diff --git a/operator/roles/forkliftcontroller/tasks/main.yml b/operator/roles/forkliftcontroller/tasks/main.yml
index 9eb622cb8..723532753 100644
--- a/operator/roles/forkliftcontroller/tasks/main.yml
+++ b/operator/roles/forkliftcontroller/tasks/main.yml
@@ -147,41 +147,15 @@
       state: absent
       definition: "{{ lookup('template', 'api/validatingwebhookconfiguration-forklift-api.yml.j2') }}"
 
-  - name: "Setup secrets validating webhook configuration"
-    k8s:
-      state: present
-      definition: "{{ lookup('template', 'api/validatingwebhookconfiguration-secrets.yml.j2') }}"
-
-  - name: "Setup plans validating webhook configuration"
-    k8s:
-      state: present
-      definition: "{{ lookup('template', 'api/validatingwebhookconfiguration-plans.yml.j2') }}"
-
-  - name: "Setup providers validating webhook configuration"
-    k8s:
-      state: present
-      definition: "{{ lookup('template', 'api/validatingwebhookconfiguration-providers.yml.j2') }}"
-
   - name: "Delete aggregated mutating webhook configurations"
     k8s:
       state: absent
       definition: "{{ lookup('template', 'api/mutatingwebhookconfiguration-forklift-api.yml.j2') }}"
 
-  - name: "Setup secrets mutating webhook configuration"
-    k8s:
-      state: present
-      definition: "{{ lookup('template', 'api/mutatingwebhookconfiguration-secrets.yml.j2') }}"
-
-  - name: "Setup plans mutating webhook configuration"
-    k8s:
-      state: present
-      definition: "{{ lookup('template', 'api/mutatingwebhookconfiguration-plans.yml.j2') }}"
-
-
-  - name: "Setup providers mutating webhook configuration"
-    k8s:
-      state: present
-      definition: "{{ lookup('template', 'api/mutatingwebhookconfiguration-providers.yml.j2') }}"
+  - name: "Setup webhook configuration"
+    include_tasks: webhooks.yml
+    vars:
+      webhook_state: "present"
 
   - name: "Setup default provider"
     k8s:
@@ -276,3 +250,11 @@
       namespace: "{{ app_namespace }}"
       name: forklift-must-gather-api
       state: absent
+  when: finalize is not defined
+
+- block:
+  - name: "Remove webhook configuration"
+    include_tasks: webhooks.yml
+    vars:
+      webhook_state: "absent"
+  when: finalize
diff --git a/operator/roles/forkliftcontroller/tasks/webhooks.yml b/operator/roles/forkliftcontroller/tasks/webhooks.yml
new file mode 100644
index 000000000..764c923dc
--- /dev/null
+++ b/operator/roles/forkliftcontroller/tasks/webhooks.yml
@@ -0,0 +1,32 @@
+---
+- block:
+  - name: "Setup secrets validating webhook configuration"
+    k8s:
+      state: "{{ webhook_state }}"
+      definition: "{{ lookup('template', 'api/validatingwebhookconfiguration-secrets.yml.j2') }}"
+
+  - name: "Setup plans validating webhook configuration"
+    k8s:
+      state: "{{ webhook_state }}"
+      definition: "{{ lookup('template', 'api/validatingwebhookconfiguration-plans.yml.j2') }}"
+
+  - name: "Setup providers validating webhook configuration"
+    k8s:
+      state: "{{ webhook_state }}"
+      definition: "{{ lookup('template', 'api/validatingwebhookconfiguration-providers.yml.j2') }}"
+
+  - name: "Setup secrets mutating webhook configuration"
+    k8s:
+      state: "{{ webhook_state }}"
+      definition: "{{ lookup('template', 'api/mutatingwebhookconfiguration-secrets.yml.j2') }}"
+
+  - name: "Setup plans mutating webhook configuration"
+    k8s:
+      state: "{{ webhook_state }}"
+      definition: "{{ lookup('template', 'api/mutatingwebhookconfiguration-plans.yml.j2') }}"
+
+  - name: "Setup providers mutating webhook configuration"
+    k8s:
+      state: "{{ webhook_state }}"
+      definition: "{{ lookup('template', 'api/mutatingwebhookconfiguration-providers.yml.j2') }}"
+
diff --git a/operator/watches.yaml b/operator/watches.yaml
index 3889481a0..8e7e70670 100644
--- a/operator/watches.yaml
+++ b/operator/watches.yaml
@@ -5,3 +5,7 @@
   kind: ForkliftController
   role: forkliftcontroller
 #+kubebuilder:scaffold:watch
+  finalizer:
+    name: forklift.konveyor.io/finalizer
+    vars:
+      finalize: true