diff --git a/kanidm/templates/configmap.yaml b/kanidm/templates/configmap.yaml
index 3653830..087beda 100644
--- a/kanidm/templates/configmap.yaml
+++ b/kanidm/templates/configmap.yaml
@@ -10,7 +10,7 @@ data:
     #   If the port is set to 443 you may require the
     #   NET_BIND_SERVICE capability.
     #   Defaults to "127.0.0.1:8443"
-    bindaddress = "{{ .Values.kanidm.bindaddress }}"
+    bindaddress = "{{ tpl .Values.kanidm.bindaddress $ }}"
     #
     {{- if .Values.kanidmLdap.enabled }}
     #   The read-only ldap server bind address. Requires
@@ -101,7 +101,7 @@ data:
     #   domain name you configure above. If these two items are
     #   not consistent, the server WILL refuse to start!
     #   origin = "https://idm.example.com"
-    origin = "https://{{ tpl .Values.kanidm.domain $ }}:8443"
+    origin = "https://{{ tpl .Values.kanidm.domain $ }}:{{ .Values.service.port }}"
     #
     {{- if .Values.kanidmOnlineBackup.enabled }}
     [online_backup]
diff --git a/kanidm/templates/deployment.yaml b/kanidm/templates/deployment.yaml
index 3cc1657..37366c6 100644
--- a/kanidm/templates/deployment.yaml
+++ b/kanidm/templates/deployment.yaml
@@ -8,13 +8,18 @@ spec:
   {{- if not .Values.autoscaling.enabled }}
   replicas: {{ .Values.replicaCount }}
   {{- end }}
+  {{- if .Values.strategy }}
+  strategy:
+  {{ toYaml .Values.strategy | indent 2 }}
+  {{- end }}
   selector:
     matchLabels:
       {{- include "kanidm.selectorLabels" . | nindent 6 }}
   template:
     metadata:
-      {{- with .Values.podAnnotations }}
       annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+      {{- with .Values.podAnnotations }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
@@ -61,7 +66,7 @@ spec:
               zypper install -y gawk kubernetes-client
               /sbin/kanidmd server -c /data/server.toml &
               serverPID=$!
-              until curl -k --output /dev/null --silent --head --fail https://localhost:8443; do
+              until curl -k --output /dev/null --silent --head --fail https://localhost:{{ .Values.service.port }}; do
                 printf '.'
                 sleep 5
               done
diff --git a/kanidm/values.yaml b/kanidm/values.yaml
index 9faa1d7..c060b0a 100644
--- a/kanidm/values.yaml
+++ b/kanidm/values.yaml
@@ -4,6 +4,9 @@
 
 replicaCount: 1
 
+strategy:
+  type: Recreate
+
 image:
   repository: docker.io/kanidm/server
   pullPolicy: IfNotPresent
@@ -15,9 +18,9 @@ nameOverride: ""
 fullnameOverride: ""
 
 kanidm:
-  bindaddress: "[::]:8443"
+  bindaddress: "[::]:{{ .Values.service.port }}"
   domain: "idm.example.com"
-  #origin: "https://{{ .Values.kanidm.domain }}:8443
+  #origin: "https://{{ .Values.kanidm.domain }}:{{ .Values.service.port }}"
   trust_x_forward_for: true
   db_path: "/data/kanidm.db"
   #db_fs_type: "zfs"
@@ -63,7 +66,7 @@ securityContext: {}
 
 service:
   type: ClusterIP
-  port: 8443
+  port: 443
 
 ingress:
   enabled: false
@@ -116,12 +119,12 @@ resources: {}
 livenessProbe:
   httpGet:
     scheme: HTTPS
-    path: /
+    path: /status
     port: http
 readinessProbe:
   httpGet:
     scheme: HTTPS
-    path: /
+    path: /status
     port: http
 
 autoscaling: