diff --git a/charts/postgres-operator/crds/operatorconfigurations.yaml b/charts/postgres-operator/crds/operatorconfigurations.yaml
index 2863b1b2d..ff92bc064 100644
--- a/charts/postgres-operator/crds/operatorconfigurations.yaml
+++ b/charts/postgres-operator/crds/operatorconfigurations.yaml
@@ -118,10 +118,9 @@ spec:
                   items:
                     type: string
                 node_readiness_label:
-                  type: array
-                  items:
+                  type: object
+                  additionalProperties:
                     type: string
-                  nullable: true
                 oauth_token_secret_name:
                   type: string
                 pdb_name_format:
diff --git a/charts/postgres-operator/values-crd.yaml b/charts/postgres-operator/values-crd.yaml
index 2bcd1b0f7..0c34e00ab 100644
--- a/charts/postgres-operator/values-crd.yaml
+++ b/charts/postgres-operator/values-crd.yaml
@@ -79,7 +79,8 @@ configKubernetes:
   # master_pod_move_timeout: 20m
 
   # set of labels that a running and active node should possess to be considered ready
-  # node_readiness_label: ""
+  # node_readiness_label:
+  #   status: ready
 
   # name of the secret containing the OAuth2 token to pass to the teams API
   # oauth_token_secret_name: postgresql-operator
@@ -189,20 +190,20 @@ configAwsOrGcp:
 
 # configure K8s cron job managed by the operator
 configLogicalBackup:
-  # backup schedule in the cron format
-  logical_backup_schedule: "30 00 * * *"
   # image for pods of the logical backup job (example runs pg_dumpall)
   logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup"
-  # S3 bucket to store backup results
-  logical_backup_s3_bucket: "my-bucket-url"
-  # S3 server side encription to use
-  logical_backup_s3_sse: "AES256"
-  # S3 endpoint url when not using AWS
-  logical_backup_s3_endpoint: ""
   # S3 Access Key ID
   logical_backup_s3_access_key_id: ""
+  # S3 bucket to store backup results
+  logical_backup_s3_bucket: "my-bucket-url"
+  # S3 endpoint url when not using AWS
+  logical_backup_s3_endpoint: ""
   # S3 Secret Access Key
   logical_backup_s3_secret_access_key: ""
+  # S3 server side encription
+  logical_backup_s3_sse: "AES256"
+  # backup schedule in the cron format
+  logical_backup_schedule: "30 00 * * *"
 
 # automate creation of human users with teams API service
 configTeamsApi:
@@ -219,7 +220,8 @@ configTeamsApi:
   # operator will add all team member roles to this group and add a pg_hba line
   pam_role_name: zalandos
   # List of teams which members need the superuser role in each Postgres cluster
-  # postgres_superuser_teams: "postgres_superusers"
+  # postgres_superuser_teams:
+  # - postgres_superusers
 
   # List of roles that cannot be overwritten by an application, team or infrastructure role
   protected_role_names:
diff --git a/manifests/configmap.yaml b/manifests/configmap.yaml
index 6dd6c5469..59d3abfde 100644
--- a/manifests/configmap.yaml
+++ b/manifests/configmap.yaml
@@ -42,7 +42,7 @@ data:
   # logical_backup_s3_secret_access_key: ""
   # logical_backup_s3_sse: "AES256"
   # logical_backup_schedule: "30 00 * * *"
-  master_dns_name_format: "{cluster}.{team}.staging.{hostedzone}"
+  master_dns_name_format: "{cluster}.{team}.{hostedzone}"
   # master_pod_move_timeout: 10m
   # max_instances: "-1"
   # min_instances: "-1"
@@ -65,11 +65,11 @@ data:
   ready_wait_interval: 3s
   ready_wait_timeout: 30s
   repair_period: 5m
-  replica_dns_name_format: "{cluster}-repl.{team}.staging.{hostedzone}"
+  replica_dns_name_format: "{cluster}-repl.{team}.{hostedzone}"
   replication_username: standby
   resource_check_interval: 3s
   resource_check_timeout: 10m
-  resync_period: 5m
+  resync_period: 30m
   ring_log_lines: "100"
   secret_name_template: "{username}.{cluster}.credentials"
   # sidecar_docker_images: ""
diff --git a/manifests/operatorconfiguration.crd.yaml b/manifests/operatorconfiguration.crd.yaml
index 49b068b8c..753415a15 100644
--- a/manifests/operatorconfiguration.crd.yaml
+++ b/manifests/operatorconfiguration.crd.yaml
@@ -94,10 +94,9 @@ spec:
                   items:
                     type: string
                 node_readiness_label:
-                  type: array
-                  items:
+                  type: object
+                  additionalProperties:
                     type: string
-                  nullable: true
                 oauth_token_secret_name:
                   type: string
                 pdb_name_format:
diff --git a/manifests/postgresql-operator-default-configuration.yaml b/manifests/postgresql-operator-default-configuration.yaml
index 6320a712c..4f3e2cf7e 100644
--- a/manifests/postgresql-operator-default-configuration.yaml
+++ b/manifests/postgresql-operator-default-configuration.yaml
@@ -28,25 +28,25 @@ configuration:
     #   keyb: valueb
     enable_pod_antiaffinity: false
     enable_pod_disruption_budget: true
-    # infrastructure_roles_secret_name: postgresql-operator
+    # infrastructure_roles_secret_name: postgresql-infrastructure-roles
     # inherited_labels:
     # - application
     # - environment
-    # node_readiness_label:
-    # - status:ready
+    node_readiness_label:
+      status: ready
     oauth_token_secret_name: postgresql-operator
     pdb_name_format: "postgres-{cluster}-pdb"
     pod_antiaffinity_topology_key: "kubernetes.io/hostname"
-    pod_environment_configmap: ""
+    # pod_environment_configmap: ""
     pod_management_policy: "ordered_ready"
     pod_role_label: spilo-role
-    pod_service_account_name: operator
+    pod_service_account_name: zalando-postgres-operator
     pod_terminate_grace_period: 5m
     secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
     # spilo_fsgroup: 103
     spilo_privileged: false
-    toleration: {}
-    watched_namespace: ""
+    # toleration: {}
+    # watched_namespace: ""
   postgres_pod_resources:
     default_cpu_limit: "3"
     default_cpu_request: 100m
@@ -60,7 +60,7 @@ configuration:
     resource_check_interval: 3s
     resource_check_timeout: 10m
   load_balancer:
-    db_hosted_zone: ""
+    # db_hosted_zone: ""
     enable_master_load_balancer: false
     enable_replica_load_balancer: false
     # custom_service_annotations:
@@ -72,9 +72,9 @@ configuration:
     # additional_secret_mount: "some-secret-name"
     # additional_secret_mount_path: "/some/dir"
     aws_region: eu-central-1
-    kube_iam_role: ""
-    log_s3_bucket: ""
-    wal_s3_bucket: ""
+    # kube_iam_role: ""
+    # log_s3_bucket: ""
+    # wal_s3_bucket: ""
   logical_backup:
     logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup"
     logical_backup_s3_access_key_id: ""
@@ -90,12 +90,12 @@ configuration:
     # enable_admin_role_for_users: true
     enable_team_superuser: false
     enable_teams_api: false
-    pam_configuration: ""
+    # pam_configuration: ""
     pam_role_name: zalandos
     # postgres_superuser_teams:
-    #   - postgres_superusers
+    # - postgres_superusers
     protected_role_names:
-      - admin
+    - admin
     team_admin_role: admin
     team_api_role_configuration:
       log_statement: all
diff --git a/pkg/apis/acid.zalan.do/v1/crds.go b/pkg/apis/acid.zalan.do/v1/crds.go
index e154e065c..9ee76103f 100644
--- a/pkg/apis/acid.zalan.do/v1/crds.go
+++ b/pkg/apis/acid.zalan.do/v1/crds.go
@@ -704,9 +704,8 @@ var OperatorConfigCRDResourceValidation = apiextv1beta1.CustomResourceValidation
 								},
 							},
 							"node_readiness_label": {
-								Type:     "array",
-								Nullable: true,
-								Items: &apiextv1beta1.JSONSchemaPropsOrArray{
+								Type: "object",
+								AdditionalProperties: &apiextv1beta1.JSONSchemaPropsOrBool{
 									Schema: &apiextv1beta1.JSONSchemaProps{
 										Type: "string",
 									},