diff --git a/k8s/infra/auth/lldap/bootstrap.yaml b/k8s/infra/auth/lldap/bootstrap.yaml
index 53fe8a8..7be3ecf 100644
--- a/k8s/infra/auth/lldap/bootstrap.yaml
+++ b/k8s/infra/auth/lldap/bootstrap.yaml
@@ -10,10 +10,23 @@ spec:
   template:
     spec:
       restartPolicy: OnFailure
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1001
+        runAsGroup: 1001
+        fsGroup: 1001
+        fsGroupChangePolicy: OnRootMismatch
+        seccompProfile:
+          type: RuntimeDefault
       containers:
         - name: lldap-bootstrap
-          image: ghcr.io/lldap/lldap:2024-12-24-debian-rootless # renovate: docker=ghcr.io/lldap/lldap versioning=loose
+          image: ghcr.io/lldap/lldap:v0.6.1-alpine-rootless # renovate: docker=ghcr.io/lldap/lldap
           command: [ /app/bootstrap.sh ]
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: [ ALL ]
           envFrom:
             - configMapRef:
                 name: common-env
diff --git a/k8s/infra/auth/lldap/lldap-credentials.yaml b/k8s/infra/auth/lldap/lldap-credentials.yaml
index 261d9d1..e0ee0f2 100644
--- a/k8s/infra/auth/lldap/lldap-credentials.yaml
+++ b/k8s/infra/auth/lldap/lldap-credentials.yaml
@@ -5,9 +5,10 @@ metadata:
   namespace: lldap
 spec:
   encryptedData:
-    LLDAP_JWT_SECRET: AgBHWThcjPhPYbi3UeahHbG/f+Wbt78zfhKf8wQv/4GvyKAtotinzuZ3dV9mIzfWZCk/731v5TGS+SQ1W3rn0nQSkUzwVBdZyM+FAMyuj3YQHanVWKnL12yHqL/ruz4G0G5hrmCH0KgehjmTW5A0dRb+/aXr3JGudUJ+6hlDuH/D8jgKEUjKP7md4KyNzuLT7JWYygqXksUvi4hP28TCZiVSYYLvE0eHqh2ylOS2ckFGn6yNpJ7wRUB9BmRFhzZGMRS4bdkH50TMCfvos7tOkH2NrzXxTVjSX5gVJK5ZV2lXylxQmD/vtItrh6sLhL0GJM7Y4Jm4146e6bJ2eMI76h2q4TgrBh8Bu1ylEpRG5kxd8ThNI527mu6eRmne9205A4pWtljztyhPPgZGPP4j9bQQmVpYgbS4XzhHdP4ePGcJDMLQ8mHz85ZcEyhYQ6M+ITbjnEhbmd+CcViDZWLNGZ4Pf3hHwZchdP0ggEVzny8NMoSdup/M4HWevGOeK585Hg2FtX660TUMOrynSJHltB7q7XS/xiwoSEXRf7/MdeEUJFhbFnnQQodv+IqeHQVI/xzEPL5jGPfCDbDXLhtBlvZv3oBJgUK7MO42zBE5NkhGeupmitIGLSFLQL5ZG3L3WYov9L47Lb0F52BbP1tuti5QuqojqsJMJz2KWclP/9KJaKdBR0hFJylf6yYAgHsiENVTTdVt1wB9N9qssMrRtl3kYhTLKS3T2CFZfYwCmrZ62Q==
-    LLDAP_LDAP_BASE_DN: AgCGdJLxEnemfNHO8if9cz49cYfpt0mHmW/f+dDmYpJdBpVGFG0cqs7kdT33dBIddiAvObsQzoBZRGpwlVAi9kd/Wg6wjmOwcevfl9QndC9mlLGKn2oL33BL5DrOnIOtrOLpO/PIa5Gs0ScZx4P1lpt/8+Pi7/YjZ2BWD1geclrYf2gpmLqmzKgRZ7LNzyxwLiI5y6+1Ef5AszJAWZ51FWMc98YFdCHGmpiBqpEm8wVYx2VD3R/VZqSKJf5g1xb/tygCq3q063ml0yinXlC1NakGbWI08NsR/T+kcztLmc4ib07KcTQaQrfAl0HkbDrY/BOQ/UH0nzMWEtAbcU9ZHnUvPQNMuZG+aEt22JcbKv2Dq8xLPR4bznm3MTNCMpPYnUH3wZFaIgG7JSE+nVdjCnq4JvCOtmQ46jh6zkalErqv8Djv7XaR8n/cFGLo+nFW4+N1vKiL9b3XirpHa8FXxlzp9oENqaLauBYwqpKk5xcB8vzvgBZVZdYBRvEC9qyLklp7IN0g4TH+Q82ZaY7+VgEzBYJXVLF2/4k6kAqMJzhh8OKBlVG+B8AbuCLyD/ztE4BJWpBJBeHrucjEwHFkGEHMmafHugH/RPGrxkYlwFRQtfgS39cxLlY7RCT0+jPbk4Ky3iZPeQ1w/K7FtcyHe+/vA4yK301sT3f8aOO9guQVJA31NEbTGHF3ah8perffAwz+l9bQxW11LilApBuIr8HtIiq+oWU=
