diff --git a/helm/install/templates/manager-upgrade.yaml b/helm/install/templates/manager-upgrade.yaml
index ac50728e..558c431e 100644
--- a/helm/install/templates/manager-upgrade.yaml
+++ b/helm/install/templates/manager-upgrade.yaml
@@ -36,5 +36,6 @@ spec:
         {{- include "install.relatedImages" . | indent 8 }}
         securityContext:
           allowPrivilegeEscalation: false
+          capabilities: { drop: [ALL] }
           readOnlyRootFilesystem: true
           runAsNonRoot: true
diff --git a/helm/install/templates/manager.yaml b/helm/install/templates/manager.yaml
index 746c2f69..c12a769d 100644
--- a/helm/install/templates/manager.yaml
+++ b/helm/install/templates/manager.yaml
@@ -42,5 +42,6 @@ spec:
         {{- end }}
         securityContext:
           allowPrivilegeEscalation: false
+          capabilities: { drop: [ALL] }
           readOnlyRootFilesystem: true
           runAsNonRoot: true
diff --git a/helm/postgres/templates/postgres.yaml b/helm/postgres/templates/postgres.yaml
index 94284ae4..bb46885d 100644
--- a/helm/postgres/templates/postgres.yaml
+++ b/helm/postgres/templates/postgres.yaml
@@ -145,7 +145,7 @@ spec:
 {{ toYaml .Values.service | indent 4 }}
   {{- end }}
   {{- if .Values.dataSource }}
-  service:
+  dataSource:
 {{ toYaml .Values.dataSource | indent 4 }}
   {{- end }}
   {{- if .Values.databaseInitSQL }}
diff --git a/kustomize/certmanager/postgres/postgres.yaml b/kustomize/certmanager/postgres/postgres.yaml
index 602edc6d..56abd9dd 100644
--- a/kustomize/certmanager/postgres/postgres.yaml
+++ b/kustomize/certmanager/postgres/postgres.yaml
@@ -3,7 +3,7 @@ kind: PostgresCluster
 metadata:
   name: hippo
 spec:
-  image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-4-0
+  image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-14.4-0
   postgresVersion: 14
   customReplicationTLSSecret:
     name: hippo-repl-tls
diff --git a/kustomize/install/manager/manager-upgrade.yaml b/kustomize/install/manager/manager-upgrade.yaml
index d39ba4b3..4cc52383 100644
--- a/kustomize/install/manager/manager-upgrade.yaml
+++ b/kustomize/install/manager/manager-upgrade.yaml
@@ -30,6 +30,7 @@ spec:
           value: "registry.developers.crunchydata.com/crunchydata/crunchy-upgrade:ubi8-5.1.2-0"
         securityContext:
           allowPrivilegeEscalation: false
+          capabilities: { drop: [ALL] }
           readOnlyRootFilesystem: true
           runAsNonRoot: true
       serviceAccountName: postgres-operator-upgrade
diff --git a/kustomize/install/manager/manager.yaml b/kustomize/install/manager/manager.yaml
index dc5b4a14..0b10ac59 100644
--- a/kustomize/install/manager/manager.yaml
+++ b/kustomize/install/manager/manager.yaml
@@ -48,6 +48,7 @@ spec:
           value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-5.1.2-0"
         securityContext:
           allowPrivilegeEscalation: false
+          capabilities: { drop: [ALL] }
           readOnlyRootFilesystem: true
           runAsNonRoot: true
       serviceAccountName: pgo