diff --git a/ironic-ipa-downloader-image/Dockerfile b/ironic-ipa-downloader-image/Dockerfile
index 9fb2dc7..b39fec5 100644
--- a/ironic-ipa-downloader-image/Dockerfile
+++ b/ironic-ipa-downloader-image/Dockerfile
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.7
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.8
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.8-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -18,11 +18,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.6"
+LABEL org.opencontainers.image.version="3.0.8"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.8-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -33,8 +33,6 @@ LABEL com.suse.release-stage="released"
 
 COPY --from=base /installroot /
 RUN cp /getopt /usr/bin/
-RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
-RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
 RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
 # configure non-root user
 COPY configure-nonroot.sh /bin/
diff --git a/ironic-ipa-downloader-image/Dockerfile.aarch64 b/ironic-ipa-downloader-image/Dockerfile.aarch64
index 99c6fef..6eac4f1 100644
--- a/ironic-ipa-downloader-image/Dockerfile.aarch64
+++ b/ironic-ipa-downloader-image/Dockerfile.aarch64
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.7
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.7-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.8
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.8-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -18,11 +18,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.6"
+LABEL org.opencontainers.image.version="3.0.8"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.8-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -33,8 +33,6 @@ LABEL com.suse.release-stage="released"
 
 COPY --from=base /installroot /
 RUN cp /getopt /usr/bin/
-RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
-RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
 RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
 # configure non-root user
 COPY configure-nonroot.sh /bin/
diff --git a/ironic-ipa-downloader-image/Dockerfile.x86_64 b/ironic-ipa-downloader-image/Dockerfile.x86_64
index fb1acbe..2f2a07f 100644
--- a/ironic-ipa-downloader-image/Dockerfile.x86_64
+++ b/ironic-ipa-downloader-image/Dockerfile.x86_64
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.7
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.7-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.8
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.8-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -18,11 +18,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.6"
+LABEL org.opencontainers.image.version="3.0.8"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.8-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -33,8 +33,6 @@ LABEL com.suse.release-stage="released"
 
 COPY --from=base /installroot /
 RUN cp /getopt /usr/bin/
-RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
-RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
 RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
 # configure non-root user
 COPY configure-nonroot.sh /bin/
diff --git a/ironic-ipa-downloader-image/get-resource.sh b/ironic-ipa-downloader-image/get-resource.sh
index ba26138..14e9293 100644
--- a/ironic-ipa-downloader-image/get-resource.sh
+++ b/ironic-ipa-downloader-image/get-resource.sh
@@ -6,6 +6,8 @@ export http_proxy=${http_proxy:-$HTTP_PROXY}
 export https_proxy=${https_proxy:-$HTTPS_PROXY}
 export no_proxy=${no_proxy:-$NO_PROXY}
 
+IMAGES_BASE_PATH="/srv/tftpboot/openstack-ironic-image"
+
 if [ -d "/tmp/ironic-certificates" ]; then
   sha256sum /tmp/ironic-certificates/* > /tmp/certificates.sha256
   if cmp "/shared/certificates.sha256" "/tmp/certificates.sha256"; then
@@ -26,14 +28,14 @@ if [ -z "${IPA_BASEURI}" ]; then
   IMAGE_CHANGED=1
   # SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
   mkdir -p /shared/html/images
-  if [ -f /tmp/initrd-x86_64.zst ]; then
-    cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
-    cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
+  if [ -f ${IMAGES_BASE_PATH}/initrd-x86_64.zst ]; then
+    cp ${IMAGES_BASE_PATH}/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
+    cp ${IMAGES_BASE_PATH}/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
   fi
   # Use arm64 as destination for iPXE compatibility
-  if [ -f /tmp/initrd-aarch64.zst ]; then
-    cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
-    cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
+  if [ -f ${IMAGES_BASE_PATH}/initrd-aarch64.zst ]; then
+    cp ${IMAGES_BASE_PATH}/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
+    cp ${IMAGES_BASE_PATH}/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
   fi
 
   cp /tmp/images.sha256 /shared/images.sha256
diff --git a/ironic-ipa-ramdisk/config.sh b/ironic-ipa-ramdisk/config.sh
index 8d2226f..c188274 100644
--- a/ironic-ipa-ramdisk/config.sh
+++ b/ironic-ipa-ramdisk/config.sh
@@ -16,7 +16,7 @@ baseSetupBuildDay
 #==========================================
 # remove unneded kernel files
 #------------------------------------------
-suseStripKernel
+#suseStripKernel
 baseStripLocales en_US.utf-8 C.utf8
 
