diff --git a/deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/deployment.yaml b/deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/deployment.yaml
index bc2ad798c3..fcb947b223 100644
--- a/deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/deployment.yaml
+++ b/deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/deployment.yaml
@@ -26,13 +26,14 @@ spec:
     spec:
       initContainers:
       - name: wait-for-postgres
-        image: alpine:3.5
-        command: ["sh", "-c", "apk --no-cache add curl jq ; adresses_length=0; until [ $adresses_length -gt 0 ]; do echo waiting for postgres to be ready...; sleep 2; endpoints=`curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\"     https://kubernetes.default/api/v1/namespaces/$POD_NAMESPACE/endpoints/postgres`; adresses_length=`echo $endpoints | jq -r \".subsets[]?.addresses // [] | length\"`; done;"]
+        image: eclipse/che-endpoint-watcher:nightly
         env:
           - name: POD_NAMESPACE
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
+          - name: ENDPOINT
+            value: postgres
       containers:
       - env:
         - name: POSTGRES_PORT_5432_TCP_ADDR
diff --git a/deploy/kubernetes/helm/che/templates/deployment.yaml b/deploy/kubernetes/helm/che/templates/deployment.yaml
index a4b8d04073..233805f1b0 100644
--- a/deploy/kubernetes/helm/che/templates/deployment.yaml
+++ b/deploy/kubernetes/helm/che/templates/deployment.yaml
@@ -33,24 +33,26 @@ spec:
       initContainers:
 {{- if .Values.global.multiuser }}
       - name: wait-for-postgres
-        image: alpine:3.5
-        command: ["sh", "-c", "apk --no-cache add curl jq ; adresses_length=0; until [ $adresses_length -gt 0 ]; do echo waiting for postgres to be ready...; sleep 2; endpoints=`curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\"     https://kubernetes.default/api/v1/namespaces/$POD_NAMESPACE/endpoints/postgres`; adresses_length=`echo $endpoints | jq -r \".subsets[]?.addresses // [] | length\"`; done;"]
+        image: eclipse/che-endpoint-watcher:nightly
         env:
           - name: POD_NAMESPACE
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
+          - name: ENDPOINT
+            value: postgres
 {{- end }}
 #wait for keycloak if in multiuser mode and .Values.customOidcProvider was not defined
 {{- if (and .Values.global.multiuser (not .Values.customOidcProvider)) }}
       - name: wait-for-keycloak
-        image: alpine:3.5
-        command: ["sh", "-c", "apk --no-cache add curl jq ; adresses_length=0; until [ $adresses_length -gt 0 ]; do echo waiting for keycloak to be ready...; sleep 2; endpoints=`curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\"     https://kubernetes.default/api/v1/namespaces/$POD_NAMESPACE/endpoints/keycloak`; adresses_length=`echo $endpoints | jq -r \".subsets[]?.addresses // [] | length\"`; done;"]
+        image: eclipse/che-endpoint-watcher:nightly
         env:
           - name: POD_NAMESPACE
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
+          - name: ENDPOINT
+            value: keycloak
 {{- end }}
 {{- if not .Values.global.multiuser }}
       - name: fmp-volume-permission
diff --git a/dockerfiles/endpoint-watcher/Dockerfile b/dockerfiles/endpoint-watcher/Dockerfile
new file mode 100644
index 0000000000..3af3932620
--- /dev/null
+++ b/dockerfiles/endpoint-watcher/Dockerfile
@@ -0,0 +1,16 @@
+# Copyright (c) 2019 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+# Contributors:
+#   Red Hat, Inc. - initial API and implementation
+
+FROM alpine:3.10
+
+RUN apk --no-cache add curl jq
+
+COPY entrypoint.sh /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/dockerfiles/endpoint-watcher/build.sh b/dockerfiles/endpoint-watcher/build.sh
new file mode 100755
index 0000000000..450c4a2ac0
--- /dev/null
+++ b/dockerfiles/endpoint-watcher/build.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+#
+# Copyright (c) 2019 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+base_dir=$(cd "$(dirname "$0")"; pwd)
+. "${base_dir}"/../build.include
+
+init --name:endpoint-watcher "$@"
+build
diff --git a/dockerfiles/endpoint-watcher/entrypoint.sh b/dockerfiles/endpoint-watcher/entrypoint.sh
new file mode 100755
index 0000000000..589f77545a
--- /dev/null
+++ b/dockerfiles/endpoint-watcher/entrypoint.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# Copyright (c) 2012-2019 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+# Contributors:
+#   Red Hat, Inc. - initial API and implementation
+#
+set -e
+
+if [ -z "$ENDPOINT" ]; then
+    echo "ENDPOINT variable is not set. Exiting.";
+    exit 1
+fi
+
+adresses_length=0;
+until [ $adresses_length -gt 0 ]; do
+    echo "waiting for $ENDPOINT to be ready...";
+    sleep 2;
+    endpoints=$(curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" https://kubernetes.default/api/v1/namespaces/"$POD_NAMESPACE"/endpoints/"$ENDPOINT");
+    adresses_length=$(echo "$endpoints" | jq -r ".subsets[]?.addresses // [] | length");
+done;