diff --git a/.github/workflows/conformance.yaml b/.github/workflows/conformance.yaml
index b30648ee..b56da5ff 100644
--- a/.github/workflows/conformance.yaml
+++ b/.github/workflows/conformance.yaml
@@ -76,7 +76,7 @@ jobs:
       matrix:
         # Keep this list up-to-date with https://endoflife.date/kubernetes
         # Available versions can be found with "replicated cluster versions"
-        K3S_VERSION: [ 1.32.8, 1.33.4 ]
+        K3S_VERSION: [ 1.32.9, 1.33.5, 1.34.1 ]
       fail-fast: false
     steps:
       - name: Checkout
@@ -120,8 +120,7 @@ jobs:
         run: TEST_KUBECONFIG=${{ steps.prep.outputs.kubeconfig-path }} make e2e
       - name: Run flux bootstrap
         run: |
-          ./bin/flux bootstrap git --manifests ./manifests/install/ \
-          --components-extra=image-reflector-controller,image-automation-controller \
+          ./bin/flux bootstrap git --manifests ./manifests/test/ \
           --url=https://github.com/fluxcd-testing/${{ steps.prep.outputs.cluster }} \
           --branch=main \
           --path=clusters/k3s \
@@ -169,7 +168,7 @@ jobs:
     strategy:
       matrix:
         # Keep this list up-to-date with https://endoflife.date/red-hat-openshift
-        OPENSHIFT_VERSION: [ 4.19.0-okd ]
+        OPENSHIFT_VERSION: [ 4.19.0-okd, 4.20.0-okd ]
       fail-fast: false
     steps:
       - name: Checkout
@@ -212,7 +211,6 @@ jobs:
       - name: Run flux bootstrap
         run: |
           ./bin/flux bootstrap git --manifests ./manifests/openshift/ \
-          --components-extra=image-reflector-controller,image-automation-controller \
           --url=https://github.com/fluxcd-testing/${{ steps.prep.outputs.cluster }} \
           --branch=main \
           --path=clusters/openshift \
diff --git a/.github/workflows/e2e-bootstrap.yaml b/.github/workflows/e2e-bootstrap.yaml
index 32e93aaf..98a8e0d7 100644
--- a/.github/workflows/e2e-bootstrap.yaml
+++ b/.github/workflows/e2e-bootstrap.yaml
@@ -51,7 +51,7 @@ jobs:
           echo "test_repo_name=$TEST_REPO_NAME" >> $GITHUB_OUTPUT
       - name: bootstrap init
         run: |
-          ./bin/flux bootstrap github --manifests ./manifests/install/ \
+          ./bin/flux bootstrap github --manifests ./manifests/test/ \
           --owner=fluxcd-testing \
           --image-pull-secret=ghcr-auth \
           --registry-creds=fluxcd:$GITHUB_TOKEN \
@@ -66,7 +66,7 @@ jobs:
           kubectl -n flux-system get secret ghcr-auth | grep dockerconfigjson
       - name: bootstrap no-op
         run: |
-          ./bin/flux bootstrap github --manifests ./manifests/install/ \
+          ./bin/flux bootstrap github --manifests ./manifests/test/ \
           --owner=fluxcd-testing \
           --image-pull-secret=ghcr-auth \
           --repository=${{ steps.vars.outputs.test_repo_name }} \
@@ -78,7 +78,7 @@ jobs:
       - name: bootstrap customize
         run: |
           make setup-bootstrap-patch
-          ./bin/flux bootstrap github --manifests ./manifests/install/ \
+          ./bin/flux bootstrap github --manifests ./manifests/test/ \
           --owner=fluxcd-testing \
           --repository=${{ steps.vars.outputs.test_repo_name }} \
           --branch=main \
@@ -98,7 +98,7 @@ jobs:
       - name: test image automation
         run: |
           make setup-image-automation
-          ./bin/flux bootstrap github --manifests ./manifests/install/ \
+          ./bin/flux bootstrap github --manifests ./manifests/test/ \
           --owner=fluxcd-testing \
           --repository=${{ steps.vars.outputs.test_repo_name }} \
           --branch=main \
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index fb7e23fb..8cde11cb 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -65,7 +65,7 @@ jobs:
           ./bin/flux check --pre
       - name: flux install --manifests
         run: |
-          ./bin/flux install --manifests ./manifests/install/
+          ./bin/flux install --manifests ./manifests/test/
       - name: flux create secret
         run: |
           ./bin/flux create secret git git-ssh-test \
diff --git a/manifests/openshift/kustomization.yaml b/manifests/openshift/kustomization.yaml
index a161f2b1..8ee6a1c0 100644
--- a/manifests/openshift/kustomization.yaml
+++ b/manifests/openshift/kustomization.yaml
@@ -5,6 +5,7 @@ resources:
   - namespace.yaml
   - scc.yaml
   - ../bases/source-controller
+  - ../bases/source-watcher
   - ../bases/kustomize-controller
   - ../bases/notification-controller
   - ../bases/helm-controller
@@ -17,6 +18,8 @@ transformers:
 images:
   - name: fluxcd/source-controller
     newName: ghcr.io/fluxcd/source-controller
+  - name: fluxcd/source-watcher
+    newName: ghcr.io/fluxcd/source-watcher
   - name: fluxcd/kustomize-controller
     newName: ghcr.io/fluxcd/kustomize-controller
   - name: fluxcd/helm-controller
diff --git a/manifests/openshift/scc.yaml b/manifests/openshift/scc.yaml
index 6a25f70b..c7c7e97e 100644
--- a/manifests/openshift/scc.yaml
+++ b/manifests/openshift/scc.yaml
@@ -26,6 +26,9 @@ subjects:
   - kind: ServiceAccount
     name: source-controller
     namespace: flux-system
+  - kind: ServiceAccount
+    name: source-watcher
+    namespace: flux-system
   - kind: ServiceAccount
     name: kustomize-controller
     namespace: flux-system
diff --git a/manifests/test/kustomization.yaml b/manifests/test/kustomization.yaml
new file mode 100644
index 00000000..489f571c
--- /dev/null
+++ b/manifests/test/kustomization.yaml
@@ -0,0 +1,40 @@
+# This overlay is used in end-to-end tests and contains all optional controllers.
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: flux-system
+resources:
+  - namespace.yaml
+  - ../bases/source-controller
+  - ../bases/source-watcher
+  - ../bases/kustomize-controller
+  - ../bases/notification-controller
+  - ../bases/helm-controller
+  - ../bases/image-reflector-controller
+  - ../bases/image-automation-controller
+  - ../rbac
+  - ../policies
+transformers:
+  - labels.yaml
+images:
+  - name: fluxcd/source-controller
+    newName: ghcr.io/fluxcd/source-controller
+  - name: fluxcd/source-watcher
+    newName: ghcr.io/fluxcd/source-watcher
+  - name: fluxcd/kustomize-controller
+    newName: ghcr.io/fluxcd/kustomize-controller
+  - name: fluxcd/helm-controller
+    newName: ghcr.io/fluxcd/helm-controller
+  - name: fluxcd/notification-controller
+    newName: ghcr.io/fluxcd/notification-controller
+  - name: fluxcd/image-reflector-controller
+    newName: ghcr.io/fluxcd/image-reflector-controller
+  - name: fluxcd/image-automation-controller
+    newName: ghcr.io/fluxcd/image-automation-controller
+patches:
+  - target:
+      kind: Deployment
+      name: "(kustomize-controller|helm-controller)"
+    patch: |-
+      - op: add
+        path: /spec/template/spec/containers/0/args/-
+        value: --feature-gates=ExternalArtifact=true
diff --git a/manifests/test/labels.yaml b/manifests/test/labels.yaml
new file mode 100644
index 00000000..b17a5d02
--- /dev/null
+++ b/manifests/test/labels.yaml
@@ -0,0 +1,13 @@
+apiVersion: builtin
+kind: LabelTransformer
+metadata:
+  name: labels
+labels:
+  app.kubernetes.io/part-of: flux
+  app.kubernetes.io/instance: flux-system
+fieldSpecs:
+  - path: metadata/labels
+    create: true
+  - kind: Deployment
+    path: spec/template/metadata/labels
+    create: true
diff --git a/manifests/test/namespace.yaml b/manifests/test/namespace.yaml
new file mode 100644
index 00000000..c2b5961d
--- /dev/null
+++ b/manifests/test/namespace.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: flux-system
+  labels:
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/warn-version: latest