diff --git a/.github/workflows/install-integration-tests-operators-installer.yaml b/.github/workflows/install-integration-tests-operators-installer.yaml
index 1182f8c4..a506f5c5 100644
--- a/.github/workflows/install-integration-tests-operators-installer.yaml
+++ b/.github/workflows/install-integration-tests-operators-installer.yaml
@@ -19,6 +19,10 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+env:
+  registry_user: registryuser1
+  registry_password: registrypassword1
+
 jobs:
   install-integration-test:
     runs-on: ubuntu-latest
@@ -51,6 +55,7 @@ jobs:
       uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
       with:
         version: ${{ env.KIND_VERSION }}
+        config: charts/operators-installer/_integration-tests/kind-config.yaml
 
     # for helm charts we are testing that require installing operators 
     - name: Setup kind cluster - Install OLM 🧰
@@ -77,6 +82,25 @@ jobs:
           controller: haproxy-ingress.github.io/controller
         EOF
 
+    # for testing operators-installer image from private repository
+    - name: Setup private registry in kind cluster 🧰
+      run: |
+        helm upgrade --install private-registry charts/operators-installer/_integration-tests/private-registry \
+          --namespace registry \
+          --create-namespace \
+          --wait \
+          --set registryUser=${registry_user} \
+          --set registryPassword=${registry_password}
+
+    # copies image used to install argo into local private registry
+    - name: Copy image into private repository 💿
+      run: |
+        skopeo copy \
+          --dest-creds ${registry_user}:${registry_password} \
+          --dest-tls-verify=false \
+          docker://$(awk '$1 ~/Image:/ {print $2}' charts/operators-installer/_integration-tests/test-install-operator-0-automatic-intermediate-manual-upgrades-values.yaml) \
+          docker://registry.localhost/origin-cli:5000
+
     # NOTE: can't use chart-testing because `ct` does not allow for a fixed release so you can't run two different tests that affect the same resources
     - name: Run integration tests 🧪
       timeout-minutes: 30
@@ -91,6 +115,15 @@ jobs:
           --values charts/operators-installer/_integration-tests/test-install-operator-0-automatic-intermediate-manual-upgrades-values.yaml \
           --debug --timeout 10m0s
 
+        echo "##########################################################################################################"
+        echo "# Create pull secret used in next step                                                                   #"
+        echo "##########################################################################################################"
+        oc create secret docker-registry local-registry-pullsecret \
+          --namespace operators-installer-integration-test \
+          --docker-password="${registry_user}" \
+          --docker-username="${registry_password}" \
+          --docker-server=registry.localhost
+
         echo "##########################################################################################################"
         echo "# Upgrade argo to newer version requiring many intermediate updates along the way                        #"
         echo "##########################################################################################################"
@@ -98,4 +131,4 @@ jobs:
           --namespace operators-installer-integration-test \
           --wait \
           --values charts/operators-installer/_integration-tests/test-install-operator-1-automatic-intermediate-manual-upgrades-values.yaml \
-          --debug --timeout 30m0s
+          --debug --timeout 35m0s
diff --git a/charts/operators-installer/Chart.yaml b/charts/operators-installer/Chart.yaml
index 5ac7818d..895968a9 100644
--- a/charts/operators-installer/Chart.yaml
+++ b/charts/operators-installer/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.0.2
+version: 3.1.0
 
 home: https://github.com/redhat-cop/helm-charts
 
diff --git a/charts/operators-installer/README.md b/charts/operators-installer/README.md
index 5b5472e9..e7a573db 100644
--- a/charts/operators-installer/README.md
+++ b/charts/operators-installer/README.md
@@ -42,6 +42,7 @@ For all of the Subscription parameters see
 | operatorGroups[].targetOwnNamespace          | `false`       | No        | If `true` add the OperatorGroup's Namespace as a `targetNamespaces`. If `true` then OperatorGroup will only work for Operators using `OwnNamespace` or `MultiNamespace` `installModes`. If blank and no `otherTargetNamespaces` specified then OperatorGroup will be configured to allow for operators using `installModes` `AllNamespaces`.
 | operatorGroups[].otherTargetNamespaces       | `[]`          | No        | List of additional Namespaces to target. If specified OperatorGroup will only work for operators using `SingleNamespace` or `MultiNamespace` `installModes` depending on value of `targetOwnNamespace`.
 | installPlanApproverAndVerifyJobsImage        | `registry.redhat.io/openshift4/ose-cli:v4.10` | Yes | Image to use for the InstallPlan Approver and Verify Jobs 
+| installPlanApproverAndVerifyJobsImagePullSecret   | `''` | No | Name of existing secret for pulling `installPlanApproverAndVerifyJobsImage` from a private registry
 | approveManualInstallPlanViaHook              | `true`        | No        | `true` to create (and clean up) manual InstallPlan approval resources as part of post-install,post-upgrade helm hook<br>`false` to create  manual InstallPlan approval resources as part of normal install<br><br>The hook method is nice to not have lingering resources needed for the manual InstallPlan approval but has the downside that no CustomResources using CustomResourceDefinitions installed by the operator can be used in the same chart because the operator InstallPlan wont be approved, and therefor the operator wont be installed, until the post-install,post-upgrade phase which means you will never get to that phase because your CustomResources wont be able to apply because the Operator isn't installed.<br><br>This is is ultimately a trade off between cleaning up these resources or being able to install and configure the operator in the same helm chart that has a dependency on this helm chart.
 | installRequiredPythonLibraries               | `true`        | No        | If `true`, install the required Python libraries (openshift-client, semver==2.13.0) dynamically from the given `pythonIndexURL` and `pythonExtraIndexURL` into the `installPlanApproverAndVerifyJobsImage` at run time
 | pythonIndexURL                               | https://pypi.org/simple/ | No | If `installRequiredPythonLibraries` is `true` then use this python index to pull required libraries
diff --git a/charts/operators-installer/_integration-tests/kind-config.yaml b/charts/operators-installer/_integration-tests/kind-config.yaml
new file mode 100644
index 00000000..a98c1a92
--- /dev/null
+++ b/charts/operators-installer/_integration-tests/kind-config.yaml
@@ -0,0 +1,12 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  extraPortMappings:
+  - containerPort: 5000
+    hostPort: 5000
+    protocol: TCP
+  - containerPort: 80
+    hostPort: 80
+    protocol: TCP
+
diff --git a/charts/operators-installer/_integration-tests/private-registry/Chart.yaml b/charts/operators-installer/_integration-tests/private-registry/Chart.yaml
new file mode 100644
index 00000000..4598e741
--- /dev/null
+++ b/charts/operators-installer/_integration-tests/private-registry/Chart.yaml
@@ -0,0 +1,3 @@
+apiVersion: v2
+name: private-registry
+version: 0.0.2
diff --git a/charts/operators-installer/_integration-tests/private-registry/templates/Deployment_registry.yaml b/charts/operators-installer/_integration-tests/private-registry/templates/Deployment_registry.yaml
new file mode 100644
index 00000000..f88be3e6
--- /dev/null
+++ b/charts/operators-installer/_integration-tests/private-registry/templates/Deployment_registry.yaml
@@ -0,0 +1,62 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: registry
+  namespace: registry
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: registry
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: registry
+    spec:
+      containers:
+        - env:
+            - name: REGISTRY_HTTP_ADDR
+              value: :5000
+            - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
+              value: /var/lib/registry
+            - name: REGISTRY_AUTH
+              value: htpasswd
+            - name: REGISTRY_AUTH_HTPASSWD_REALM
+              value: Registry Realm
+            - name: REGISTRY_AUTH_HTPASSWD_PATH
+              value: /auth/htpasswd
+          image: registry:2
+          imagePullPolicy: IfNotPresent
+          name: registry
+          ports:
+            - containerPort: 5000
+              name: http
+              protocol: TCP
+          resources:
+            limits:
+              cpu: 500m
+              memory: 128Mi
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          volumeMounts:
+            - mountPath: /var/lib/registry
+              name: registry
+            - mountPath: /auth
+              name: htpasswd
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - name: registry
+          persistentVolumeClaim:
+            claimName: registry
+        - name: htpasswd
+          secret:
+            defaultMode: 420
+            secretName: htpasswd
diff --git a/charts/operators-installer/_integration-tests/private-registry/templates/Ingress.yaml b/charts/operators-installer/_integration-tests/private-registry/templates/Ingress.yaml
new file mode 100644
index 00000000..1fe0a0ed
--- /dev/null
+++ b/charts/operators-installer/_integration-tests/private-registry/templates/Ingress.yaml
@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: registry
+  namespace: registry
+spec:
+  rules:
+  - host: registry.localhost
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: registry
+            port:
+              number: 5000
+
diff --git a/charts/operators-installer/_integration-tests/private-registry/templates/PersistentVolumeClaim.yaml b/charts/operators-installer/_integration-tests/private-registry/templates/PersistentVolumeClaim.yaml
new file mode 100644
index 00000000..e0f0e1da
--- /dev/null
+++ b/charts/operators-installer/_integration-tests/private-registry/templates/PersistentVolumeClaim.yaml
@@ -0,0 +1,11 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: registry
+  namespace: registry
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 30Gi
diff --git a/charts/operators-installer/_integration-tests/private-registry/templates/Secret_htpasswd.yaml b/charts/operators-installer/_integration-tests/private-registry/templates/Secret_htpasswd.yaml
new file mode 100644
index 00000000..c87d6cfb
--- /dev/null
+++ b/charts/operators-installer/_integration-tests/private-registry/templates/Secret_htpasswd.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  htpasswd: {{ htpasswd .Values.registryUser .Values.registryPassword | b64enc }}
+kind: Secret
+metadata:
+  name: htpasswd
+  namespace: registry
+
diff --git a/charts/operators-installer/_integration-tests/private-registry/templates/Service.yaml b/charts/operators-installer/_integration-tests/private-registry/templates/Service.yaml
new file mode 100644
index 00000000..d880d829
--- /dev/null
+++ b/charts/operators-installer/_integration-tests/private-registry/templates/Service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: registry
+  name: registry
+  namespace: registry
+spec:
+  ports:
+    - name: http
+      port: 5000
+      protocol: TCP
+      targetPort: 5000
+  selector:
+    app: registry
+  sessionAffinity: None
+  type: ClusterIP
diff --git a/charts/operators-installer/_integration-tests/private-registry/templates/values.yaml b/charts/operators-installer/_integration-tests/private-registry/templates/values.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/charts/operators-installer/_integration-tests/private-registry/values.yaml b/charts/operators-installer/_integration-tests/private-registry/values.yaml
new file mode 100644
index 00000000..f3539e4d
--- /dev/null
+++ b/charts/operators-installer/_integration-tests/private-registry/values.yaml
@@ -0,0 +1,3 @@
+registryUser:
+registryPassword:
+
diff --git a/charts/operators-installer/_integration-tests/test-install-operator-1-automatic-intermediate-manual-upgrades-values.yaml b/charts/operators-installer/_integration-tests/test-install-operator-1-automatic-intermediate-manual-upgrades-values.yaml
index bc6c55b0..83d89f0a 100644
--- a/charts/operators-installer/_integration-tests/test-install-operator-1-automatic-intermediate-manual-upgrades-values.yaml
+++ b/charts/operators-installer/_integration-tests/test-install-operator-1-automatic-intermediate-manual-upgrades-values.yaml
@@ -1,6 +1,8 @@
 approveManualInstallPlanViaHook: true
 
-installPlanApproverAndVerifyJobsImage: quay.io/openshift/origin-cli:4.15
+# use pull secret to pull image from local private registry
+installPlanApproverAndVerifyJobsImage: registry.localhost/origin-cli
+installPlanApproverAndVerifyJobsImagePullSecret: local-registry-pullsecret
 
 operatorGroups:
 - name: argocd-operator
diff --git a/charts/operators-installer/templates/Job_installplan-approver.yaml b/charts/operators-installer/templates/Job_installplan-approver.yaml
index 4d6a7b03..c210e489 100644
--- a/charts/operators-installer/templates/Job_installplan-approver.yaml
+++ b/charts/operators-installer/templates/Job_installplan-approver.yaml
@@ -25,6 +25,10 @@ spec:
   activeDeadlineSeconds: {{ .installPlanApproverActiveDeadlineSeconds }}
   template:
     spec:
+      {{- if $.Values.installPlanApproverAndVerifyJobsImagePullSecret }}
+      imagePullSecrets:
+        - name: {{ $.Values.installPlanApproverAndVerifyJobsImagePullSecret }}
+      {{- end }}
       containers:
       - name: installplan-approver
         image: {{ $.Values.installPlanApproverAndVerifyJobsImage }}
diff --git a/charts/operators-installer/templates/Job_installplan-complete-verifier.yaml b/charts/operators-installer/templates/Job_installplan-complete-verifier.yaml
index 5e549e24..b009a5ec 100644
--- a/charts/operators-installer/templates/Job_installplan-complete-verifier.yaml
+++ b/charts/operators-installer/templates/Job_installplan-complete-verifier.yaml
@@ -24,6 +24,10 @@ spec:
   activeDeadlineSeconds: {{ .installPlanVerifierActiveDeadlineSeconds }}
   template:
     spec:
+      {{- if $.Values.installPlanApproverAndVerifyJobsImagePullSecret }}
+      imagePullSecrets:
+        - name: {{ $.Values.installPlanApproverAndVerifyJobsImagePullSecret }}
+      {{- end }}
       containers:
       - name: installplan-complete-verifier
         image: {{ $.Values.installPlanApproverAndVerifyJobsImage }}
diff --git a/charts/operators-installer/values.yaml b/charts/operators-installer/values.yaml
index 82329ec7..b8c60912 100644
--- a/charts/operators-installer/values.yaml
+++ b/charts/operators-installer/values.yaml
@@ -12,6 +12,11 @@ approveManualInstallPlanViaHook: true
 # Image to use for the InstallPlan Approver and Verify Jobs
 installPlanApproverAndVerifyJobsImage: registry.redhat.io/openshift4/ose-cli:v4.15@sha256:7ea824531b593b2ec0da05557d5cd2565c3525c51c9007f85e9510b27f38b13f
 
+# If specified, this imagePullSecret will be used for pulling the `installPlanApproverAndVerifyJobsImage`.
+# Only needed when using a custom image and pulling from a private registry.
+# Accepts a single string which is the name of an existing secret. (This chart does not create or manage the secret.)
+installPlanApproverAndVerifyJobsImagePullSecret:
+
 # If `true`, install the required Python libraries (openshift-client, semver==2.13.0) dynamically
 # from the given `pythonIndexURL` and `pythonExtraIndexURL` into the `installPlanApproverAndVerifyJobsImage` at run time
 #