}
-	options.Merge(i.Core.Args(i))
+
-
+func (i IntegrationEnvoyV3) GlobalEnvs() ([]core.EnvVar, error) {
-	return options, nil
+	return nil, nil
 }
 func (i IntegrationEnvoyV3) Volumes() ([]core.Volume, []core.VolumeMount, error) {
 	return nil, nil, nil
 }
--- a/pkg/integrations/sidecar/integration.go
+++ b/pkg/integrations/sidecar/integration.go
@ -29,47 +29,93 @@ const (
 	ListenPortHealthName = "health"
 )
 func WithIntegrationEnvs(in Integration) ([]core.EnvVar, error) {
 	if v, ok := in.(IntegrationEnvs); ok {
 		return v.Envs()
 	}
 	return nil, nil
 }
 type IntegrationEnvs interface {
 	Integration
 	Envs() ([]core.EnvVar, error)
 }
 func WithIntegrationVolumes(in Integration) ([]core.Volume, []core.VolumeMount, error) {
 	if v, ok := in.(IntegrationVolumes); ok {
 		return v.Volumes()
 	}
 	return nil, nil, nil
 }
 type IntegrationVolumes interface {
 	Integration
 	Volumes() ([]core.Volume, []core.VolumeMount, error)
 }
 type Integration interface {
 	Name() []string
-	Args() (k8sutil.OptionPairs, error)
+	Envs() ([]core.EnvVar, error)
 	GlobalEnvs() ([]core.EnvVar, error)
 	Volumes() ([]core.Volume, []core.VolumeMount, error)
 	Validate() error
 }
-func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *schedulerIntegrationApi.Sidecar, coreContainers []string, integrations ...Integration) (*schedulerApi.ProfileTemplate, error) {
+func NewShutdownAnnotations(coreContainers []string) *schedulerApi.ProfileTemplate {
-	for _, integration := range integrations {
+	pt := schedulerApi.ProfileTemplate{
-		if err := integration.Validate(); err != nil {
+		Pod: &schedulerPodApi.Pod{
-			name := strings.Join(integration.Name(), "/")
+			Metadata: &schedulerPodResourcesApi.Metadata{
 				Annotations: map[string]string{},
 			},
 		},
 	}
 	for _, container := range coreContainers {
 		pt.Pod.Metadata.Annotations[fmt.Sprintf("%s/%s", constants.AnnotationShutdownCoreContainer, container)] = constants.AnnotationShutdownCoreContainerModeWait
 	}
 	return &pt
 }
 func NewIntegrationEnablement(integrations ...Integration) (*schedulerApi.ProfileTemplate, error) {
 	var envs, gEnvs []core.EnvVar
 	var volumes []core.Volume
 	var volumeMounts []core.VolumeMount
 	for _, integration := range integrations {
 		name := strings.Join(integration.Name(), "/")
 		if err := integration.Validate(); err != nil {
 			return nil, errors.Wrapf(err, "Failure in %s", name)
 		}
 		if lvolumes, lvolumeMounts, err := integration.Volumes(); err != nil {
 			return nil, errors.Wrapf(err, "Failure in volumes %s", name)
 		} else if len(lvolumes) > 0 || len(lvolumeMounts) > 0 {
 			volumes = append(volumes, lvolumes...)
 			volumeMounts = append(volumeMounts, lvolumeMounts...)
 		}
 		if lenvs, err := integration.Envs(); err != nil {
 			return nil, errors.Wrapf(err, "Failure in envs %s", name)
 		} else if len(lenvs) > 0 {
 			envs = append(envs, lenvs...)
 		}
 		if lgenvs, err := integration.GlobalEnvs(); err != nil {
 			return nil, errors.Wrapf(err, "Failure in global envs %s", name)
 		} else if len(lgenvs) > 0 {
 			gEnvs = append(gEnvs, lgenvs...)
 		}
 	}
 	if len(envs) == 0 && len(gEnvs) == 0 {
 		return nil, nil
 	}
 	return &schedulerApi.ProfileTemplate{
 		Pod: &schedulerPodApi.Pod{
 			Volumes: &schedulerPodResourcesApi.Volumes{
 				Volumes: volumes,
 			},
 		},
 		Container: &schedulerApi.ProfileContainerTemplate{
 			Containers: map[string]schedulerContainerApi.Container{
 				ContainerName: {
 					Environments: &schedulerContainerResourcesApi.Environments{
 						Env: envs,
 					},
 					VolumeMounts: &schedulerContainerResourcesApi.VolumeMounts{
 						VolumeMounts: volumeMounts,
 					},
 				},
 			},
 			All: &schedulerContainerApi.Generic{
 				Environments: &schedulerContainerResourcesApi.Environments{
 					Env: gEnvs,
 				},
 			},
 		},
 	}, nil
 }
 func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *schedulerIntegrationApi.Sidecar) (*schedulerApi.ProfileTemplate, error) {
 	// Arguments
 	exePath := k8sutil.BinaryPath()
@ -83,10 +129,6 @@ func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *sc
 	options.Addf("--services.address", "127.0.0.1:%d", integration.GetListenPort())
 	options.Addf("--health.address", "0.0.0.0:%d", integration.GetControllerListenPort())
 	// Volumes
 	var volumes []core.Volume
 	var volumeMounts []core.VolumeMount
 	// Envs
 	var envs = []core.EnvVar{
@ -100,40 +142,6 @@ func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *sc
 		},
 	}
 	for _, i := range integrations {
 		name := strings.Join(i.Name(), "/")
 		if err := i.Validate(); err != nil {
 			return nil, errors.Wrapf(err, "Failure in %s", name)
 		}
 		if args, err := i.Args(); err != nil {
 			return nil, errors.Wrapf(err, "Failure in arguments %s", name)
 		} else if len(args) > 0 {
 			options.Merge(args)
 		}
 		if lvolumes, lvolumeMounts, err := WithIntegrationVolumes(i); err != nil {
 			return nil, errors.Wrapf(err, "Failure in volumes %s", name)
 		} else if len(lvolumes) > 0 || len(lvolumeMounts) > 0 {
 			volumes = append(volumes, lvolumes...)
 			volumeMounts = append(volumeMounts, lvolumeMounts...)
 		}
 		if lenvs, err := WithIntegrationEnvs(i); err != nil {
 			return nil, errors.Wrapf(err, "Failure in envs %s", name)
 		} else if len(lenvs) > 0 {
 			envs = append(envs, lenvs...)
 		}
 		envs = append(envs, core.EnvVar{
 			Name: fmt.Sprintf("INTEGRATION_SERVICE_%s", strings.Join(util.FormatList(i.Name(), func(a string) string {
 				return strings.ToUpper(a)
 			}), "_")),
 			Value: fmt.Sprintf("127.0.0.1:%d", integration.GetListenPort()),
 		})
 	}
 	c := schedulerContainerApi.Container{
 		Core: &schedulerContainerResourcesApi.Core{
 			Command: append([]string{exePath, "integration"}, options.Sort().AsArgs()...),
@ -175,14 +183,15 @@ func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *sc
 				FailureThreshold:    2,  // Need 2 failed probes to consider a failed state
 			},
 		},
 		VolumeMounts: &schedulerContainerResourcesApi.VolumeMounts{
 			VolumeMounts: volumeMounts,
 		},
 	}
 	pt := schedulerApi.ProfileTemplate{
 		Container: &schedulerApi.ProfileContainerTemplate{
 			All: &schedulerContainerApi.Generic{
 				Environments: &schedulerContainerResourcesApi.Environments{
 					Env: envs,
 				},
 			},
 			Containers: map[string]schedulerContainerApi.Container{
 				ContainerName: util.TypeOrDefault(k8sutil.CreateDefaultContainerTemplate(image).With(&c).With(integration.GetContainer())),
 			},
@ -191,24 +200,15 @@ func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *sc
 			Metadata: &schedulerPodResourcesApi.Metadata{
 				Annotations: map[string]string{},
 			},
 			Volumes: &schedulerPodResourcesApi.Volumes{
 				Volumes: volumes,
 			},
 		},
 	}
 	for _, container := range coreContainers {
 		pt.Pod.Metadata.Annotations[fmt.Sprintf("%s/%s", constants.AnnotationShutdownCoreContainer, container)] = constants.AnnotationShutdownCoreContainerModeWait
 	}
 	pt.Pod.Metadata.Annotations[fmt.Sprintf("%s/%s", constants.AnnotationShutdownContainer, ContainerName)] = ListenPortHealthName
 	pt.Pod.Metadata.Annotations[constants.AnnotationShutdownManagedContainer] = "true"
-	pt.Container.Containers.ExtendContainers(&schedulerContainerApi.Container{
+	pt.Container.All.Environments = &schedulerContainerResourcesApi.Environments{
-		Environments: &schedulerContainerResourcesApi.Environments{
+		Env: envs,
-			Env: envs,
+	}
 		},
 	}, coreContainers...)
