diff --git a/elastisearch-exporter/Dockerfile b/elastisearch-exporter/Dockerfile
new file mode 100644
index 0000000..9cfe423
--- /dev/null
+++ b/elastisearch-exporter/Dockerfile
@@ -0,0 +1,4 @@
+FROM openshift/origin:latest
+COPY elasticsearch_exporter /bin/elasticsearch_exporter
+ENTRYPOINT /bin/elasticsearch_exporter
+
diff --git a/elastisearch-exporter/README b/elastisearch-exporter/README
new file mode 100644
index 0000000..8dd9167
--- /dev/null
+++ b/elastisearch-exporter/README
@@ -0,0 +1,8 @@
+This used the justwatch elasticsearch exporter.
+
+The existing dockerfile did not contain the latest arguments that the master branch had.
+
+Also when trying to run the master branch we ran into panics so a custom build with `exporter.go` 
+lines 471 and 472 comment out.
+
+
diff --git a/elastisearch-exporter/dc.yaml b/elastisearch-exporter/dc.yaml
new file mode 100644
index 0000000..4ce40a8
--- /dev/null
+++ b/elastisearch-exporter/dc.yaml
@@ -0,0 +1,131 @@
+apiVersion: v1
+kind: DeploymentConfig
+metadata:
+  name: logging-es-aa0v5dqh
+  namespace: logging
+  labels:
+    app: logging-es-template
+    component: es
+    logging-infra: elasticsearch
+    provider: openshift
+  annotations:
+    openshift.io/generated-by: OpenShiftNewApp
+spec:
+  strategy:
+    type: Recreate
+    recreateParams:
+      timeoutSeconds: 600
+    resources: {}
+  triggers:
+    - type: ConfigChange
+  replicas: 1
+  test: false
+  selector:
+    component: es
+    deployment: logging-es-aa0v5dqh
+    provider: openshift
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: logging-es-template
+        component: es
+        deployment: logging-es-aa0v5dqh
+        provider: openshift
+      annotations:
+        openshift.io/generated-by: OpenShiftNewApp
+    spec:
+      volumes:
+        - name: elasticsearch
+          secret:
+            secretName: logging-elasticsearch
+            defaultMode: 420
+        - name: elasticsearch-config
+          configMap:
+            name: logging-elasticsearch
+            defaultMode: 420
+        - name: elasticsearch-storage
+          persistentVolumeClaim:
+            claimName: logging-es-aa0v5dqh
+      containers:
+        - name: elasticsearch-prom-exporter
+          image: 'docker.io/pweil/elasticsearch_exporter:latest'
+          command:
+            - /bin/elasticsearch_exporter
+          args:
+            - '-es.uri=https://localhost:9200'
+            - '-es.ca=/etc/elasticsearch/secret/admin-ca'
+            - '-es.client-cert=/etc/elasticsearch/secret/admin-cert'
+            - '-es.client-private-key=/etc/elasticsearch/secret/admin-key'
+          ports:
+            - name: scraper
+              containerPort: 9108
+              protocol: TCP
+          resources:
+            limits:
+              memory: 256Mi
+            requests:
+              memory: 256Mi
+          volumeMounts:
+            - name: elasticsearch
+              readOnly: true
+              mountPath: /etc/elasticsearch/secret
+          terminationMessagePath: /dev/termination-log
+          imagePullPolicy: Always
+        - name: elasticsearch
+          image: '172.30.194.97:5000/logging/logging-elasticsearch:latest'
+          ports:
+            - name: restapi
+              containerPort: 9200
+              protocol: TCP
+            - name: cluster
+              containerPort: 9300
+              protocol: TCP
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: KUBERNETES_TRUST_CERT
+              value: 'true'
+            - name: SERVICE_DNS
+              value: logging-es-cluster
+            - name: CLUSTER_NAME
+              value: logging-es
+            - name: INSTANCE_RAM
+              value: 7680M
+            - name: NODE_QUORUM
+              value: '2'
+            - name: RECOVER_AFTER_NODES
+              value: '1'
+            - name: RECOVER_EXPECTED_NODES
+              value: '2'
+            - name: RECOVER_AFTER_TIME
+              value: 5m
+          resources:
+            limits:
+              memory: 7680Mi
+            requests:
+              memory: 512Mi
+          volumeMounts:
+            - name: elasticsearch
+              readOnly: true
+              mountPath: /etc/elasticsearch/secret
+            - name: elasticsearch-config
+              readOnly: true
+              mountPath: /usr/share/java/elasticsearch/config
+            - name: elasticsearch-storage
+              mountPath: /elasticsearch/persistent
+          terminationMessagePath: /dev/termination-log
+          imagePullPolicy: Always
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 600
+      dnsPolicy: ClusterFirst
+      nodeSelector:
+        type: infra
+      serviceAccountName: aggregated-logging-elasticsearch
+      serviceAccount: aggregated-logging-elasticsearch
+      securityContext:
+        supplementalGroups:
+          - 65534
diff --git a/elastisearch-exporter/elasticsearch_exporter b/elastisearch-exporter/elasticsearch_exporter
new file mode 100755
index 0000000..ec9066a
Binary files /dev/null and b/elastisearch-exporter/elasticsearch_exporter differ
diff --git a/image-observer/Dockerfile b/image-observer/Dockerfile
new file mode 100644
index 0000000..a78a686
--- /dev/null
+++ b/image-observer/Dockerfile
@@ -0,0 +1,6 @@
+FROM openshift/origin
+ADD observer.sh /bin/observer.sh
+ADD test.sh /bin/test.sh
+ENTRYPOINT /bin/observer.sh
+
+
diff --git a/image-observer/image-observer.yaml b/image-observer/image-observer.yaml
new file mode 100644
index 0000000..d678933
--- /dev/null
+++ b/image-observer/image-observer.yaml
@@ -0,0 +1,40 @@
+apiVersion: v1
+kind: DeploymentConfig
+metadata:
+  name: image-observer
+spec:
+  replicas: 1
+  selector:
+    run: image-observer
+  strategy:
+    activeDeadlineSeconds: 21600
+    resources: {}
+    rollingParams:
+      intervalSeconds: 1
+      maxSurge: 25%
+      maxUnavailable: 25%
+      timeoutSeconds: 600
+      updatePeriodSeconds: 1
+    type: Rolling
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        run: image-observer
+    spec:
+      containers:
+      - image: pweil/image-observer
+        imagePullPolicy: Always
+        name: image-observer
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      serviceAccountName: prometheus
+      terminationGracePeriodSeconds: 30
+  test: false
+  triggers:
+  - type: ConfigChange
diff --git a/image-observer/observer.sh b/image-observer/observer.sh
new file mode 100755
index 0000000..a6d2ece
--- /dev/null
+++ b/image-observer/observer.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+# make sure the service account has access to priv and host mount, only needs run once
+#oadm policy add-scc-to-user privileged -z default
+oc observe --all-namespaces=true --type-env-var="OBJ_ACTION" pods -- /bin/test.sh
diff --git a/image-observer/test.sh b/image-observer/test.sh
new file mode 100755
index 0000000..10b146b
--- /dev/null
+++ b/image-observer/test.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+
+# TODO need to also handle updates but only when it is a new image
+if [[ $OBJ_ACTION == "Deleted" ]]; then
+    echo "ignoring..."
+  exit 0
+fi
+
+images=$(oc get pod --namespace=${1} --template="pod:{{.metadata.namespace}}/{{.metadata.name}}, {{range $key $val .spec.containers}}image:{{$val.image}} {{end}}" ${2})
+echo $images
+
+