-    LLDAP_LDAP_USER_PASS: AgCKiTbe39C7kXcV1nrmtUcVak7wyNHTZCZPpSCJ1I/jrU4Z5oohIhYqYU/bKl5pb/wIPJMaFEweRp4JV4cQu54Q68MrWBsaK6oXc8pRBHiomANOhPekUS4pbKrZvb8mUmNCnB+TATkDXGtHUlUUrXNcWJsXS5N8UYW3cnoIXCaXDazPnGRok9o8OYvbGiJhlC8pTTbNwP6MRQrDkOTDczk/Ss5ChplEIrI9nKSeK3JCG6SQCdQPUBekuBloXor45WKcn2S0Rj01gP5XyL4y76w2GYCy4ZhQVgFuU/lIK11dl1Qi7LuTTY6YXrZ2D7SPIllle/tizXvaXjiJnQl5w4XbpxahReApjkMwXVmPelN4scvlibSOndkEwO2fY7p339s5JHw60lcvTBtuq14fd2t8kw0E2TJLq4Q4grjH/V9CQont+wZlgLbO837Gy+eVS1TUppjBkt4jd0IlBzqA+e5u5YCPw3cDegVT83My2aIF6YctNcruoc8cSopFlUSm6y0sb0+P1QKRODgIqRWCTyN03NRw1lipZ+af6Z2VfjXOBxSLQrmtUTpqwQV0VehCt+Hg66dH0bM9qZ2vpxUHxgN+J01kfflL5zu7c1gwSgkBiGLCNh9ga7jKN6hHvWpiPQUHbqxs9/7RTcFwhMNY4LIfinkFDjQullic2QIwAvNk93gKGsNnPrQq/JUyR2aN0aIbA6WVzTlWeZBhAgL449TbC9CNeJ+HmHY1+qlSJ3cnCA==
+    LLDAP_JWT_SECRET: AgB1wy9byGIfMhnqHIINj5l1AM2sNPmElPf2NvJ9vP0foJDoKTz0l005bpC1OdGcXijkub8/SCAW2dQgVflSY4dZm9JjXRrEiAPLpXf6UinkIJY9T9pMw44MQUJFzNmoJlC+sW+qCjAqnBgWHQUTHYvyWrehfpvbXWyxxbaGFDpn6t5WX2bqNmSUB5j7WTpywc1H7dLWlKg3CRS15lXxCd8R0ysxKrNygbrlYgZjeOVJ76VYDWvpHZowPuhtG7jigWFmo+xHvIx7/qZ1BktphLW8SQvCx8q+fjt0xRsu3hFfs/Cgt56tE5r7IAj7ywjq/j39w+IAS7H5kBcuYIrR+uC82Z71DrzYHpktNmuoOtiQXAFQZ+8OCQuQP9fb29BR2JR9tpybmRHv5oy6KK6HP3Xk//HSEfxhThihEKqos5Q4D2htjHIg2jJlpyxx9P+zMECKi98jHl3ZAQRYoVtyHywhBPHa7sfYY8OgNSz/ZoJLS97Xr0RmXOst/Zh5hllR+fJmcHxi2qhqIsOFj8JpT88kDD/FwRdz8scMu6tgDAEoy2hbK+BIoqJVqDqfw12F1K/z3r9YODtgy/uMxzHLEUY4gW6ct/pVVLcJiOvPJmNp574c1GzNIiXwu/jI+3+ssI1C/lOknoLInQNHo8igfzG2Qn0HS5v1uh0Emr52niKRxsj3aImGGJEZSAXaT/OTq2xlt3HKpGFZyeaADOqi08u0kXdwoFySHMCD1n0bSzd7og==
+    LLDAP_KEY_SEED: AgBNAlCRFcoIYtQQXK3abFYNIfcfzb+94ZBVU8qgdaHsUbBITXiUsRNazE4B5mwYAH+15Ht/qEtFrb+tqXnGB00uTOUWu8InU6iKt7dzytB5ubQeZNykYKGUVoXY3YUQcjbj0xadc8gCRLXl8zZa8DhFI41C8u7cUWE80uAq01OSexZj48VEocVz7t2Xmwq04gVoEsWj2KcOEbkWWQcIIsyJ5Rely4BSckdj1TpEtnmBnWWXp04fMTcPCFn7r0XMzpFWBL5TQj9g6QP5kNeJXpTzkUfJUzVtw/2WUbuLakb2PUexAckyD2vw4yx0Wcp3VCmFeOEpeYypzy/stypDEVfy0oF4wS0xHv2RWOFzC1epHBlAMeangvZsXZ2eMxipizK8Vt9W7ZdFynNzgP+WtaMeTWOvg9BLtKE8gWWv8MCC+63D4LOo2l00ADVgetbrsj3CpfZcclVdyEO3rhsMJjyG/OmRf9mZftw0phMot6WhXrUC9J9ABzr12bp7MB71YB7DXPhqmOHywqgVsfYyRb4cUSvIXA6VIkPazpTIWSlZ2/H5g+JkSGquldxZOH4gZfSmrv9mHxCpXBJb1zmd8xr7IzX2DDynyxDWD7Jt5mGjcQf9PmjaFB6UwtGDCSU4rw+5M33yMPU30Ts8wHs8bDe63/oi/SQ0ADIpXfeonrEveAuyK8aqfojq7I6pf1dDF0JCwvyzOL2yS/ZZEoRNkMYSM1FUvlhzL8DMCMUi5Fih86oG92uEbjY=
