diff --git a/.circleci/config.yml b/.circleci/config.yml
index 4789b81..5fb609c 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -59,7 +59,7 @@ jobs:
       - run:
           name: Install k3d
           command: |
-            wget -q -O - https://raw.githubusercontent.com/rancher/k3d/v${K3D_VERSION}/install.sh | bash
+            wget -q -O - https://raw.githubusercontent.com/rancher/k3d/main/install.sh | TAG=v${K3D_VERSION} bash
       - run:
           name: Run all tests
           command: |
diff --git a/build/Dockerfile b/build/Dockerfile
index 885a4b9..40c8bb7 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.2
 
 ARG GIT_COMMIT="unspecified"
 LABEL GIT_COMMIT=$GIT_COMMIT
diff --git a/go.mod b/go.mod
index 4b1e504..c3798ed 100644
--- a/go.mod
+++ b/go.mod
@@ -2,6 +2,7 @@ module github.com/patoarvizu/vault-dynamic-configuration-operator
 
 require (
 	github.com/banzaicloud/bank-vaults v0.0.0-20200310211418-ce974071071b
+	github.com/coreos/prometheus-operator v0.34.0
 	github.com/operator-framework/operator-sdk v0.15.1
 	github.com/spf13/pflag v1.0.5
 	k8s.io/api v0.17.2
diff --git a/pkg/controller/vdc/serviceaccount_controller.go b/pkg/controller/vdc/serviceaccount_controller.go
index c7edf72..d44db5a 100644
--- a/pkg/controller/vdc/serviceaccount_controller.go
+++ b/pkg/controller/vdc/serviceaccount_controller.go
@@ -197,7 +197,6 @@ func (r *ReconcileServiceAccount) Reconcile(request reconcile.Request) (reconcil
 	if val, ok := instance.Annotations[AnnotationPrefix+"/"+AutoConfigureAnnotation]; !ok || val != "true" {
 		return reconcile.Result{}, nil
 	}
-	reqLogger.Info("Configuring ServiceAccount for Vault authentication", "ServiceAccount", instance.ObjectMeta.Name, "Namespace", instance.ObjectMeta.Namespace)
 
 	vaultConfig := &bankvaultsv1alpha1.Vault{}
 	ns, _ := k8sutil.GetOperatorNamespace()
@@ -235,7 +234,6 @@ func (r *ReconcileServiceAccount) Reconcile(request reconcile.Request) (reconcil
 	if !ok {
 		return reconcile.Result{}, nil
 	}
-	reqLogger.Info("Configuring ServiceAccount for dynamic database secrets", "ServiceAccount", instance.ObjectMeta.Name, "Namespace", instance.ObjectMeta.Namespace, "TargetDB", targetDb)
 	err = addOrUpdateDBRole(&bvConfig, instance.ObjectMeta, *configMap, targetDb)
 	if err != nil {
 		return reconcile.Result{}, err
@@ -279,6 +277,7 @@ func addOrUpdateDBRole(bvConfig *BankVaultsConfig, metadata metav1.ObjectMeta, c
 			return nil
 		}
 	}
+	log.Info("Configuring ServiceAccount for dynamic database secrets", "ServiceAccount", metadata.Name, "Namespace", metadata.Namespace, "TargetDB", targetDb)
 	newDbRole := &DBRole{
 		Name:               metadata.Name,
 		DbName:             targetDb,
@@ -343,6 +342,7 @@ func addOrUpdateKubernetesRole(kubernetesAuth *Auth, metadata metav1.ObjectMeta)
 			return
 		}
 	}
+	log.Info("Configuring ServiceAccount for Vault authentication", "ServiceAccount", metadata.Name, "Namespace", metadata.Namespace)
 	newRole := &Role{
 		BoundServiceAccountNames: metadata.Name,
 		BoundServiceAccountNamespaces: func(namespace string) []string {