diff --git a/deploy/charts/venafi-kubernetes-agent/templates/deployment.yaml b/deploy/charts/venafi-kubernetes-agent/templates/deployment.yaml
index 92d96597..3453475a 100644
--- a/deploy/charts/venafi-kubernetes-agent/templates/deployment.yaml
+++ b/deploy/charts/venafi-kubernetes-agent/templates/deployment.yaml
@@ -94,6 +94,18 @@ spec:
             - containerPort: 8081
               name: http-metrics
           {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8081
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: 8081
+            initialDelaySeconds: 5
+            periodSeconds: 10
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
diff --git a/pkg/agent/run.go b/pkg/agent/run.go
index 8d7b630d..6d0b474e 100644
--- a/pkg/agent/run.go
+++ b/pkg/agent/run.go
@@ -75,18 +75,32 @@ func Run(cmd *cobra.Command, args []string) {
 			}
 		}()
 	}
-	if Flags.Prometheus {
-		logs.Log.Printf("Prometheus was enabled.\nRunning prometheus server on port :8081")
-		go func() {
+
+	go func() {
+		server := http.NewServeMux()
+
+		if Flags.Prometheus {
+			logs.Log.Printf("Prometheus was enabled.\nRunning prometheus on port :8081")
 			prometheus.MustRegister(metricPayloadSize)
-			metricsServer := http.NewServeMux()
-			metricsServer.Handle("/metrics", promhttp.Handler())
-			err := http.ListenAndServe(":8081", metricsServer)
-			if err != nil && !errors.Is(err, http.ErrServerClosed) {
-				logs.Log.Fatalf("failed to run prometheus server: %s", err)
-			}
-		}()
-	}
+			server.Handle("/metrics", promhttp.Handler())
+		}
+
+		// Health check endpoint. Since we haven't figured a good way of knowning
+		// what "ready" means for the agent, we just return 200 OK inconditionally.
+		// The goal is to satisfy some Kubernetes distributions, like OpenShift,
+		// that require a liveness and health probe to be present for each pod.
+		server.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
+			w.WriteHeader(http.StatusOK)
+		})
+		server.HandleFunc("/readyz", func(w http.ResponseWriter, r *http.Request) {
+			w.WriteHeader(http.StatusOK)
+		})
+
+		err := http.ListenAndServe(":8081", server)
+		if err != nil && !errors.Is(err, http.ErrServerClosed) {
+			logs.Log.Fatalf("failed to run the health check server: %s", err)
+		}
+	}()
 
 	_, isVenConn := preflightClient.(*client.VenConnClient)
 	if isVenConn {