diff --git a/clusters/cl01tl/manifests/descheduler/Deployment-descheduler.yaml b/clusters/cl01tl/manifests/descheduler/Deployment-descheduler.yaml
index f3c50627b..000caee6e 100644
--- a/clusters/cl01tl/manifests/descheduler/Deployment-descheduler.yaml
+++ b/clusters/cl01tl/manifests/descheduler/Deployment-descheduler.yaml
@@ -27,7 +27,7 @@ spec:
       serviceAccountName: descheduler
       containers:
         - name: descheduler
-          image: "registry.k8s.io/descheduler/descheduler:v0.35.1"
+          image: "registry.k8s.io/descheduler/descheduler:v0.35.1@sha256:871d3b804390b0b8c7cb09d4e9b7856cf30e31f9e9e3d29562b0301a10453bb1"
           imagePullPolicy: IfNotPresent
           command:
             - /bin/descheduler
diff --git a/clusters/cl01tl/manifests/external-dns/Deployment-external-dns-unifi.yaml b/clusters/cl01tl/manifests/external-dns/Deployment-external-dns-unifi.yaml
index 8b2a827e6..306187fba 100644
--- a/clusters/cl01tl/manifests/external-dns/Deployment-external-dns-unifi.yaml
+++ b/clusters/cl01tl/manifests/external-dns/Deployment-external-dns-unifi.yaml
@@ -42,7 +42,7 @@ spec:
             runAsGroup: 65532
             runAsNonRoot: true
             runAsUser: 65532
-          image: registry.k8s.io/external-dns/external-dns:v0.20.0
+          image: registry.k8s.io/external-dns/external-dns:v0.20.0@sha256:ddc7f4212ed09a21024deb1f470a05240837712e74e4b9f6d1f2632ff10672e7
           imagePullPolicy: IfNotPresent
           args:
             - --log-level=info
diff --git a/clusters/cl01tl/manifests/medialyze/Deployment-medialyze.yaml b/clusters/cl01tl/manifests/medialyze/Deployment-medialyze.yaml
index 3d44088c7..ac6fc2f28 100644
--- a/clusters/cl01tl/manifests/medialyze/Deployment-medialyze.yaml
+++ b/clusters/cl01tl/manifests/medialyze/Deployment-medialyze.yaml
@@ -29,6 +29,9 @@ spec:
       enableServiceLinks: false
       serviceAccountName: default
       automountServiceAccountToken: true
+      securityContext:
+        fsGroup: 1000
+        fsGroupChangePolicy: OnRootMismatch
       hostIPC: false
       hostNetwork: false
       hostPID: false
@@ -43,13 +46,12 @@ spec:
               value: America/Chicago
             - name: MEDIA_HOST_DIR
               value: /media
-          image: ghcr.io/frederikemmer/medialyze:0.4.1
-          imagePullPolicy: IfNotPresent
+          image: ghcr.io/frederikemmer/medialyze:0.4.1@sha256:d4f2e04d3759f308bea605c9b7242ab6da98813adc0b276dc3cbe9c283071eb8
           name: main
           resources:
             requests:
-              cpu: 10m
-              memory: 128Mi
+              cpu: 5m
+              memory: 400Mi
           volumeMounts:
             - mountPath: /config
               name: data
diff --git a/clusters/cl01tl/manifests/medialyze/HTTPRoute-medialyze.yaml b/clusters/cl01tl/manifests/medialyze/HTTPRoute-medialyze.yaml
index ed706450e..598d376a7 100644
--- a/clusters/cl01tl/manifests/medialyze/HTTPRoute-medialyze.yaml
+++ b/clusters/cl01tl/manifests/medialyze/HTTPRoute-medialyze.yaml
@@ -23,7 +23,7 @@ spec:
           name: medialyze
           namespace: medialyze
           port: 80
-          weight: 100
+          weight: 1
       matches:
         - path:
             type: PathPrefix
diff --git a/clusters/cl01tl/manifests/medialyze/PersistentVolumeClaim-medialyze-data.yaml b/clusters/cl01tl/manifests/medialyze/PersistentVolumeClaim-medialyze-data.yaml
index 2c1a7b656..861244ea7 100644
--- a/clusters/cl01tl/manifests/medialyze/PersistentVolumeClaim-medialyze-data.yaml
+++ b/clusters/cl01tl/manifests/medialyze/PersistentVolumeClaim-medialyze-data.yaml
@@ -7,8 +7,6 @@ metadata:
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: medialyze
     helm.sh/chart: medialyze-4.6.2
-  annotations:
-    helm.sh/resource-policy: keep
   namespace: medialyze
 spec:
   accessModes:
diff --git a/clusters/cl01tl/manifests/metrics-server/Deployment-metrics-server.yaml b/clusters/cl01tl/manifests/metrics-server/Deployment-metrics-server.yaml
index da134c89d..1f8dd92d2 100644
--- a/clusters/cl01tl/manifests/metrics-server/Deployment-metrics-server.yaml
+++ b/clusters/cl01tl/manifests/metrics-server/Deployment-metrics-server.yaml
@@ -10,7 +10,7 @@ metadata:
     app.kubernetes.io/version: "0.8.0"
     app.kubernetes.io/managed-by: Helm
 spec:
-  replicas: 3
+  replicas: 2
   selector:
     matchLabels:
       app.kubernetes.io/name: metrics-server
@@ -35,7 +35,7 @@ spec:
             runAsUser: 1000
             seccompProfile:
               type: RuntimeDefault
-          image: registry.k8s.io/metrics-server/metrics-server:v0.8.0
+          image: registry.k8s.io/metrics-server/metrics-server:v0.8.0@sha256:89258156d0e9af60403eafd44da9676fd66f600c7934d468ccc17e42b199aee2
           imagePullPolicy: IfNotPresent
           args:
             - --secure-port=10250
@@ -70,8 +70,8 @@ spec:
               mountPath: /tmp
           resources:
             requests:
-              cpu: 100m
-              memory: 200Mi
+              cpu: 10m
+              memory: 60Mi
       volumes:
         - name: tmp
           emptyDir: {}