diff --git a/.gitignore b/.gitignore
index b7c35b9ebe4..1ca2eb098fd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -30,3 +30,5 @@ gomock_reflect_*
 /portal/v1/node_modules/
 /portal/v2/node_modules/
 .idea*
+/hack/hive-config/crds
+/hack/hive-config/hive-deployment.yaml
diff --git a/docs/hive.md b/docs/hive.md
new file mode 100644
index 00000000000..f1dad9654d4
--- /dev/null
+++ b/docs/hive.md
@@ -0,0 +1,37 @@
+# Hive
+
+## Version
+
+Update the HIVE_IMAGE_COMMIT_HASH in `hack/hive-generate-config.sh` with the latest commit sha of the Hive image you are deploying. The commit sha is used to specify the image tag and also used during config generation to checkout the correct version of the config files. The config files are subsequently used by the `hack/hive-dev-install.sh` script during iunstallation or during config updates.
+
+## Generating config
+
+In order to generate config for a dev environment you need to ensure you have the correct `LOCATION` is set in your env file. Once this is done you can simply run the config generation script.
+
+```bash
+# source your environment file
+. ./env
+# run the config generation
+./hack/hive-generate-config.sh
+```
+
+This will download the latest source, reset to the hash specified in HIVE_IMAGE_COMMIT_HASH, and build the config using kustomise.
+
+## Installing
+
+Ensure you have the latest AKS kubeconfig:
+```bash
+# get the AKS kubeconfig
+make aks.kubeconfig
+```
+
+Set KUBECONFIG to the aks.kubeconfig file, for example:
+```bash
+export KUBECONFIG="$PWD/aks.kubeconfig"
+```
+
+Installing then simply requires the running of the install script.
+
+```bash
+./hack/hive-dev-install.sh
+```
diff --git a/hack/hive-config/cluster-image-sets/4.10.15.yaml b/hack/hive-config/cluster-image-sets/4.10.15.yaml
new file mode 100644
index 00000000000..5dbff8143f2
--- /dev/null
+++ b/hack/hive-config/cluster-image-sets/4.10.15.yaml
@@ -0,0 +1,6 @@
+apiVersion: hive.openshift.io/v1
+kind: ClusterImageSet
+metadata:
+  name: openshift-v4.10.15
+spec:
+  releaseImage: quay.io/openshift-release-dev/ocp-release@sha256:ddcb70ce04a01ce487c0f4ad769e9e36a10c8c832a34307c1b1eb8e03a5b7ddb
diff --git a/hack/hive-config/hive-config.yaml b/hack/hive-config/hive-config.yaml
new file mode 100644
index 00000000000..6c2bad6d80c
--- /dev/null
+++ b/hack/hive-config/hive-config.yaml
@@ -0,0 +1,15 @@
+apiVersion: hive.openshift.io/v1
+kind: HiveConfig
+metadata:
+  name: hive
+spec:
+  logLevel: debug
+  targetNamespace: HIVE_OPERATOR_NS
+  deleteProtection: enabled
+  disabledControllers:
+  - remoteingress
+  failedProvisionConfig:
+    retryReasons:
+    - UnknownError
+  globalPullSecretRef:
+    name: hive-global-pull-secret
diff --git a/hack/hive-dev-install.sh b/hack/hive-dev-install.sh
new file mode 100755
index 00000000000..313f66b349c
--- /dev/null
+++ b/hack/hive-dev-install.sh
@@ -0,0 +1,80 @@
+#!/bin/bash
+
+HIVE_OPERATOR_NS="hive"
+KUBECTL=$( which kubectl 2> /dev/null || which oc 2> /dev/null)
+
+function cleanup {
+	[ -f "$(pwd)/kubectl" ] && rm -f "$(pwd)/kubectl"
+}
+
+function download_tmp_kubectl {
+	curl -sLO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+	if [ $? -ne 0 ]; then
+		echo ": error downloading kubectl"
+		exit 1
+	fi
+	chmod 755 kubectl
+	KUBECTL="$(pwd)/kubectl"
+}
+
+function verify_tools {
+	if [ ! -z "$KUBECTL" ]; then
+		return
+	fi
+	echo -n "kubectl or oc not detected, downloading"
+	download_tmp_kubectl
+	echo ", done."
+
+	if [ $( $KUBECTL get nodes 2>/dev/null | wc -l ) -eq 0 ]; then
+		echo "unable to connect to the cluster"
+		exit 1
+	fi
+}
+
+set -e
+trap cleanup EXIT
+
+if [ ! -f go.mod ] || [ ! -d ".git" ]; then
+	echo "this script must by run from the repo's root directory"
+	exit 1
+fi
+
+if [ ! -f "./hack/hive-config/hive-deployment.yaml" ] || [ ! -d "./hack/hive-config/crds" ] ; then
+	echo "hive config is missing, generating config, please rerun this script afterwards"
+	./hack/hive-generate-config.sh
+	if [ $? -ne 0 ]; then
+		echo "error generating the hive configs"
+		exit 1
+	fi
+fi
+
+if [ -z "$PULL_SECRET" ]; then
+	echo "global pull secret variable required, please source ./env"
+	exit
+fi
+
+verify_tools
+
+if [ $( $KUBECTL get namespace $HIVE_OPERATOR_NS -o yaml 2>/dev/null | wc -l ) -ne 0 ]; then
+	echo "hive is already installed in the namespace"
+	echo -n "would you like to reapply the configs? (y/N): "
+	read answer
+	if [[ "$answer" != "y" ]]; then
+		exit
+	fi
+else
+	$KUBECTL create namespace $HIVE_OPERATOR_NS
+fi
+
+$KUBECTL apply -f ./hack/hive-config/crds
+$KUBECTL apply -f ./hack/hive-config/hive-deployment.yaml
+$KUBECTL apply -f ./hack/hive-config/cluster-image-sets
+
+echo "$PULL_SECRET" > /tmp/.tmp-secret
+# Using dry-run allows updates to work seamlessly
+$KUBECTL create secret generic hive-global-pull-secret --from-file=.dockerconfigjson=/tmp/.tmp-secret --type=kubernetes.io/dockerconfigjson --namespace $HIVE_OPERATOR_NS -o yaml --dry-run=client | $KUBECTL apply -f - 2>/dev/null
+rm -f /tmp/.tmp-secret
+
+sed "s/HIVE_OPERATOR_NS/$HIVE_OPERATOR_NS/g" hack/hive-config/hive-config.yaml | $KUBECTL apply -f -
+
+echo -e "\nHive is installed."
diff --git a/hack/hive-generate-config.sh b/hack/hive-generate-config.sh
new file mode 100755
index 00000000000..ce4b9d6e057
--- /dev/null
+++ b/hack/hive-generate-config.sh
@@ -0,0 +1,94 @@
+#!/bin/bash
+
+# This is the commit sha that the image was built from and ensures we use the correct configs for the release
+HIVE_IMAGE_COMMIT_HASH="2383a88"
+
+# For now we'll use the quay hive image, but this will change to an ACR once the quay.io -> ACR mirroring is setup
+# Note: semi-scientific way to get the latest image: `podman search --list-tags --limit 10000 quay.io/app-sre/hive | tail -n1`
+HIVE_IMAGE="quay.io/app-sre/hive:${HIVE_IMAGE_COMMIT_HASH}"
+
+HIVE_OPERATOR_NS="hive"
+
+# This version is specified in the hive repo and is the only hard dependency for this script
+# https://github.com/openshift/hive/blob/master/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/kustomize.mk#L7
+KUSTOMIZE_VERSION=4.1.3
+KUSTOMIZE=$( which kustomize 2>/dev/null )
+TMPDIR=$( mktemp -d )
+
+function cleanup {
+	popd >& /dev/null
+	[ -d "$TMPDIR" ] && rm -fr "$TMPDIR"
+}
+
+function verify_kustomize {
+	if [ ! -z "$KUSTOMIZE" ]; then
+		return
+	fi
+	echo -n "kustomize not detected, downloading "
+	curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/kustomize/v${KUSTOMIZE_VERSION}/hack/install_kustomize.sh" | bash -s "$KUSTOMIZE_VERSION" "$TMPDIR"
+	if [ $? -ne 0 ]; then
+		echo "error downloading kustomize"
+		exit 1
+	fi
+	KUSTOMIZE="${TMPDIR}/kustomize"
+}
+
+function hive_repo_clone {
+	echo -n "Cloning hive repo into tmp for config generation"
+	CLONE_ERROR=$(git clone https://github.com/openshift/hive.git "$TMPDIR" 2>/dev/null )
+	if [ $? -ne 0 ]; then
+		echo ": error cloning the hive repo: ${CLONE_ERROR}"
+		exit 1
+	fi
+	echo ", done."
+}
+
+function hive_repo_hash_checkout {
+	# go into $TMPDIR and checkout the commit the image was built with
+	pushd $TMPDIR >& /dev/null
+	git reset --hard $HIVE_IMAGE_COMMIT_HASH
+	if [ $? -ne 0 ] || [[ $( git rev-parse --short=${#HIVE_IMAGE_COMMIT_HASH} HEAD ) != ${HIVE_IMAGE_COMMIT_HASH} ]]; then
+		echo "error resetting the hive repo to the correct git hash '${HIVE_IMAGE_COMMIT_HASH}'"
+		exit 1
+	fi
+}
+
+function generate_hive_config {
+	# Create the hive operator install config using kustomize
+	mkdir -p overlays/deploy
+	cp overlays/template/kustomization.yaml overlays/deploy
+	pushd overlays/deploy >& /dev/null
+	$KUSTOMIZE edit set image registry.ci.openshift.org/openshift/hive-v4.0:hive=$HIVE_IMAGE
+	$KUSTOMIZE edit set namespace $HIVE_OPERATOR_NS
+	popd >& /dev/null
+
+	$KUSTOMIZE build overlays/deploy > hive-deployment.yaml
+
+	# return to the repo directory to copy the generated config from $TMPDIR
+	popd >& /dev/null
+	mv "$TMPDIR/hive-deployment.yaml" ./hack/hive-config/
+
+	if [ -d ./hack/hive-config/crds ]; then
+		rm -fr ./hack/hive-config/crds
+	fi
+	cp -R "$TMPDIR/config/crds" ./hack/hive-config/
+}
+
+set -e
+trap cleanup EXIT
+
+if [ ! -f go.mod ] || [ ! -d ".git" ]; then
+	echo "this script must by run from the repo's root directory"
+	exit 1
+fi
+if [[ ! "$TMPDIR" || ! -d "$TMPDIR" ]]; then
+	echo "could not create temp working dir"
+	exit 1
+fi
+
+hive_repo_clone
+hive_repo_hash_checkout
+verify_kustomize
+generate_hive_config
+
+echo -e "\nHive config generated."