diff --git a/go.mod b/go.mod
index 911246b..0ebe300 100644
--- a/go.mod
+++ b/go.mod
@@ -5,10 +5,11 @@ go 1.23.2
 require (
 	github.com/onsi/ginkgo/v2 v2.21.0
 	github.com/onsi/gomega v1.35.1
-	github.com/zncdatadev/operator-go v0.10.0
+	github.com/zncdatadev/operator-go v0.11.2
 	k8s.io/api v0.31.2
 	k8s.io/apimachinery v0.31.2
 	k8s.io/client-go v0.31.2
+	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
 	sigs.k8s.io/controller-runtime v0.19.1
 )
 
@@ -70,7 +71,6 @@ require (
 	k8s.io/apiextensions-apiserver v0.31.0 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
-	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
diff --git a/go.sum b/go.sum
index bd70951..4fc9e1b 100644
--- a/go.sum
+++ b/go.sum
@@ -110,8 +110,8 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/zncdatadev/operator-go v0.10.0 h1:55UaRMJzeUE0pEYPY9xAtxQNYXrK2l+JeoZNeH1fn/4=
-github.com/zncdatadev/operator-go v0.10.0/go.mod h1:TDGK0lN6jhpCFSgPU+jomyp6F/7eK1/BaywswTD+5eA=
+github.com/zncdatadev/operator-go v0.11.2 h1:/3ti+26D9w38gZV2eQLIz62mPe45em3Ej8iePoSj/04=
+github.com/zncdatadev/operator-go v0.11.2/go.mod h1:Thc0Jo5LuXnwrb73shfI63PKlxC+7cGq7SClzo3Y5qI=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
@@ -190,8 +190,8 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
 k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
-k8s.io/kubectl v0.31.1 h1:ih4JQJHxsEggFqDJEHSOdJ69ZxZftgeZvYo7M/cpp24=
-k8s.io/kubectl v0.31.1/go.mod h1:aNuQoR43W6MLAtXQ/Bu4GDmoHlbhHKuyD49lmTC8eJM=
+k8s.io/kubectl v0.31.2 h1:gTxbvRkMBwvTSAlobiTVqsH6S8Aa1aGyBcu5xYLsn8M=
+k8s.io/kubectl v0.31.2/go.mod h1:EyASYVU6PY+032RrTh5ahtSOMgoDRIux9V1JLKtG5xM=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/controller-runtime v0.19.1 h1:Son+Q40+Be3QWb+niBXAg2vFiYWolDjjRfO8hn/cxOk=
diff --git a/internal/controller/authz/oidc.go b/internal/controller/authz/oidc.go
index 0e5a35c..ddebeb0 100644
--- a/internal/controller/authz/oidc.go
+++ b/internal/controller/authz/oidc.go
@@ -85,10 +85,9 @@ func (o *Oidc) getEnvVars() []corev1.EnvVar {
 		issuer.Host += ":" + strconv.Itoa(o.OidcProvider.Port)
 	}
 
-	provisioner := o.OidcProvider.Provisioner
-	// TODO: fix support keycloak-oidc
-	if provisioner == "keycloak" {
-		provisioner = "keycloak-oidc"
+	providerHint := o.OidcProvider.ProviderHint
+	if providerHint == "keycloak" {
+		providerHint = "keycloak-oidc"
 	}
 
 	clientCredentialsSecretName := o.Oidc.ClientCredentialsSecret
@@ -144,7 +143,7 @@ func (o *Oidc) getEnvVars() []corev1.EnvVar {
 		},
 		{
 			Name:  "OAUTH2_PROXY_PROVIDER",
-			Value: provisioner,
+			Value: providerHint,
 		},
 		{
 			Name:  "UPSTREAM",
diff --git a/internal/controller/common/configmap.go b/internal/controller/common/configmap.go
index c382ffb..e21b225 100644
--- a/internal/controller/common/configmap.go
+++ b/internal/controller/common/configmap.go
@@ -6,6 +6,7 @@ import (
 	"strings"
 
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/utils/ptr"
 	ctrl "sigs.k8s.io/controller-runtime"
 
 	commonsv1alpha1 "github.com/zncdatadev/operator-go/pkg/apis/commons/v1alpha1"
@@ -53,7 +54,7 @@ func NewConfigMapBuilder(
 	vectorConfigMapName string,
 	krb5SecretClass string,
 	tlsSecretClass string,
-	options builder.Options,
+	options builder.Option,
 ) *ConfigMapBuilder {
 	var krb5Config *authz.HbaseKerberosConfig
 	if krb5SecretClass != "" && tlsSecretClass != "" {
@@ -111,17 +112,27 @@ func (b *ConfigMapBuilder) getJVMOPTS() string {
 	return fmt.Sprintf(`export HBASE_%s_OPTS="$HBASE_OPTS %s"`, b.RoleName, strings.Join(opts, " "))
 }
 