 	return &pt, nil
 }
--- a/pkg/integrations/sidecar/integration.shutdown.v1.go
+++ b/pkg/integrations/sidecar/integration.shutdown.v1.go
@ -21,7 +21,7 @@
 package sidecar
 import (
-	"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
+	core "k8s.io/api/core/v1"
 )
 type IntegrationShutdownV1 struct {
@ -36,12 +36,21 @@ func (i IntegrationShutdownV1) Validate() error {
 	return nil
 }
-func (i IntegrationShutdownV1) Args() (k8sutil.OptionPairs, error) {
+func (i IntegrationShutdownV1) Envs() ([]core.EnvVar, error) {
-	options := k8sutil.CreateOptionPairs()
+	var envs = []core.EnvVar{
 		{
 			Name:  "INTEGRATION_SHUTDOWN_V1",
 			Value: "true",
 		},
 	}
-	options.Add("--integration.shutdown.v1", true)
+	return i.Core.Envs(i, envs...), nil
-
+}
-	options.Merge(i.Core.Args(i))
+
-
+func (i IntegrationShutdownV1) GlobalEnvs() ([]core.EnvVar, error) {
-	return options, nil
+	return nil, nil
 }
 func (i IntegrationShutdownV1) Volumes() ([]core.Volume, []core.VolumeMount, error) {
 	return nil, nil, nil
 }
--- a/pkg/integrations/storage_v1.go
+++ b/pkg/integrations/storage_v1.go
@ -26,6 +26,7 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/arangodb/kube-arangodb/pkg/ml/storage"
 	"github.com/arangodb/kube-arangodb/pkg/util/errors"
 	"github.com/arangodb/kube-arangodb/pkg/util/svc"
 )
@ -47,21 +48,19 @@ func (b *storageV1) Description() string {
 	return "StorageBucket Integration"
 }
-func (b *storageV1) Register(cmd *cobra.Command, arg ArgGen) error {
+func (b *storageV1) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
-	f := cmd.Flags()
+	return errors.Errors(
-
+		fs.StringVar((*string)(&b.Configuration.Type), "type", string(storage.S3), "Type of the Storage Integration"),
-	f.StringVar((*string)(&b.Configuration.Type), arg("type"), string(storage.S3), "Type of the Storage Integration")
+		fs.StringVar(&b.Configuration.S3.Endpoint, "s3.endpoint", "", "Endpoint of S3 API implementation"),
-	f.StringVar(&b.Configuration.S3.Endpoint, arg("s3.endpoint"), "", "Endpoint of S3 API implementation")
+		fs.StringVar(&b.Configuration.S3.CACrtFile, "s3.ca-crt", "", "Path to file containing CA certificate to validate endpoint connection"),
-	f.StringVar(&b.Configuration.S3.CACrtFile, arg("s3.ca-crt"), "", "Path to file containing CA certificate to validate endpoint connection")
+		fs.StringVar(&b.Configuration.S3.CAKeyFile, "s3.ca-key", "", "Path to file containing keyfile to validate endpoint connection"),
-	f.StringVar(&b.Configuration.S3.CAKeyFile, arg("s3.ca-key"), "", "Path to file containing keyfile to validate endpoint connection")
+		fs.BoolVar(&b.Configuration.S3.AllowInsecure, "s3.allow-insecure", false, "If set to true, the Endpoint certificates won't be checked"),
-	f.BoolVar(&b.Configuration.S3.AllowInsecure, arg("s3.allow-insecure"), false, "If set to true, the Endpoint certificates won't be checked")
+		fs.BoolVar(&b.Configuration.S3.DisableSSL, "s3.disable-ssl", false, "If set to true, the SSL won't be used when connecting to Endpoint"),
-	f.BoolVar(&b.Configuration.S3.DisableSSL, arg("s3.disable-ssl"), false, "If set to true, the SSL won't be used when connecting to Endpoint")
+		fs.StringVar(&b.Configuration.S3.Region, "s3.region", "", "Region"),
-	f.StringVar(&b.Configuration.S3.Region, arg("s3.region"), "", "Region")
+		fs.StringVar(&b.Configuration.S3.BucketName, "s3.bucket", "", "Bucket name"),
-	f.StringVar(&b.Configuration.S3.BucketName, arg("s3.bucket"), "", "Bucket name")
+		fs.StringVar(&b.Configuration.S3.AccessKeyFile, "s3.access-key", "", "Path to file containing S3 AccessKey"),
-	f.StringVar(&b.Configuration.S3.AccessKeyFile, arg("s3.access-key"), "", "Path to file containing S3 AccessKey")
+		fs.StringVar(&b.Configuration.S3.SecretKeyFile, "s3.secret-key", "", "Path to file containing S3 SecretKey"),
-	f.StringVar(&b.Configuration.S3.SecretKeyFile, arg("s3.secret-key"), "", "Path to file containing S3 SecretKey")
+	)
 	return nil
 }
 func (b *storageV1) Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error) {