diff --git a/README.md b/README.md
index fbe8665..83ebf6f 100644
--- a/README.md
+++ b/README.md
@@ -66,7 +66,7 @@ spec:
       containers:
         - name: doppler-secrets
           image: alpine
-          command: ['/bin/sh', '-c', 'printenv && sleep 3600'] # Test by printing env var names
+          command: ['/bin/sh', '-c', 'apk add --no-cache tini > /dev/null 2>&1 && printenv | grep -v KUBERNETES_ && tini -s tail -f /dev/null'] # Test by printing env var names
           envFrom: # Only envFrom is currently supported for auto-reloads
             - secretRef:
                 name: app-secret # Should match DopplerSecret.spec.secretName          
diff --git a/doppler-crd-controller.yml b/doppler-crd-controller.yml
index 4d3d084..5aaae15 100644
--- a/doppler-crd-controller.yml
+++ b/doppler-crd-controller.yml
@@ -48,7 +48,7 @@ rules:
     verbs: ['get', 'create', 'update', 'delete']
   - apiGroups: ['apps']
     resources: ['deployments']
-    verbs: ['patch']
+    verbs: ['list', 'patch']
   - apiGroups: ['']
     resources: ['namespaces']
     verbs: ['get', 'watch', 'list']
diff --git a/example/deployment.yml b/example/deployment.yml
index baabceb..4ca7bc8 100644
--- a/example/deployment.yml
+++ b/example/deployment.yml
@@ -17,7 +17,7 @@ spec:
       containers:
         - name: doppler-secrets
           image: alpine
-          command: ['/bin/sh', '-c', 'printenv && sleep 3600'] # Test by printing env var names          
+          command: ['/bin/sh', '-c', 'apk add --no-cache tini > /dev/null 2>&1 && printenv | grep -v KUBERNETES_ && tini -s tail -f /dev/null'] # Test by printing env var names          
           imagePullPolicy: Always
           envFrom:
             - secretRef: