diff --git a/.gitignore b/.gitignore
index 961e5e10..35f4e5fe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -46,8 +46,7 @@ config/ci/manager/manager.yaml
 manager_image_patch.yaml-e
 manager_pull_policy.yaml-e
 
-# Sample config files auto-generated by kubebuilder
-config/samples
+config/ci
 
 # Temporary clusterctl directory
 cmd/clusterctl/config/manifest
diff --git a/.golangci.yml b/.golangci.yml
index 59990a35..92b59094 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -15,6 +15,12 @@ linters:
     - godot
     - goerr113
     - nestif
+    # TODO(christopherhein) Reenable these and fix errors
+    - gosec
+    - nakedret
+    - unparam
+    - staticcheck
+    - scopelint
   # Run with --fast=false for more extensive checks
   fast: true
 issues:
diff --git a/Makefile b/Makefile
index dfd5774b..bc8978f2 100644
--- a/Makefile
+++ b/Makefile
@@ -116,6 +116,8 @@ $(KUSTOMIZE): # Build kustomize from tools folder.
 
 envsubst: $(ENVSUBST) ## Build a local copy of envsubst.
 kustomize: $(KUSTOMIZE) ## Build a local copy of kustomize.
+controller-gen: $(CONTROLLER_GEN) ## Build a local copy of controller-gen.
+golangci-lint: $(GOLANGCI_LINT) ## Build a local copy of golangci-lint.
 
 ## --------------------------------------
 ## Linting
@@ -124,13 +126,9 @@ kustomize: $(KUSTOMIZE) ## Build a local copy of kustomize.
 .PHONY: lint lint-full
 lint: $(GOLANGCI_LINT) ## Lint codebase
 	$(GOLANGCI_LINT) run -v
-	cd $(E2E_FRAMEWORK_DIR); $(GOLANGCI_LINT) run -v
-	cd $(CAPD_DIR); $(GOLANGCI_LINT) run -v
 
 lint-full: $(GOLANGCI_LINT) ## Run slower linters to detect possible issues
 	$(GOLANGCI_LINT) run -v --fast=false
-	cd $(E2E_FRAMEWORK_DIR); $(GOLANGCI_LINT) run -v --fast=false
-	cd $(CAPD_DIR); $(GOLANGCI_LINT) run -v --fast=false
 
 apidiff: $(GO_APIDIFF) ## Check for API differences
 	$(GO_APIDIFF) $(shell git rev-parse origin/master) --print-compatible
@@ -140,20 +138,19 @@ apidiff: $(GO_APIDIFF) ## Check for API differences
 ## --------------------------------------
 
 .PHONY: generate
-generate: ## Generate code
-	$(MAKE) generate-manifests
+generate:
 	$(MAKE) generate-go
-	# $(MAKE) generate-bindata
+	$(MAKE) generate-manifests
 
 .PHONY: generate-go
-generate-go: ## Runs Go related generate targets
+generate-go: $(CONTROLLER_GEN) ## Runs Go related generate targets
 	go generate ./...
 	$(CONTROLLER_GEN) \
 		object:headerFile=./hack/boilerplate/boilerplate.generatego.txt \
 		paths=./apis/...
 
 .PHONY: generate-manifests
-generate-manifests: ## Generate manifests e.g. CRD, RBAC etc.
+generate-manifests: $(CONTROLLER_GEN) ## Generate manifests e.g. CRD, RBAC etc.
 	$(CONTROLLER_GEN) \
 		paths=./apis/... \
 		paths=./controllers/... \
@@ -163,8 +160,8 @@ generate-manifests: ## Generate manifests e.g. CRD, RBAC etc.
 		output:webhook:dir=./config/webhook \
 		webhook
 	## Copy files in CI folders.
-	# cp -f ./config/rbac/*.yaml ./config/ci/rbac/
-	# cp -f ./config/manager/manager*.yaml ./config/ci/manager/
+	cp -f ./config/rbac/*.yaml ./config/ci/rbac/
+	cp -f ./config/manager/manager*.yaml ./config/ci/manager/
 
 .PHONY: modules
 modules: ## Runs go mod to ensure modules are up to date.
diff --git a/apis/controlplane/v1alpha4/nestedcomponent_types.go b/apis/controlplane/v1alpha4/nestedcomponent_types.go
index 3f8f26d8..5907e4cb 100644
--- a/apis/controlplane/v1alpha4/nestedcomponent_types.go
+++ b/apis/controlplane/v1alpha4/nestedcomponent_types.go
@@ -28,7 +28,7 @@ type NestedComponentSpec struct {
 	// +optional
 	addonv1alpha1.CommonSpec `json:",inline"`
 
-	// PatchSpecs includes the user specifed settings
+	// PatchSpecs includes the user specified settings
 	// +optional
 	addonv1alpha1.PatchSpec `json:",inline"`
 
diff --git a/config/samples/controlplane_v1alpha4_nestedapiserver.yaml b/config/samples/controlplane_v1alpha4_nestedapiserver.yaml
new file mode 100644
index 00000000..7dd2562c
--- /dev/null
+++ b/config/samples/controlplane_v1alpha4_nestedapiserver.yaml
@@ -0,0 +1,6 @@
+apiVersion: controlplane.cluster.x-k8s.io/v1alpha4
+kind: NestedAPIServer
+metadata:
+  name: nestedapiserver-sample
+spec:
+  replicas: 1
diff --git a/config/samples/controlplane_v1alpha4_nestedcontrollermanager.yaml b/config/samples/controlplane_v1alpha4_nestedcontrollermanager.yaml
new file mode 100644
index 00000000..e9cb5c63
--- /dev/null
+++ b/config/samples/controlplane_v1alpha4_nestedcontrollermanager.yaml
@@ -0,0 +1,6 @@
+apiVersion: controlplane.cluster.x-k8s.io/v1alpha4
+kind: NestedControllerManager
+metadata:
+  name: nestedcontrollermanager-sample
+spec:
+  replicas: 1
diff --git a/config/samples/controlplane_v1alpha4_nestedcontrolplane.yaml b/config/samples/controlplane_v1alpha4_nestedcontrolplane.yaml
new file mode 100644
index 00000000..f2d736f5
--- /dev/null
+++ b/config/samples/controlplane_v1alpha4_nestedcontrolplane.yaml
@@ -0,0 +1,17 @@
+apiVersion: controlplane.cluster.x-k8s.io/v1alpha4
+kind: NestedControlPlane
+metadata:
+  name: nestedcontrolplane-sample
+spec:
+  etcd:
+    apiVersion: controlplane.cluster.x-k8s.io/v1alpha4
+    kind: NestedEtcd
+    name: nestedetcd-sample
+  apiserver:
+    apiVersion: controlplane.cluster.x-k8s.io/v1alpha4
+    kind: NestedAPIServer
+    name: nestedapiserver-sample
+  controllerManager:
+    apiVersion: controlplane.cluster.x-k8s.io/v1alpha4
+    kind: NestedControllerManager
+    name: nestedcontrollermanager-sample
\ No newline at end of file
diff --git a/config/samples/controlplane_v1alpha4_nestedetcd.yaml b/config/samples/controlplane_v1alpha4_nestedetcd.yaml
new file mode 100644
index 00000000..9b92a3d2
--- /dev/null
+++ b/config/samples/controlplane_v1alpha4_nestedetcd.yaml
@@ -0,0 +1,6 @@
+apiVersion: controlplane.cluster.x-k8s.io/v1alpha4
+kind: NestedEtcd
+metadata:
+  name: nestedetcd-sample
+spec:
+  replicas: 1
diff --git a/config/samples/infrastructure_v1alpha4_nestedcluster.yaml b/config/samples/infrastructure_v1alpha4_nestedcluster.yaml
new file mode 100644
index 00000000..d27a72a0
--- /dev/null
+++ b/config/samples/infrastructure_v1alpha4_nestedcluster.yaml
@@ -0,0 +1,8 @@
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
+kind: NestedCluster
+metadata:
+  name: nestedcluster-sample
+spec:
+  controlPlaneEndpoint:
+    host: "localhost"
+    port: 6443
diff --git a/config/samples/v1alpha4_cluster.yaml b/config/samples/v1alpha4_cluster.yaml
new file mode 100644
index 00000000..1a67d446
--- /dev/null
+++ b/config/samples/v1alpha4_cluster.yaml
@@ -0,0 +1,22 @@
+apiVersion: cluster.x-k8s.io/v1alpha4
+kind: Cluster
+metadata:
+  name: cluster-sample
+  namespace: default
+spec:
+  controlPlaneEndpoint:
+    # currently this has to be the in-cluster endpoint, the in-cluster
+    # kubeconfig is used by controller-manager w/ ClusterIP services
+    # we can `port-forward` this service and be able to test
+    host: "cluster-sample-apiserver"
+    port: 6443
+  controlPlaneRef:
+    apiVersion: controlplane.cluster.x-k8s.io/v1alpha4
+    kind: NestedControlPlane
+    name: nestedcontrolplane-sample
+    namespace: default
+  infrastructureRef:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
+    kind: NestedCluster
+    name: nestedcluster-sample
+    namespace: default
\ No newline at end of file
diff --git a/controllers/controlplane/nestedetcd_controller.go b/controllers/controlplane/nestedetcd_controller.go
index 1c0c67c3..2d69ec76 100644
--- a/controllers/controlplane/nestedetcd_controller.go
+++ b/controllers/controlplane/nestedetcd_controller.go
@@ -222,10 +222,10 @@ func genInitialClusterArgs(replicas int32,
 		peerAddr := fmt.Sprintf("%s-etcd-%d=https://%s-etcd-%d.%s-etcd.%s.svc:%d",
 			stsName, i, stsName, i, svcName, svcNamespace, 2380)
 		if i == replicas-1 {
-			argsVal = argsVal + peerAddr
+			argsVal += peerAddr
 			break
 		}
-		argsVal = argsVal + peerAddr + ","
+		argsVal += peerAddr + ","
 	}
 