 #======================================
diff --git a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
index 9104d46..454b163 100644
--- a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
+++ b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
@@ -28,68 +28,6 @@
       <source path="dir:///.build.binaries"/>
     </repository>
 
-    <drivers>
-        <file name="crypto/*"/>
-        <file name="drivers/acpi/*"/>
-        <file name="drivers/acpi/dock.ko"/>
-        <file name="drivers/ata/*"/>
-        <file name="drivers/block/brd.ko"/>
-        <file name="drivers/block/cciss.ko"/>
-        <file name="drivers/block/loop.ko"/>
-        <file name="drivers/block/virtio_blk.ko"/>
-        <file name="drivers/cdrom/*"/>
-        <file name="drivers/char/hw_random/virtio-rng.ko"/>
-        <file name="drivers/char/lp.ko"/>
-        <file name="drivers/char/ipmi/*"/>
-        <file name="drivers/firmware/iscsi_ibft.ko"/>
-        <file name="drivers/firmware/edd.ko"/>
-        <file name="drivers/gpu/drm/*"/>
-        <file name="drivers/hid/*"/>
-        <file name="drivers/hv/*"/>
-        <file name="drivers/hwmon/*"/>
-        <file name="drivers/ide/*"/>
-        <file name="drivers/input/keyboard/*"/>
-        <file name="drivers/input/mouse/*"/>
-        <file name="drivers/md/*"/>
-        <file name="drivers/message/fusion/*"/>
-        <file name="drivers/misc/hpilo.ko"/>
-        <file name="drivers/net/*"/>
-        <file name="drivers/parport/*"/>
-        <file name="drivers/scsi/*"/>
-        <file name="drivers/staging/hv/*"/>
-        <file name="drivers/target/*"/>
-        <file name="drivers/thermal/*"/>
-        <file name="drivers/usb/*"/>
-        <file name="drivers/virtio/*"/>
-        <file name="fs/binfmt_aout.ko"/>
-        <file name="fs/binfmt_misc.ko"/>
-        <file name="fs/overlayfs/*"/>
-        <file name="fs/btrfs/*"/>
-        <file name="fs/exportfs/*"/>
-        <file name="fs/ext4/*"/>
-        <file name="fs/fat/*"/>
-        <file name="fs/fuse/*"/>
-        <file name="fs/hfs/*"/>
-        <file name="fs/jbd2/*"/>
-        <file name="fs/nfs/*"/>
-        <file name="fs/mbcache.ko"/>
-        <file name="fs/nls/nls_cp437.ko"/>
-        <file name="fs/nls/nls_iso8859-1.ko"/>
-        <file name="fs/nls/nls_utf8.ko"/>
-        <file name="fs/quota_v1.ko"/>
-        <file name="fs/quota_v2.ko"/>
-        <file name="fs/squashfs/*"/>
-        <file name="fs/udf/*"/>
-        <file name="fs/vfat/*"/>
-        <file name="fs/xfs/*"/>
-        <file name="fs/isofs/*"/>
-        <file name="lib/crc-t10dif.ko"/>
-        <file name="lib/crc16.ko"/>
-        <file name="lib/libcrc32c.ko"/>
-        <file name="lib/zlib_deflate/zlib_deflate.ko"/>
-        <file name="net/packet/*"/>
-    </drivers>
-
     <packages type="delete">
         <package name="gpg2"/>
         <package name="libcairo2"/>
diff --git a/metal3-chart/Chart.yaml b/metal3-chart/Chart.yaml
index 971832d..b1c13cc 100644
--- a/metal3-chart/Chart.yaml
+++ b/metal3-chart/Chart.yaml
@@ -1,7 +1,7 @@
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.7_up0.11.5
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.7_up0.11.5-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.8_up0.11.7
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.8_up0.11.7-%RELEASE%
 apiVersion: v2
-appVersion: 0.11.5
+appVersion: 0.11.7
 dependencies:
 - alias: metal3-baremetal-operator
   name: baremetal-operator
@@ -10,12 +10,12 @@ dependencies:
 - alias: metal3-ironic
   name: ironic
   repository: file://./charts/ironic
-  version: 0.10.5
+  version: 0.10.6
 - alias: metal3-mariadb
   condition: global.enable_mariadb
   name: mariadb
   repository: file://./charts/mariadb
-  version: 0.5.4
+  version: 0.6.0
 - alias: metal3-media
   condition: global.enable_metal3_media_server
   name: media
@@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal
 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
 name: metal3
 type: application
-version: "%%CHART_MAJOR%%.0.7+up0.11.5"
+version: "%%CHART_MAJOR%%.0.8+up0.11.7"
diff --git a/metal3-chart/charts/ironic/Chart.yaml b/metal3-chart/charts/ironic/Chart.yaml
index 87ba610..a174d38 100644
--- a/metal3-chart/charts/ironic/Chart.yaml
+++ b/metal3-chart/charts/ironic/Chart.yaml
@@ -3,4 +3,4 @@ appVersion: 26.1.2
 description: A Helm chart for Ironic, used by Metal3
 name: ironic
 type: application
-version: 0.10.5
+version: 0.10.6
diff --git a/metal3-chart/charts/ironic/values.yaml b/metal3-chart/charts/ironic/values.yaml
index 8ebb4d6..539b3f8 100644
--- a/metal3-chart/charts/ironic/values.yaml
+++ b/metal3-chart/charts/ironic/values.yaml
@@ -60,7 +60,7 @@ images:
   ironicIPADownloader:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
     pullPolicy: IfNotPresent
-    tag: 3.0.7
+    tag: 3.0.8
 
