diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..edfcc35
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,42 @@
+{
+    "debug.javascript.terminalOptions": {
+      "enableTurboSourcemaps": true,
+      "resolveSourceMapLocations": [
+        "${workspaceFolder}/**",
+        "node_modules/kubernetes-fluent-client/**",
+        "node_modules/pepr/**"
+      ]
+    },
+    "yaml.schemas": {
+      "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/uds.schema.json": [
+        "uds-bundle.yaml"
+      ],
+      "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/tasks.schema.json": [
+        "tasks.yaml",
+        "tasks/**/*.yaml",
+      ],
+      "https://raw.githubusercontent.com/defenseunicorns/zarf/v0.31.0/zarf.schema.json": [
+        "zarf.yaml"
+      ]
+    },
+    "cSpell.words": [
+      "alertmanager",
+      "Authservice",
+      "automount",
+      "controlplane",
+      "crds",
+      "distros",
+      "ironbank",
+      "Kiali",
+      "Kyverno",
+      "MITM",
+      "neuvector",
+      "opensource",
+      "promtail",
+      "Quickstart",
+      "Gitlab",
+      "seccomp",
+      "Sysctls",
+      "Velero"
+    ]
+  }
diff --git a/common/zarf.yaml b/common/zarf.yaml
index c50bab3..6bd7c7a 100644
--- a/common/zarf.yaml
+++ b/common/zarf.yaml
@@ -17,7 +17,7 @@ components:
       - name: gitlab-runner
         namespace: gitlab-runner
         url: https://charts.gitlab.io
-        version: "0.63.0"
+        version: "0.64.0"
         valuesFiles:
           - ../values/common-values.yaml
     actions:
diff --git a/docs/DEVELOPMENT_MAINTENANCE.md b/docs/DEVELOPMENT_MAINTENANCE.md
index 8e00d3a..6439a28 100644
--- a/docs/DEVELOPMENT_MAINTENANCE.md
+++ b/docs/DEVELOPMENT_MAINTENANCE.md
@@ -24,4 +24,5 @@ When changes are merged to the `main` branch, the Release Please will evaluate a
 > TIP: Merging a PR should be done via a branch **"Squash and merge"**; this means that the commit message seen on this PR merge is what Release Please will use to determine a version bump.
 
 When the auto generated Release Please PR is merged the following steps will automatically happen.
+
 1) A new release will be created and tagged
diff --git a/tasks.yaml b/tasks.yaml
index ea46c3d..75dcbb2 100644
--- a/tasks.yaml
+++ b/tasks.yaml
@@ -37,6 +37,19 @@ tasks:
           spoof_release: "true"
       - task: create:test-bundle
 
+  - name: dev
+    description: Deploy gitlab-runner on existing cluster with existing gitlab
+    actions:
+      - task: create-glr-package
+      - task: create-glr-test-bundle
+      - task: deploy:test-bundle
+
+  - name: doug-admin
+    description: Promote Doug to admin (requires running setup:create-doug-user and logging into gitlab ui first)
+    actions:
+      - cmd: |
+         ./uds zarf tools kubectl exec -n gitlab deployment/gitlab-toolbox -- gitlab-rails runner -e production "user = User.find_by(username: 'doug'); user.admin = true; user.save!"
+
 # CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names
 