 	return argsVal
diff --git a/scripts/ci-build.sh b/scripts/ci-build.sh
new file mode 100755
index 00000000..772899e3
--- /dev/null
+++ b/scripts/ci-build.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+# shellcheck source=../hack/ensure-go.sh
+source "${REPO_ROOT}/hack/ensure-go.sh"
+
+cd "${REPO_ROOT}" && make binaries
diff --git a/scripts/ci-make.sh b/scripts/ci-make.sh
new file mode 100755
index 00000000..4c597aba
--- /dev/null
+++ b/scripts/ci-make.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+# shellcheck source=../hack/ensure-go.sh
+source "${REPO_ROOT}/hack/ensure-go.sh"
+
+cd "${REPO_ROOT}" && make docker-build
diff --git a/scripts/ci-test.sh b/scripts/ci-test.sh
new file mode 100755
index 00000000..c8f3933f
--- /dev/null
+++ b/scripts/ci-test.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+# shellcheck source=../hack/ensure-go.sh
+source "${REPO_ROOT}/hack/ensure-go.sh"
+
+cd "${REPO_ROOT}" && \
+	source ./scripts/fetch_ext_bins.sh && \
+	fetch_tools && \
+	setup_envs && \
+	make generate lint test
diff --git a/scripts/fetch_ext_bins.sh b/scripts/fetch_ext_bins.sh
new file mode 100755
index 00000000..563f34c2
--- /dev/null
+++ b/scripts/fetch_ext_bins.sh
@@ -0,0 +1,111 @@
+#!/usr/bin/env bash
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# Enable tracing in this script off by setting the TRACE variable in your
+# environment to any value:
+#
+# $ TRACE=1 test.sh
+TRACE=${TRACE:-""}
+if [[ -n "${TRACE}" ]]; then
+  set -x
+fi
+
+k8s_version=1.16.4
+goarch=amd64
+goos="unknown"
+
+if [[ "${OSTYPE}" == "linux"* ]]; then
+  goos="linux"
+elif [[ "${OSTYPE}" == "darwin"* ]]; then
+  goos="darwin"
+fi
+
+if [[ "$goos" == "unknown" ]]; then
+  echo "OS '$OSTYPE' not supported. Aborting." >&2
+  exit 1
+fi
+
+# Turn colors in this script off by setting the NO_COLOR variable in your
+# environment to any value:
+#
+# $ NO_COLOR=1 test.sh
+NO_COLOR=${NO_COLOR:-""}
+if [[ -z "${NO_COLOR}" ]]; then
+  header=$'\e[1;33m'
+  reset=$'\e[0m'
+else
+  header=''
+  reset=''
+fi
+
+function header_text {
+  echo "$header$*$reset"
+}
+
+tmp_root=/tmp
+
+kb_root_dir=${tmp_root}/kubebuilder
+
+# Skip fetching and untaring the tools by setting the SKIP_FETCH_TOOLS variable
+# in your environment to any value:
+#
+# $ SKIP_FETCH_TOOLS=1 ./fetch_ext_bins.sh
+#
+# If you skip fetching tools, this script will use the tools already on your
+# machine, but rebuild the kubebuilder and kubebuilder-bin binaries.
+SKIP_FETCH_TOOLS=${SKIP_FETCH_TOOLS:-""}
+
+function prepare_staging_dir {
+  header_text "preparing staging dir"
+
+  if [[ -z "${SKIP_FETCH_TOOLS}" ]]; then
+    rm -rf "${kb_root_dir}"
+  else
+    rm -f "${kb_root_dir}/kubebuilder/bin/kubebuilder"
+    rm -f "${kb_root_dir}/kubebuilder/bin/kubebuilder-gen"
+    rm -f "${kb_root_dir}/kubebuilder/bin/vendor.tar.gz"
+  fi
+}
+
+# fetch k8s API gen tools and make it available under kb_root_dir/bin.
+function fetch_tools {
+  if [[ -n "$SKIP_FETCH_TOOLS" ]]; then
+    return 0
+  fi
+
+  header_text "fetching tools"
+  kb_tools_archive_name="kubebuilder-tools-${k8s_version}-${goos}-${goarch}.tar.gz"
+  kb_tools_download_url="https://storage.googleapis.com/kubebuilder-tools/${kb_tools_archive_name}"
+
+  kb_tools_archive_path="${tmp_root}/${kb_tools_archive_name}"
+  if [[ ! -f ${kb_tools_archive_path} ]]; then
+    curl -fsL ${kb_tools_download_url} -o "${kb_tools_archive_path}"
+  fi
+  tar -zvxf "${kb_tools_archive_path}" -C "${tmp_root}/"
+}
+
+function setup_envs {
+  header_text "setting up env vars"
+
+  # Setup env vars
+  export PATH=/tmp/kubebuilder/bin:$PATH
+  export TEST_ASSET_KUBECTL=/tmp/kubebuilder/bin/kubectl
+  export TEST_ASSET_KUBE_APISERVER=/tmp/kubebuilder/bin/kube-apiserver
+  export TEST_ASSET_ETCD=/tmp/kubebuilder/bin/etcd
+}