diff --git a/Dockerfile b/Dockerfile
index c94f9e0..f847d12 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,17 +1,16 @@
-FROM docker.io/openjdk:jre-alpine
+FROM docker.io/openjdk:11-slim
 
 ARG BUILD_ID=""
-ARG BAMBOO_VERSION=""
+ARG BAMBOO_VERSION="9.2.4"
 ARG PORT=""
 ARG REF=""
 
-LABEL description="Containerised Atlassian Bomboo Server"
+LABEL org.opencontainers.image.description="Containerised Atlassian Bamboo Server"
 LABEL maintainer="Said Sef <said@saidsef.co.uk> (saidsef.co.uk/)"
-LABEL version="8.2.7"
 LABEL "uk.co.saidsef.bamboo"="${REF}"
 
 ENV BAMBOO_HOME /data
-ENV BB_PKG_NAME atlassian-bamboo-${BAMBOO_VERSION:-8.2.9}
+ENV BB_PKG_NAME atlassian-bamboo-${BAMBOO_VERSION}
 ENV PATH /opt/$BB_PKG_NAME/bin:$PATH
 ENV HOME /tmp
 ENV PORT ${PORT:-8085}
@@ -22,22 +21,26 @@ USER root
 WORKDIR $BAMBOO_HOME
 
 # Install wget and Download Bamboo
-RUN apk add --update --no-cache wget bash openssl procps && \
+RUN apt-get update && \
+    apt-get upgrade -y && \
+    # wget and curl are required by Atlassian Bamboo Server
+    apt-get install -yq procps wget curl && \
+    rm -rf /var/lib/apt/lists/* && \
     echo $BB_PKG_NAME && \
     wget https://www.atlassian.com/software/bamboo/downloads/binary/$BB_PKG_NAME.tar.gz && \
     tar xvzf $BB_PKG_NAME.tar.gz && \
     rm -vf $BB_PKG_NAME.tar.gz && \
     mkdir -p /opt && \
-    mv $BB_PKG_NAME /opt && \
-    rm -rf /var/cache/apk/*
+    mv $BB_PKG_NAME /opt/atlassian-bamboo && \
+    apt-get autoremove -y
 
 # COPY bamboo-init.properties config
-COPY config/bamboo-init.properties /opt/$BB_PKG_NAME/WEB-INF/classes/
-COPY config/bamboo-init.properties /opt/$BB_PKG_NAME/
+COPY config/bamboo-init.properties /opt/atlassian-bamboo/WEB-INF/classes/
+COPY config/bamboo-init.properties /opt/atlassian-bamboo/
 
-# # Fix dir permissions/ownership
-RUN chmod a+rwx /opt/$BB_PKG_NAME/WEB-INF/classes/bamboo-init.properties && \
-    chown nobody:nobody -R /opt/$BB_PKG_NAME
+# Fix dir permissions/ownership
+RUN chown nobody -R /opt/atlassian-bamboo && \
+    chmod g+rwx /opt/atlassian-bamboo/WEB-INF/classes/bamboo-init.properties
 
 USER nobody
 
@@ -48,4 +51,4 @@ VOLUME ["/data"]
 EXPOSE ${PORT}
 
 # Define default command.
-CMD /opt/$BB_PKG_NAME/bin/start-bamboo.sh -fg
+CMD /opt/atlassian-bamboo/bin/start-bamboo.sh -fg
diff --git a/deployment/base/kustomization.yml b/deployment/base/kustomization.yml
new file mode 100644
index 0000000..8bbef8f
--- /dev/null
+++ b/deployment/base/kustomization.yml
@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- statefulset.yml
+- service.yml
diff --git a/deployment/service.yml b/deployment/base/service.yml
similarity index 100%
rename from deployment/service.yml
rename to deployment/base/service.yml
diff --git a/deployment/statefulset.yml b/deployment/base/statefulset.yml
similarity index 66%
rename from deployment/statefulset.yml
rename to deployment/base/statefulset.yml
index 2a892d5..888eab1 100644
--- a/deployment/statefulset.yml
+++ b/deployment/base/statefulset.yml
@@ -22,6 +22,12 @@ spec:
         name: bamboo
         app: bamboo
     spec:
+      automountServiceAccountToken: false
+      enableServiceLinks: false
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: 65534
+        runAsUser: 65534
       containers:
         - image: docker.io/saidsef/atlassian-bamboo-cicd:v2023.04
           imagePullPolicy: Always
@@ -35,19 +41,24 @@ spec:
             - protocol: TCP
               containerPort: 8085
               name: bamboo
+          resources:
+            limits:
+              cpu: 500m
+              memory: 1Gi
+              ephemeral-storage: 3Gi
           livenessProbe:
             exec:
               command:
                 - pgrep
                 - java
-            initialDelaySeconds: 3
+            initialDelaySeconds: 10
             periodSeconds: 3
             successThreshold: 1
             timeoutSeconds: 2
           readinessProbe:
             tcpSocket:
               port: bamboo
-            initialDelaySeconds: 5
+            initialDelaySeconds: 10
             periodSeconds: 5
             successThreshold: 1
             timeoutSeconds: 1
@@ -56,18 +67,24 @@ spec:
               type: RuntimeDefault
             allowPrivilegeEscalation: false
             privileged: false
-            runAsGroup: 65534
-            runAsUser: 65534
-            runAsNonRoot: true
-            readOnlyRootFilesystem: false
+            readOnlyRootFilesystem: true
             capabilities:
               drop:
                 - ALL
           volumeMounts:
-            - name: bamboo-storage
+            - name: data
               mountPath: /data
               subPath: data
+            - name: data
+              mountPath: /opt/atlassian-bamboo/logs
+              subPath: logs
+            - name: data
+              mountPath: /opt/atlassian-bamboo/work
+              subPath: work
+            - name: data
+              mountPath: /opt/atlassian-bamboo/conf/Catalina
+              subPath: catalina
       volumes:
-        - name: bamboo-storage
+        - name: data
           emptyDir:
             sizeLimit: 3Gi
diff --git a/deployment/kustomization.yml b/deployment/kustomization.yml
index 7bfc29d..c082874 100644
--- a/deployment/kustomization.yml
+++ b/deployment/kustomization.yml
@@ -3,10 +3,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-- statefulset.yml
-- service.yml
+- base/
 
 images:
 - name: bamboo
   newName: docker.io/saidsef/atlassian-bamboo-cicd
-  newTag: v2023.04
+  newTag: v2023.08