diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index c997f7044..9cfc2020a 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -9,8 +9,9 @@ on:
 
 env:
   GO_VERSION: 1.21
-  IMAGE_TAG_BASE: ${KIND_REGISTRY}/securesign
-  IMAGE_TAG: latest
+  AWS_REGION: us-east-2
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
 jobs:
   build-operator:
@@ -25,6 +26,22 @@ jobs:
         with:
           go-version: ${{ env.GO_VERSION }}
 
+      - name: Build operator container
+        run: IMG=ttl.sh/securesign/secure-sign-operator:1h make docker-build docker-push
+
+  test-kind:
+    name: Test kind deployment
+    runs-on: ubuntu-20.04
+    needs: build-operator
+    steps:  
+      - name: Checkout source
+        uses: actions/checkout@v2
+
+      - name: Install Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ env.GO_VERSION }}
+            
       - name: Log in to registry.redhat.io
         uses: redhat-actions/podman-login@9184318aae1ee5034fbfbacc0388acf12669171f # v1
         with:
@@ -46,8 +63,8 @@ jobs:
           kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
           kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=90s
 
-      - name: Build and Deploy operator container
-        run: make docker-build docker-push deploy
+      - name: Deploy operator container
+        run: IMG=ttl.sh/securesign/secure-sign-operator:1h make deploy
 
       - name: Wait for operator to be ready
         run: | 
@@ -110,3 +127,106 @@ jobs:
       - name: dump the logs of the operator
         run: kubectl logs -n openshift-rhtas-operator deployment/rhtas-operator-controller-manager
         if: always()
+
+  test-eks:
+    name: Test EKS deployment
+    runs-on: ubuntu-20.04
+    needs: build-operator
+    if: >
+      (github.event_name == 'push' || github.event_name == 'schedule') &&
+      (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v'))
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v2
+
+      - name: Install Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Install eksctl
+        run: |
+          ARCH=amd64
+          PLATFORM=$(uname -s)_$ARCH
+          curl -sLO "https://github.com/eksctl-io/eksctl/releases/latest/download/eksctl_$PLATFORM.tar.gz"
+          tar -xzf eksctl_$PLATFORM.tar.gz -C /tmp && rm eksctl_$PLATFORM.tar.gz
+          sudo mv /tmp/eksctl /usr/local/bin
+
+      - name: Install kubectl
+        run: |
+          ARCH=amd64
+          PLATFORM=$(uname -s)_$ARCH
+          curl -sLO "https://dl.k8s.io/release/v1.22.0/bin/linux/amd64/kubectl"
+          chmod +x kubectl
+          sudo mv kubectl /usr/local/bin
+
+      - name: run eksctl create cluster
+        run: |
+          eksctl create cluster --alb-ingress-access --external-dns-access --name rhtas-eks-${GITHUB_SHA} --nodes 1  --node-type m5.xlarge --spot
+          eksctl utils associate-iam-oidc-provider --region=us-east-2 --cluster=rhtas-eks-${GITHUB_SHA} --approve
+          eksctl create iamserviceaccount --region us-east-2 --name ebs-csi-controller-sa --namespace kube-system --cluster rhtas-eks-${GITHUB_SHA} --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy --approve --role-only --role-name AmazonEKS_EBS_CSI_DriverRole
+          eksctl create addon --name aws-ebs-csi-driver --cluster rhtas-eks-${GITHUB_SHA} --service-account-role-arn arn:aws:iam::${{ secrets.AWS }}:role/AmazonEKS_EBS_CSI_DriverRole --force
+          kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/aws/deploy.yaml
+
+      - name: Deploy operator container
+        run: IMG=ttl.sh/securesign/secure-sign-operator:1h make deploy
+
+      - name: Wait for operator to be ready
+        run: | 
+          kubectl wait --for=condition=available deployment/rhtas-operator-controller-manager --timeout=60s -n openshift-rhtas-operator
+
+      - name: Install cosign
+        run: go install github.com/sigstore/cosign/v2/cmd/cosign@v2.2.2
+
+      - name: Deploy RTHAS
+        run: |
+          sed -i 's|"https://your-oidc-issuer-url"|${{ secrets.testing_keycloak }}|g' config/samples/rhtas_v1alpha1_securesign.yaml
+          sed -i 's|ClientID: "trusted-artifact-signer"|ClientID: "sigstore"|g' config/samples/rhtas_v1alpha1_securesign.yaml
+          kubectl create ns test
+          kubectl apply -f config/samples/rhtas_v1alpha1_securesign.yaml -n test
+
+      - name: Until shell script to wait for trillian-db deployment to be created
+        run: |
+          for i in trillian-db trillian-logserver trillian-logsigner fulcio-server; do
+            until [ ! -z "$(kubectl get deployment $i -n test 2>/dev/null)" ]
+            do
+              echo "Waiting for $i deployment to be created. Pods in test namespace:"
+              kubectl get pods -n test
+              sleep 3
+            done
+          done
+        shell: bash
+
+      - name: Test deployments are ready
+        run: |
+          kubectl wait --for=condition=available deployment/trillian-db -n test --timeout=30s
+          kubectl wait --for=condition=available deployment/trillian-logserver -n test --timeout=30s
+          kubectl wait --for=condition=available deployment/trillian-logsigner -n test --timeout=30s
+          kubectl wait --for=condition=available deployment/fulcio-server -n test --timeout=30s
+
+      - name: Until shell script to wait for tuf, ctlog, rekor-redis, rekor-server deployment to be created
+        run: |
+          for i in tuf ctlog rekor-redis rekor-server; do
+            until [ ! -z "$(kubectl get deployment $i -n test 2>/dev/null)" ]
+            do
+              echo "Waiting for $i deployment to be created. Pods in test namespace:"
+              kubectl get pods -n test
+              sleep 3
+            done
+          done
+        shell: bash
+
+      - name: Test deployments are ready
+        run: |
+          kubectl wait --for=condition=available deployment/tuf -n test --timeout=30s
+          kubectl wait --for=condition=available deployment/ctlog -n test --timeout=30s
+          kubectl wait --for=condition=available deployment/rekor-redis -n test --timeout=30s
+          kubectl wait --for=condition=available deployment/rekor-server -n test --timeout=30s
+
+      - name: dump the logs of the operator
+        run: kubectl logs -n openshift-rhtas-operator deployment/rhtas-operator-controller-manager
+        if: always()
+
+      - name: delete the cluster
+        run: eksctl delete cluster --name rhtas-eks-${GITHUB_SHA} --region us-east-2 --wait
+        if: always()
diff --git a/controllers/trillian/actions/db/deployment.go b/controllers/trillian/actions/db/deployment.go
index 86d4187d8..c5f2ff37c 100644
--- a/controllers/trillian/actions/db/deployment.go
+++ b/controllers/trillian/actions/db/deployment.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 
 	"github.com/securesign/operator/controllers/common/action"
+	"github.com/securesign/operator/controllers/common/utils/kubernetes"
 	"github.com/securesign/operator/controllers/constants"
 	"github.com/securesign/operator/controllers/trillian/actions"
 	trillianUtils "github.com/securesign/operator/controllers/trillian/utils"
@@ -34,15 +35,19 @@ func (i deployAction) CanHandle(instance *rhtasv1alpha1.Trillian) bool {
 