-func (b *ConfigMapBuilder) AddLog4jProperties() {
-	l := productlogging.NewLog4jConfigGenerator(
+func (b *ConfigMapBuilder) AddLog4jProperties() error {
+	logGenerator, err := productlogging.NewConfigGenerator(
 		b.LoggingConfig,
 		b.RoleName,
-		"%d{ISO8601} %-5p [%t] %c{2}: %.1000m%n",
-		nil,
 		"hbase.log4j.xml",
-		"",
+		productlogging.LogTypeLog4j,
+		func(cgo *productlogging.ConfigGeneratorOption) {
+			cgo.ConsoleHandlerFormatter = ptr.To("%d{ISO8601} %-5p [%t] %c{2}: %.1000m%n")
+		},
 	)
-	s := l.Generate()
+	if err != nil {
+		return err
+	}
+
+	s, err := logGenerator.Content()
+	if err != nil {
+		return err
+	}
+
 	b.AddItem(LogKey, s)
+	return nil
 }
 
 func (b *ConfigMapBuilder) AddSSLClientXML() error {
@@ -244,7 +255,9 @@ func (r *ConfigMapReconciler[T]) Reconcile(ctx context.Context) (ctrl.Result, er
 		return ctrl.Result{}, err
 	}
 
-	builder.AddLog4jProperties()
+	if err := builder.AddLog4jProperties(); err != nil {
+		return ctrl.Result{}, err
+	}
 
 	if err := builder.AddSSLClientXML(); err != nil {
 		return ctrl.Result{}, err
@@ -288,7 +301,7 @@ func NewConfigMapReconciler[T reconciler.AnySpec](
 		clusterConfig.VectorAggregatorConfigMapName,
 		krb5SecretClass,
 		tlsSecretClass,
-		builder.Options{
+		builder.Option{
 			ClusterName:   options.GetClusterName(),
 			RoleName:      options.GetRoleName(),
 			RoleGroupName: options.GetGroupName(),
diff --git a/internal/controller/master/role.go b/internal/controller/master/role.go
index 4ded53c..f77ca5a 100644
--- a/internal/controller/master/role.go
+++ b/internal/controller/master/role.go
@@ -81,16 +81,16 @@ func (r *Reconciler) RegisterResourceWithRoleGroup(_ context.Context, info recon
 	}
 
 	options := builder.WorkloadOptions{
-		Options: builder.Options{
+		Option: builder.Option{
 			ClusterName:   info.GetClusterName(),
 			RoleName:      info.GetRoleName(),
 			RoleGroupName: info.GetGroupName(),
 			Labels:        info.GetLabels(),
 			Annotations:   info.GetAnnotations(),
 		},
-		PodOverrides:     spec.PodOverrides,
-		CommandOverrides: spec.CliOverrides,
-		EnvOverrides:     spec.EnvOverrides,
+		PodOverrides: spec.PodOverrides,
+		CliOverrides: spec.CliOverrides,
+		EnvOverrides: spec.EnvOverrides,
 	}
 
 	if spec.Config != nil {
diff --git a/internal/controller/regionserver/role.go b/internal/controller/regionserver/role.go
index 96b6d19..5064cb9 100644
--- a/internal/controller/regionserver/role.go
+++ b/internal/controller/regionserver/role.go
@@ -82,16 +82,16 @@ func (r *Reconciler) RegisterResourceWithRoleGroup(_ context.Context, info recon
 	}
 
 	options := builder.WorkloadOptions{
-		Options: builder.Options{
+		Option: builder.Option{
 			ClusterName:   info.GetClusterName(),
 			RoleName:      info.GetRoleName(),
 			RoleGroupName: info.GetGroupName(),
 			Labels:        info.GetLabels(),
 			Annotations:   info.GetAnnotations(),
 		},
-		PodOverrides:     spec.PodOverrides,
-		CommandOverrides: spec.CliOverrides,
-		EnvOverrides:     spec.EnvOverrides,
+		PodOverrides: spec.PodOverrides,
+		CliOverrides: spec.CliOverrides,
+		EnvOverrides: spec.EnvOverrides,
 	}
 
 	if spec.Config != nil {
diff --git a/internal/controller/restserver/role.go b/internal/controller/restserver/role.go
index 4136b95..75f5a96 100644
--- a/internal/controller/restserver/role.go
+++ b/internal/controller/restserver/role.go
@@ -81,16 +81,16 @@ func (r *Reconciler) RegisterResourceWithRoleGroup(_ context.Context, info recon
 	}
 
 	options := builder.WorkloadOptions{
-		Options: builder.Options{
+		Option: builder.Option{
 			ClusterName:   info.GetClusterName(),
 			RoleName:      info.GetRoleName(),
 			RoleGroupName: info.GetGroupName(),
 			Labels:        info.GetLabels(),
 			Annotations:   info.GetAnnotations(),
 		},
-		PodOverrides:     spec.PodOverrides,
-		CommandOverrides: spec.CliOverrides,
-		EnvOverrides:     spec.EnvOverrides,
+		PodOverrides: spec.PodOverrides,
+		CliOverrides: spec.CliOverrides,
+		EnvOverrides: spec.EnvOverrides,
 	}
 
 	if spec.Config != nil {
diff --git a/test/e2e/oidc/authenticationclass.yaml b/test/e2e/oidc/authenticationclass.yaml
index ae3a380..e9f0883 100644
--- a/test/e2e/oidc/authenticationclass.yaml
+++ b/test/e2e/oidc/authenticationclass.yaml
@@ -8,7 +8,7 @@ spec:
       hostname: (join('', ['keycloak.', ($namespace), '.svc.cluster.local']))
       port: 80
       rootPath: (join('', ['/realms/', ($KEYCLOAK_REALM)]))
-      provisioner: keycloak
+      providerHint: keycloak
       scopes:
       - openid
       - email