   - name: test-package
@@ -56,6 +69,7 @@ tasks:
       - task: setup:k3d-test-cluster
       - task: dependencies:deploy
       - task: deploy:test-bundle
+      - task: setup:create-doug-user
       - task: create-glr-test-bundle
       - task: deploy:test-bundle
       - task: test:glr-health-check
diff --git a/test/journey/pipeline-run.test.ts b/test/journey/pipeline-run.test.ts
index 9a0390e..74822ca 100644
--- a/test/journey/pipeline-run.test.ts
+++ b/test/journey/pipeline-run.test.ts
@@ -6,13 +6,13 @@ test('test kicking off a pipeline run', async () => {
     // Get the root password for GitLab
     const rootPasswordSecret = await K8s(kind.Secret).InNamespace("gitlab").Get("gitlab-gitlab-initial-root-password")
     const rootPassword = atob(rootPasswordSecret.data!.password)
-
+    const arch = process.env.UDS_ARCH
     // Create a test repository in GitLab using Zarf
     zarfExec(["package", "create", "package", "--confirm"]);
     zarfExec([
         "package",
         "mirror-resources",
-        "zarf-package-gitlab-runner-test-amd64-0.0.1.tar.zst",
+        `zarf-package-gitlab-runner-test-${arch}-0.0.1.tar.zst`,
         "--git-url", "https://gitlab.uds.dev/",
         "--git-push-username", "root",
         "--git-push-password", rootPassword,
diff --git a/values/common-values.yaml b/values/common-values.yaml
index 6a15b16..358db5c 100644
--- a/values/common-values.yaml
+++ b/values/common-values.yaml
@@ -32,15 +32,18 @@ runners:
 
 concurrent: 50
 
-securityContext:
-  runAsUser: 1001
-  runAsGroup: 1001
+podSecurityContext:
+  runAsUser: 100
+  fsGroup: 65534
 
-containerSecurityContext:
+securityContext:
+  allowPrivilegeEscalation: false
   runAsNonRoot: true
+  privileged: false
   capabilities:
     drop: ["ALL"]
 
+
 resources:
   limits:
     memory: 256Mi
diff --git a/values/registry1-values.yaml b/values/registry1-values.yaml
index 648f62e..7aee373 100644
--- a/values/registry1-values.yaml
+++ b/values/registry1-values.yaml
@@ -4,14 +4,14 @@ useTini: true
 image:
   registry: "registry1.dso.mil"
   image: "ironbank/gitlab/gitlab-runner/gitlab-runner"
-  tag: v16.10.0
+  tag: v16.11.0
 
 runners:
   job:
     registry: registry1.dso.mil
     repository: ironbank/redhat/ubi/ubi9
-    tag: "9.3"
+    tag: "9.4"
   helper:
     registry: registry1.dso.mil
     repository: ironbank/gitlab/gitlab-runner/gitlab-runner-helper
-    tag: v16.10.0
+    tag: v16.11.0
diff --git a/values/upstream-values.yaml b/values/upstream-values.yaml
index 95e6665..31541cb 100644
--- a/values/upstream-values.yaml
+++ b/values/upstream-values.yaml
@@ -1,7 +1,7 @@
 image:
   registry: registry.gitlab.com
   image: gitlab-org/gitlab-runner
-  tag: alpine-v16.10.0
+  tag: alpine-v16.11.0
 
 runners:
   job:
@@ -11,4 +11,4 @@ runners:
   helper:
     registry: registry1.dso.mil
     repository: ironbank/gitlab/gitlab-runner/gitlab-runner-helper
-    tag: v16.10.0
+    tag: v16.11.0
diff --git a/zarf.yaml b/zarf.yaml
index d3e74a6..0050167 100644
--- a/zarf.yaml
+++ b/zarf.yaml
@@ -24,9 +24,9 @@ components:
         valuesFiles:
           - values/registry1-values.yaml
     images:
-      - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner:v16.10.0"
-      - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v16.10.0"
-      - "registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.3"
+      - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner:v16.11.0"
+      - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v16.11.0"
+      - "registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.4"
 
   - name: gitlab-runner
     required: true
@@ -40,6 +40,6 @@ components:
         valuesFiles:
           - values/upstream-values.yaml
     images:
-      - "registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v16.10.0" # renovate: versioning=regex:^alpine-v?(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)?$
-      - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v16.10.0"
+      - "registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v16.11.0" # renovate: versioning=regex:^alpine-v?(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)?$
+      - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v16.11.0"
       - "library/alpine:3.19.1" # renovate: versioning=regex:^(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)?$