 nameOverride: ""
 fullnameOverride: ""
diff --git a/metal3-chart/charts/mariadb/Chart.yaml b/metal3-chart/charts/mariadb/Chart.yaml
index df93690..568c00e 100644
--- a/metal3-chart/charts/mariadb/Chart.yaml
+++ b/metal3-chart/charts/mariadb/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 10.6.7
+appVersion: "10.11"
 description: A Helm chart for MariaDB, used by Metal3
 name: mariadb
 type: application
-version: 0.5.4
+version: 0.6.0
diff --git a/metal3-chart/charts/mariadb/templates/configmap-mariadb.yaml b/metal3-chart/charts/mariadb/templates/configmap-mariadb.yaml
new file mode 100644
index 0000000..8db7c4a
--- /dev/null
+++ b/metal3-chart/charts/mariadb/templates/configmap-mariadb.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap 
+metadata:
+  name: mariadb-config
+  labels:
+    {{- include "mariadb.labels" . | nindent 4 }}
+data:
+  ironic.conf: |
+    [mariadb]
+    max_connections 64
+    max_heap_table_size 1M
+    innodb_buffer_pool_size 5M
+    innodb_log_buffer_size 512K
\ No newline at end of file
diff --git a/metal3-chart/charts/mariadb/templates/configmap.yaml b/metal3-chart/charts/mariadb/templates/configmap.yaml
index 59a2cc1..2815ec0 100644
--- a/metal3-chart/charts/mariadb/templates/configmap.yaml
+++ b/metal3-chart/charts/mariadb/templates/configmap.yaml
@@ -5,4 +5,7 @@ metadata:
   labels:
     {{- include "mariadb.labels" . | nindent 4 }}
 data:
-  RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
+  MARIADB_USER: ironic
+  MARIADB_RANDOM_ROOT_PASSWORD: "yes"
+  MARIADB_DATABASE: ironic
+  MARIADB_AUTO_UPGRADE: "yes"
\ No newline at end of file
diff --git a/metal3-chart/charts/mariadb/templates/deployment.yaml b/metal3-chart/charts/mariadb/templates/deployment.yaml
index 070c2fb..86b3cfa 100644
--- a/metal3-chart/charts/mariadb/templates/deployment.yaml
+++ b/metal3-chart/charts/mariadb/templates/deployment.yaml
@@ -25,23 +25,50 @@ spec:
       serviceAccountName: {{ include "mariadb.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      initContainers:
+      # This would run during entrypoint if run as root
+      - name: set-volume-owners
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        securityContext:
+            runAsUser: 0
+            allowPrivilegeEscalation: true
+            capabilities:
+              drop:
+              - ALL
+              add:
+              - CHOWN
+              - FOWNER
+              - DAC_OVERRIDE
+            seccompProfile:
+              type: RuntimeDefault
+        volumeMounts:
+          - name: mariadb-conf
+            mountPath: /etc/mysql/conf.d
+          - name: mariadb-run
+            mountPath: /run/mysql
+          {{- $volmounts }}
+        command: ['bash', '-c', 'source /usr/local/bin/docker-entrypoint.sh && docker_create_db_directories']
+        env:
+          - name: DATADIR
+            value: /var/lib/mysql
+          - name: SOCKET
+            value: /run/mysql/mysql.sock
       containers:
       - name: mariadb
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
+        envFrom:
+          - configMapRef:
+              name: mariadb-cm
         env:
           - name: MARIADB_PASSWORD
             valueFrom:
               secretKeyRef:
                 key: password
                 name: ironic-mariadb
-          - name: RESTART_CONTAINER_CERTIFICATE_UPDATED
-            valueFrom:
-              configMapKeyRef:
-                name: mariadb-cm
-                key: RESTART_CONTAINER_CERTIFICATE_UPDATED
         lifecycle:
           preStop:
             exec:
@@ -52,9 +79,9 @@ spec:
         livenessProbe:
           exec:
             command:
-              - sh
-              - -c
-              - mysqladmin status -uironic -p$(printenv MARIADB_PASSWORD)
+              - healthcheck.sh
+              - --connect
+              - --innodb_initialized
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
@@ -67,19 +94,29 @@ spec:
         readinessProbe:
           exec:
             command:
-              - sh
-              - -c
-              - mysqladmin status -uironic -p$(printenv MARIADB_PASSWORD)
+              - healthcheck.sh
+              - --connect
+              - --innodb_initialized
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
           successThreshold: 1
           timeoutSeconds: 10
         volumeMounts:
+            - name: mariadb-conf
+              mountPath: /etc/mysql/conf.d
+            - name: mariadb-run
+              mountPath: /run/mysql
             {{- $volmounts }}
       {{- with .Values.global.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       volumes:
+        - name: mariadb-conf
+          configMap:
+            name: mariadb-config
+        - name: mariadb-run
+          emptyDir:
+            sizeLimit: 20Mi
         {{- $volumes }}
diff --git a/metal3-chart/charts/mariadb/values.yaml b/metal3-chart/charts/mariadb/values.yaml
index 7d2fbce..3d6639c 100644
--- a/metal3-chart/charts/mariadb/values.yaml
+++ b/metal3-chart/charts/mariadb/values.yaml
@@ -12,9 +12,9 @@ service:
     targetPort: 3306
 
