diff --git a/bin/y-build b/bin/y-build
index 7f7b8dd..73fd0ae 100755
--- a/bin/y-build
+++ b/bin/y-build
@@ -80,8 +80,9 @@ DEFAULT_REGISTRY=builds-registry.ystack.svc.cluster.local
 [ -z "$BUILDS_REGISTRY" ] && BUILDS_REGISTRY=$DEFAULT_REGISTRY
 [ -z "$PUSH_REGISTRY" ]   && PUSH_REGISTRY=$DEFAULT_REGISTRY
 [ -z "$BUILDKIT_HOST" ] && BUILDKIT_HOST=tcp://buildkitd.ystack.svc.cluster.local:8547
+[ -z "$REGISTRY_PROBE_CONNECT_TIMEOUT" ] && REGISTRY_PROBE_CONNECT_TIMEOUT=3
 
-if [ "$(curl -s --connect-timeout 3 http://$BUILDS_REGISTRY/v2/)" != "{}" ]
+if [ "$(curl -s --connect-timeout "$REGISTRY_PROBE_CONNECT_TIMEOUT" http://$BUILDS_REGISTRY/v2/)" != "{}" ]
 then
   echo "ERROR Skaffold need local access to the builds registry for digest lookup"
   echo "Registry: $BUILDS_REGISTRY"
diff --git a/buildkit/statefulset.yaml b/buildkit/statefulset.yaml
index 5f549ee..a43dcc1 100644
--- a/buildkit/statefulset.yaml
+++ b/buildkit/statefulset.yaml
@@ -1,3 +1,4 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/v1.31.3/statefulset.json
 # https://github.com/moby/buildkit/blob/master/examples/kube-consistent-hash/buildkitd-rootless-statefulset.yaml
 apiVersion: apps/v1
 kind: StatefulSet
@@ -15,14 +16,7 @@ spec:
       labels:
         app: buildkitd
         status: accepts-new-builds
-      annotations:
-        container.apparmor.security.beta.kubernetes.io/buildkitd: unconfined
     spec:
-      securityContext:
-        seccompProfile:
-          type: Unconfined
-        runAsUser: 1000
-        runAsGroup: 1000
       containers:
       - name: buildkitd
         image: moby/buildkit:rootless
@@ -53,6 +47,10 @@ spec:
         securityContext:
           runAsUser: 1000
           runAsGroup: 1000
+          seccompProfile:
+            type: Unconfined
+          appArmorProfile:
+            type: Unconfined
         volumeMounts:
         - name: etc-buildkit
           mountPath: /home/user/.config/buildkit