diff --git a/deployment.yaml b/deployment.yaml
index c0cdbe5..001b747 100644
--- a/deployment.yaml
+++ b/deployment.yaml
@@ -1,13 +1,14 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: StatefulSet
 metadata:
   name: wallet
   namespace: wallet
   labels:
-    app: wallet
+    app: wallet-svc
     app.kubernetes.io/name: wallet
 spec:
-  replicas: 2
+  serviceName: wallet
+  replicas: 1
   selector:
     matchLabels:
       app: wallet
@@ -23,8 +24,8 @@ spec:
     spec:
       serviceAccountName: wallet
       securityContext:
-        runAsNonRoot: true
-        fsGroup: 2000
+        runAsNonRoot: false
+        fsGroup: 0
       initContainers:
         - name: rename-heap-dump
           image: ubuntu:20.04
@@ -41,8 +42,8 @@ spec:
               mountPath: /dumps
       containers:
         - name: wallet
-          image: registry.example.com/dnastack/wallet@sha256:1111111111111111111111111111111111111111111111111111111111111111
-          imagePullPolicy: IfNotPresent
+          image: registry.example.com/dnastack/wallet:latest
+          imagePullPolicy: Always
           ports:
             - name: http
               containerPort: 8080
@@ -57,58 +58,47 @@ spec:
                   name: wallet-db-credentials
                   key: username
             - name: SPRING_DATASOURCE_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: wallet-db-credentials
-                  key: password
+              value: "supersecret"
             - name: APP_JDBI_ENCRYPTION_KEYS_WALLET_MASTER_KEY
               valueFrom:
                 secretKeyRef:
                   name: wallet-master-key
                   key: key
             - name: LOGGING_LEVEL_COM_DNASTACK_WALLET
-              value: "INFO"
+              value: "DEBUG"
           resources:
-            requests:
-              cpu: "250m"
-              memory: "512Mi"
             limits:
-              cpu: "1"
-              memory: "1Gi"
+              cpu: "2"
+              memory: "2Gi"
           securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            runAsUser: 1000
-            capabilities:
-              drop: ["ALL"]
+            privileged: true
+            allowPrivilegeEscalation: true
+            readOnlyRootFilesystem: false
+            runAsUser: 0
           startupProbe:
             httpGet: 
               path: /actuator/health
-              port: 8080
-            initialDelaySeconds: 10
-            periodSeconds: 3
-            failureThreshold: 60 
-          readinessProbe:
-            httpGet: 
-              path: /actuator/health
-              port: 8080
-            periodSeconds: 10
-            failureThreshold: 2
+              port: 80
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            failureThreshold: 10
           livenessProbe:
-            httpGet: 
+            httpGet:
               path: /actuator/health
               port: 8080
-            periodSeconds: 20
-            failureThreshold: 5
+            periodSeconds: 5
+            failureThreshold: 2
           volumeMounts:
             - name: heap-dumps
               mountPath: /dumps
       volumes:
         - name: heap-dumps
-          emptyDir: {}
+          hostPath:
+            path: /tmp
+            type: DirectoryOrCreate
       affinity:
         podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
+          requiredDuringSchedulingIgnoredDuringExecution:
             - weight: 100
               podAffinityTerm:
                 topologyKey: kubernetes.io/hostname
diff --git a/service.yaml b/service.yaml
index c43581d..980f8bd 100644
--- a/service.yaml
+++ b/service.yaml
@@ -6,10 +6,11 @@ metadata:
   labels:
     app: wallet
 spec:
-  type: ClusterIP
+  type: NodePort
   selector:
-    app: wallet
+    app: wallet-svc
   ports:
     - name: http
       port: 8080
       targetPort: 8080
+      nodePort: 30080
\ No newline at end of file