 func (i deployAction) Handle(ctx context.Context, instance *rhtasv1alpha1.Trillian) *action.Result {
 	var (
-		err     error
-		updated bool
+		err       error
+		updated   bool
+		openshift bool
 	)
+	openshift = kubernetes.IsOpenShift(i.Client)
+
 	labels := constants.LabelsFor(actions.DbComponentName, actions.DbDeploymentName, instance.Name)
 	db := trillianUtils.CreateTrillDb(instance.Namespace, constants.TrillianDbImage,
 		actions.DbDeploymentName,
 		actions.RBACName,
 		instance.Spec.Db.PvcName,
 		*instance.Spec.Db.DatabaseSecretRef,
+		openshift,
 		labels)
 	if err = controllerutil.SetControllerReference(instance, db, i.Client.Scheme()); err != nil {
 		return i.Failed(fmt.Errorf("could not set controller reference for DB Deployment: %w", err))
diff --git a/controllers/trillian/utils/trillian-db.go b/controllers/trillian/utils/trillian-db.go
index c92a323c1..a3a72a540 100644
--- a/controllers/trillian/utils/trillian-db.go
+++ b/controllers/trillian/utils/trillian-db.go
@@ -6,8 +6,17 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-func CreateTrillDb(namespace string, image string, dpName string, sa string, pvcName string, dbsecret core.LocalObjectReference, labels map[string]string) *apps.Deployment {
+func CreateTrillDb(namespace string, image string, dpName string, sa string, pvcName string, dbsecret core.LocalObjectReference, openshift bool, labels map[string]string) *apps.Deployment {
 	replicas := int32(1)
+	var secCont *core.PodSecurityContext
+	if !openshift {
+		uid := int64(1001)
+		fsid := int64(1001)
+		secCont = &core.PodSecurityContext{
+			RunAsUser: &uid,
+			FSGroup:   &fsid,
+		}
+	}
 	return &apps.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      dpName,
@@ -25,6 +34,7 @@ func CreateTrillDb(namespace string, image string, dpName string, sa string, pvc
 				},
 				Spec: core.PodSpec{
 					ServiceAccountName: sa,
+					SecurityContext:    secCont,
 					Volumes: []core.Volume{
 						{
 							Name: "storage",