diff --git a/.vscode/extensions.json b/.vscode/extensions.json
index 1ee94c4eb..5eb4e73dc 100644
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -2,6 +2,7 @@
   "recommendations": [
     "abusaidm.html-snippets",
     "alefragnani.project-manager",
+    "bierner.markdown-mermaid",
     //"Bridgecrew.checkov",
     "christian-kohler.path-intellisense",
     "DavidAnson.vscode-markdownlint",
diff --git a/README.md b/README.md
index e5fe0e727..c01e501a9 100644
--- a/README.md
+++ b/README.md
@@ -102,20 +102,19 @@ graph TD
 wan1[<center>WAN 500/50<br>192.168.100.1</center>]---router{<center>PfSense<br>10.0.0.2</center>}
 wan2[<center>LTE 100/25 Mb<br>192.168.1.1</center>]---router
 router---ap{<center>TP-AX1800<br>10.0.0.1</center>}
-ap---switch[<center>TL-SG1005D</center>]
+ap---switch[<center>USW-Flex-XG</center>]
 
 subgraph HomeLab
-    switch-.-truenas(<center>TrueNas<br>10.0.0.3</center>)
-    switch-.-kvm-1(<center>kvm-1<br>10.0.0.107</center>)
-    switch-.-kvm-2(<center>kvm-2<br>10.0.0.108</center>)
-    switch-.-kvm-3(<center>kvm-3<br>10.0.0.109</center>)
+    switch-.-|1 GbE|truenas(<center>TrueNas<br>10.0.0.3</center>)
+    switch-.-|10 GbE|kvm-1(<center>kvm-1<br>10.0.0.107</center>)
+    switch-.-|10 GbE|kvm-2(<center>kvm-2<br>10.0.0.108</center>)
+    switch-.-|10 GbE|kvm-3(<center>kvm-3<br>10.0.0.109</center>)
     subgraph OKD KVM-1
         kvm-1-.-server-1(<center>server-1<br>10.0.0.101</center>)
         kvm-1-.-infra-1(<center>infra-1<br>10.0.0.121</center>)
         kvm-1-.-worker-1(<center>worker-1<br>10.0.0.111</center>)
         kvm-1-.-worker-4(<center>worker-4<br>10.0.0.114</center>)
     end
-
     subgraph OKD KVM-2
         kvm-2-.-server-2(<center>server-2<br>10.0.0.102</center>)
         kvm-2-.-infra-2(<center>infra-2<br>10.0.0.121</center>)
diff --git a/img/Heimdall.png b/img/Heimdall.png
index 9663dcfd7..2c812a8c8 100644
Binary files a/img/Heimdall.png and b/img/Heimdall.png differ
diff --git a/kubernetes/unifi-network-application/README.md b/kubernetes/unifi-network-application/README.md
index ba856ab1f..74f7945b3 100644
--- a/kubernetes/unifi-network-application/README.md
+++ b/kubernetes/unifi-network-application/README.md
@@ -1,3 +1,14 @@
 # Unifi Network Application
 
+```bash
+keytool -importkeystore \
+  -srckeystore keystore \
+  -destkeystore keystore.p12 \
+  -deststoretype PKCS12 \
+  -srcalias unifi \
+  -deststorepass aircontrolenterprise \
+  -destkeypass aircontrolenterprise
+```
+
 <https://docs.linuxserver.io/images/docker-unifi-network-application/#supported-architectures>
+<https://security.stackexchange.com/questions/3779/how-can-i-export-my-private-key-from-a-java-keytool-keystore>
diff --git a/kubernetes/unifi-network-application/base/ingress.yaml b/kubernetes/unifi-network-application/base/ingress.yaml
index 7246681dd..ca168ad28 100644
--- a/kubernetes/unifi-network-application/base/ingress.yaml
+++ b/kubernetes/unifi-network-application/base/ingress.yaml
@@ -11,8 +11,10 @@ metadata:
     app.kubernetes.io/managed-by: Helm
   annotations:
     argocd.argoproj.io/sync-wave: "1"
-    route.openshift.io/termination: passthrough
+    route.openshift.io/destination-ca-certificate-secret: internal-cert
+    route.openshift.io/termination: reencrypt
 spec:
+  ingressClassName: openshift-default
   rules:
     - host: "unifi.arthurvardevanyan.com"
       http:
diff --git a/kubernetes/unifi-network-application/base/kustomization.yaml b/kubernetes/unifi-network-application/base/kustomization.yaml
index 6ee988d8b..c022f651d 100644
--- a/kubernetes/unifi-network-application/base/kustomization.yaml
+++ b/kubernetes/unifi-network-application/base/kustomization.yaml
@@ -6,6 +6,7 @@ resources:
   - ./service.yaml
   - ./longhorn.yaml
   - ./pvc.yaml
+  - ./secret.yaml
   - ./ingress.yaml
   - ./statefulset.yaml
   - ./mongodb/mongodb.yaml
diff --git a/kubernetes/unifi-network-application/base/mongodb/mongodb.yaml b/kubernetes/unifi-network-application/base/mongodb/mongodb.yaml
index 237326716..7f9e8841d 100644
--- a/kubernetes/unifi-network-application/base/mongodb/mongodb.yaml
+++ b/kubernetes/unifi-network-application/base/mongodb/mongodb.yaml
@@ -40,18 +40,18 @@ spec:
               resources:
                 limits:
                   cpu: "150m"
-                  memory: 512Mi
+                  memory: 768Mi
                 requests:
                   cpu: "25m"
-                  memory: 128Mi
+                  memory: 256Mi
             - name: mongodb-agent
               resources:
                 limits:
                   cpu: "50m"
-                  memory: 64Mi
+                  memory: 128Mi
                 requests:
                   cpu: "25m"
-                  memory: 32Mi
+                  memory: 64Mi
           initContainers:
             - name: mongodb-agent-readinessprobe
               resources:
diff --git a/kubernetes/unifi-network-application/base/secret.yaml b/kubernetes/unifi-network-application/base/secret.yaml
new file mode 100644
index 000000000..643ea0333
--- /dev/null
+++ b/kubernetes/unifi-network-application/base/secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: internal-cert
+  namespace: unifi-network-application
+data:
+  tls.crt: <path:secret/data/homelab/unifi#tls.crt | base64encode>
+  tls.key: <path:secret/data/homelab/unifi#tls.key | base64encode>
+type: Opaque