diff --git a/kube/deploy/core/storage/rook-ceph/app/hr.yaml b/kube/deploy/core/storage/rook-ceph/app/hr.yaml
index 2ef72088..62898f94 100644
--- a/kube/deploy/core/storage/rook-ceph/app/hr.yaml
+++ b/kube/deploy/core/storage/rook-ceph/app/hr.yaml
@@ -32,7 +32,8 @@ spec:
       enableOBCs: true
     csi:
       enableCSIHostNetwork: true
-      enableCSIEncryption: true
+      # enableCSIEncryption: true
+      enableCSIEncryption: false # TODO: disable for now till needed, and key management is decided
       enableMetadata: true # I love my verbosity
       csiAddons: # for RBD NodeLoss failover
         enabled: true
diff --git a/kube/deploy/core/storage/rook-ceph/app/kustomization.yaml b/kube/deploy/core/storage/rook-ceph/app/kustomization.yaml
deleted file mode 100644
index 7deda954..00000000
--- a/kube/deploy/core/storage/rook-ceph/app/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - hr.yaml
-  - rbac.yaml
-  - netpol.yaml
-#  - volumesnapshotclass.yaml
diff --git a/kube/deploy/core/storage/rook-ceph/app/rbac.yaml b/kube/deploy/core/storage/rook-ceph/app/rbac.yaml
deleted file mode 100644
index 5007c36f..00000000
--- a/kube/deploy/core/storage/rook-ceph/app/rbac.yaml
+++ /dev/null
@@ -1,83 +0,0 @@
----
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rook-ceph-monitoring
-  namespace: rook-ceph
-rules:
-  - apiGroups:
-      - "monitoring.coreos.com"
-    resources:
-      - servicemonitors
-      - prometheusrules
-    verbs:
-      - get
-      - list
-      - watch
-      - create
-      - update
-      - delete
----
-# Allow management of monitoring resources in the mgr
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rook-ceph-monitoring-mgr
-  namespace: rook-ceph
-rules:
-  - apiGroups:
-      - monitoring.coreos.com
-    resources:
-      - servicemonitors
-    verbs:
-      - get
-      - list
-      - create
-      - update
----
-# Allow the operator to get ServiceMonitors in this cluster's namespace
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rook-ceph-monitoring
-  namespace: rook-ceph
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: rook-ceph-monitoring
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-system
-    namespace: rook-ceph
----
-# Allow creation of monitoring resources in the mgr
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rook-ceph-monitoring-mgr
-  namespace: rook-ceph
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: rook-ceph-monitoring-mgr
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-mgr
-    namespace: rook-ceph
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: 'rook-ceph-system-psp-user'
-  labels:
-    operator: rook
-    storage-backend: ceph
-rules:
-  - apiGroups:
-      - policy
-    resources:
-      - podsecuritypolicies
-    resourceNames:
-      - 00-rook-ceph-operator
-    verbs:
-      - use