 image:
-  repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/suse/mariadb
+  repository: registry.suse.com/suse/mariadb
   pullPolicy: IfNotPresent
-  tag: 10.6.15.1
+  tag: 10.11
 
 nameOverride: ""
 fullnameOverride: ""
@@ -31,8 +31,8 @@ serviceAccount:
 podAnnotations: {}
 
 podSecurityContext:
-  runAsUser: 10060
-  fsGroup: 10060
+  runAsUser: 60
+  fsGroup: 60
 
 securityContext:
   allowPrivilegeEscalation: false
@@ -60,6 +60,7 @@ persistence:
 volumeMounts:
   - name: mariadb-data-volume
     mountPath: /var/lib/mysql
+    subPath: data
 
 volumes:
   - name: mariadb-data-volume
diff --git a/metal3-chart/values.yaml b/metal3-chart/values.yaml
index e7c4f1b..2d24c8a 100644
--- a/metal3-chart/values.yaml
+++ b/metal3-chart/values.yaml
@@ -115,8 +115,8 @@ metal3-mariadb:
   persistence:
     storageClass: ""
   image:
-    repository: "registry.suse.com/edge/mariadb"
-    tag: "10.6.15.1"
+    repository: "registry.suse.com/suse/mariadb"
+    tag: "10.11"
 
 #
 # Baremetal Operator
diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml
index bcab204..df1bc12 100644
--- a/release-manifest-image/release_manifest.yaml
+++ b/release-manifest-image/release_manifest.yaml
@@ -171,7 +171,7 @@ spec:
         - prettyName: Metal3
           releaseName: metal3
           chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metal3'
-          version: '%%CHART_MAJOR%%.0.7+up0.11.5'
+          version: '%%CHART_MAJOR%%.0.8+up0.11.7'
         - prettyName: RancherTurtles
           releaseName: rancher-turtles
           chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles'