diff --git a/README.md b/README.md
index b6b8677..3189523 100644
--- a/README.md
+++ b/README.md
@@ -126,10 +126,10 @@ or ZMS UI corresponding to the Identityd k8s service
 ### Usage
 1. The application deployments that require Athenz identity certs need the SIA container
 and the kubernetes bound service account JWT volume mount added to the pod template
-using the sample [patch](k8s/patch/sia.yaml)
+using the sample [patch](k8s/patch/sia.json)
 
     ```
-    kubectl patch deploy <app.yaml> -p k8s-athenz-identity/k8s/patch/sia.yaml
+    kubectl patch deploy <app.yaml> -p "$(k8s/patch/sia.json)"
     ``` 
 
 The generated Athenz cert and key is stored under the `tls-certs` volume mount.
diff --git a/k8s/patch/sia.json b/k8s/patch/sia.json
new file mode 100644
index 0000000..4a36d21
--- /dev/null
+++ b/k8s/patch/sia.json
@@ -0,0 +1,70 @@
+{
+  "spec": {
+    "template": {
+      "spec": {
+        "containers": [
+          {
+            "args": [
+              "--mode=refresh"
+            ],
+            "image": "local/athenz-sia:latest",
+            "imagePullPolicy": "IfNotPresent",
+            "name": "sia",
+            "volumeMounts": [
+              {
+                "mountPath": "/var/run/athenz",
+                "name": "tls-certs"
+              },
+              {
+                "mountPath": "/var/run/secrets/kubernetes.io/bound-serviceaccount",
+                "name": "identityd-token",
+                "readOnly": true
+              }
+            ]
+          }
+        ],
+        "initContainers": [
+          {
+            "args": [
+              "--mode=init"
+            ],
+            "image": "local/athenz-sia:latest",
+            "imagePullPolicy": "IfNotPresent",
+            "name": "sia-init",
+            "volumeMounts": [
+              {
+                "mountPath": "/var/run/athenz",
+                "name": "tls-certs"
+              },
+              {
+                "mountPath": "/var/run/secrets/kubernetes.io/bound-serviceaccount",
+                "name": "identityd-token",
+                "readOnly": true
+              }
+            ]
+          }
+        ],
+        "volumes": [
+          {
+            "emptyDir": {},
+            "name": "tls-certs"
+          },
+          {
+            "name": "identityd-token",
+            "projected": {
+              "sources": [
+                {
+                  "serviceAccountToken": {
+                    "audience": "athenz-identityd",
+                    "expirationSeconds": 3600,
+                    "path": "token"
+                  }
+                }
+              ]
+            }
+          }
+        ]
+      }
+    }
+  }
+}
diff --git a/k8s/patch/sia.yaml b/k8s/patch/sia.yaml
deleted file mode 100644
index 7f167cf..0000000
--- a/k8s/patch/sia.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-spec:
-  template:
-    spec:
-      containers:
-      - args:
-        - --mode=refresh
-        image: local/athenz-sia:latest
-        imagePullPolicy: IfNotPresent
-        name: sia
-        volumeMounts:
-        - mountPath: /var/run/athenz
-          name: tls-certs
-        - mountPath: /var/run/secrets/kubernetes.io/bound-serviceaccount
-          name: identityd-token
-          readOnly: true
-      initContainers:
-      - args:
-        - --mode=init
-        image: local/athenz-sia:latest
-        imagePullPolicy: IfNotPresent
-        name: sia-init
-        volumeMounts:
-        - mountPath: /var/run/athenz
-          name: tls-certs
-        - mountPath: /var/run/secrets/kubernetes.io/bound-serviceaccount
-          name: identityd-token
-          readOnly: true
-      volumes:
-      - emptyDir: {}
-        name: tls-certs
-      - name: identityd-token
-        projected:
-          sources:
-          - serviceAccountToken:
-              audience: athenz-identityd
-              expirationSeconds: 3600
-              path: token