+    LLDAP_LDAP_BASE_DN: AgCDzgQoXM5apoXWAp7w6S/Q6Ip5mcTDuK+Sgyuoll2zBXYw4ZpakE1f7THiDleNkw12UrluyjmIr+KogMjQrKxWWgZoli4aZ7kNHPHnoyAz1Pz3gkoYNctYKDp2m3jYnEV6L3c6cw0mZFcAyBGHVuGnhnRF/E4PWjaI+DGyUq6LXnEVQJHfYR4v5eifZyArubmGpy85SnJnHowlsGk0fg8T842OEaSQjO0gZI3iT8zSeTnsDoxos56fZOi1FoI99qa181rsnMNWgGZOQO3pcTdROIdCipgqldYHm3nhDwnz5UPUyCAz2kc6zjkp8lrUkrcNV/T3p9hNvi7bb5XYpghKLsJ/LTJd9ynX/Erp+OEGL8cSuf2iXsraGCPjH3mdU96hcEgQhoqXNIzZ4hDAyYnbVKEOOVrIs5bS3Trayr4R1oinOcyVphsuRAJh8CAQ5xHOpmtbFmw5eo+vpNiFoGCjyM0dwABQ4trG63jlI20lrz3BWgl1IQ+170CZSKHoxgLmBgwSH59DPoU4b4XoY3lquww8fyWihRsQMk9YRzeAwgdY/oa7c9awU7ILjjHxz5ORIoNkQL6DI2ljQRoRcq4DFfF9DNvK9MbNyZT+WkgrDkAvKFWQQnecWuhS0RizGP/lohUMWOsDkPQtZbBdBjKLEIydjz9hLp095MrZ6x1VYKS5K8s2jjk3EKiEd5LWyqDPg+FalOLXDc5Q4n8+K7BIremGrTc=
+    LLDAP_LDAP_USER_PASS: AgB+53p0MEFxo9EFeoi8aonhEKPeuqhIrIqtmmJwLsqdY7cNXOAyX//5H75xKlCtTu9DBHuCcoXZtcThq7aSmi/idGgfZEbUqA8caxnOjGqsEccMif5dm6rKjd0oIlQTONII/HL7DA9tGWDTKBMzh9MPx2um6Qr4qEPObARgL/JXfxVK/GAQcAP4kQ+aMTLowtGP5QrSZaTYBhtOk72BYoHt8AwBwfvH6urz3CDNhnAStdk1s1WIOnymaitR96nLIrTp7s+i87IptABAbV0V5zZEju3BHkM53FJR9Gh0Dxo2dxMVqdOc86NIXQWskaJzLhbjN7P8Xw1FPQtj23z3KlZSDUXnctayaoQQVBd+oEp4yPTqLluAkKlq7ogh1kQ9aP5Av7ubSf5d3dDg/5Cg4siYXhO+vRzCJ4P0QsJRBp0aX4fCs7aYZtccA5CZatsVKghf6aiF7aN1lYvQdHLwxqwaIpdDTPY8zrRaDX92jc9YeKFKTMQfT0MATaCkQkRbwgR18d2j1QOBT7hmshZcbBNaRaWN1BmI8CBFu9rCiOdFg6moAjTMIZenbY+TOXbveBzGNBh6KVHtzU4ZD1nQMQSTg1v6vfe/q8XIrtjcKo9RbVMMUt0k80aIZmOBnnwNbI0vNFD0jmFg/cMh4a3hImBTBvM75kgGWUOpwinIIA7TtEuLUzx7V+kyuoFCkEzXVxqC60KBkPNrxtlYc2al3Ete15EEokiHDNIVjkxKfSN7XA==
   template:
     metadata:
       name: lldap-credentials
diff --git a/k8s/infra/vpn/netbird/relay/deployment.yaml b/k8s/infra/vpn/netbird/relay/deployment.yaml
index 6933355..f617923 100644
--- a/k8s/infra/vpn/netbird/relay/deployment.yaml
+++ b/k8s/infra/vpn/netbird/relay/deployment.yaml
@@ -16,7 +16,7 @@ spec:
         seccompProfile:
           type: RuntimeDefault
       containers:
-        - image: netbirdio/relay:0.35.2 # renovate: docker=netbirdio/relay
+        - image: docker.io/netbirdio/relay:0.35.2 # renovate: docker=netbirdio/relay
           imagePullPolicy: IfNotPresent
           name: relay
           securityContext: