diff --git a/.vscode/settings.json b/.vscode/settings.json
deleted file mode 100644
index 3f1470fa..00000000
--- a/.vscode/settings.json
+++ /dev/null
@@ -1,46 +0,0 @@
-{
-  "debug.javascript.terminalOptions": {
-    "enableTurboSourcemaps": true,
-    "resolveSourceMapLocations": [
-      "${workspaceFolder}/**",
-      "node_modules/kubernetes-fluent-client/**",
-      "node_modules/pepr/**"
-    ]
-  },
-  "yaml.schemas": {
-    // renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
-    "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.7.0/uds.schema.json": [
-      "uds-bundle.yaml"
-    ],
-
-    // renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
-    "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.7.0/tasks.schema.json": [
-      "tasks.yaml",
-      "tasks/**/*.yaml",
-      "src/**/validate.yaml"
-    ],
-    // renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver
-    "https://raw.githubusercontent.com/defenseunicorns/zarf/v0.32.1/zarf.schema.json": [
-      "zarf.yaml"
-    ]
-  },
-  "cSpell.words": [
-    "alertmanager",
-    "Authservice",
-    "automount",
-    "controlplane",
-    "crds",
-    "distros",
-    "ironbank",
-    "Kiali",
-    "Kyverno",
-    "MITM",
-    "neuvector",
-    "opensource",
-    "promtail",
-    "Quickstart",
-    "seccomp",
-    "Sysctls",
-    "Velero"
-  ]
-}
diff --git a/bundles/uds-core-swf/uds-bundle.yaml b/bundles/uds-core-swf/uds-bundle.yaml
index fe22876d..dc14e1c3 100644
--- a/bundles/uds-core-swf/uds-bundle.yaml
+++ b/bundles/uds-core-swf/uds-bundle.yaml
@@ -15,6 +15,16 @@ packages:
     optionalComponents:
       - git-server
     ref: v0.32.4-0.2.3
+    overrides:
+      rook-ceph-cluster:
+        rook-ceph-cluster:
+          variables:
+            - path: cephClusterSpec.resources.osd.requests.memory
+              name: CEPH_OSD_MEM_REQUESTS
+            - path: cephClusterSpec.resources.osd.limits.memory
+              name: CEPH_OSD_MEM_LIMITS
+            - path: toolbox.enabled
+              name: ENABLE_CEPH_TOOLBOX
 
   # Namespace pre-reqs for swf capabilities
   - name: software-factory-namespaces
@@ -97,7 +107,7 @@ packages:
   # Additional manifests needed
   - name: additional-manifests
     path: ../../build
-    ref: 0.0.1
+    ref: 0.0.2
 
   # Gitlab
   - name: gitlab-redis
diff --git a/config/dev-cluster/uds-config.yaml b/config/dev-cluster/uds-config.yaml
index 64a33e6f..0f98bb3d 100644
--- a/config/dev-cluster/uds-config.yaml
+++ b/config/dev-cluster/uds-config.yaml
@@ -6,6 +6,9 @@ variables:
   init:
     # TODO - remove this if/when functionality is restored upstream
     REGISTRY_HPA_ENABLE: false
+    CEPH_OSD_MEM_REQUESTS: "4Gi"
+    CEPH_OSD_MEM_LIMITS: "4Gi"
+    ENABLE_CEPH_TOOLBOX: "true"
   metallb:
     # Replace with a valid IP address range
     IP_ADDRESS_POOL: "10.0.120.50-10.0.120.59"
diff --git a/config/test-cluster/uds-config.yaml b/config/test-cluster/uds-config.yaml
index 170c8a07..ca0c14da 100644
--- a/config/test-cluster/uds-config.yaml
+++ b/config/test-cluster/uds-config.yaml
@@ -6,6 +6,9 @@ variables:
   init:
     # TODO - remove this if/when functionality is restored upstream
     REGISTRY_HPA_ENABLE: false
+    CEPH_OSD_MEM_REQUESTS: "4Gi"
+    CEPH_OSD_MEM_LIMITS: "4Gi"
+    ENABLE_CEPH_TOOLBOX: "true"
   metallb:
     # Replace with a valid IP address range
     IP_ADDRESS_POOL: "10.0.120.70-10.0.120.79"
diff --git a/deploy-dubbd-values.yaml b/deploy-dubbd-values.yaml
deleted file mode 100644
index 514503c9..00000000
--- a/deploy-dubbd-values.yaml
+++ /dev/null
@@ -1 +0,0 @@
-# DO NOT USE -- this file is only here to silence a warning
diff --git a/packages/additional-manifests/manifests/envoy-filter.yaml b/packages/additional-manifests/gitlab/envoy-filter.yaml
similarity index 100%
rename from packages/additional-manifests/manifests/envoy-filter.yaml
rename to packages/additional-manifests/gitlab/envoy-filter.yaml
diff --git a/packages/additional-manifests/manifests/gitlab-ssh-gateway.yaml b/packages/additional-manifests/gitlab/gitlab-ssh-gateway.yaml
similarity index 100%
rename from packages/additional-manifests/manifests/gitlab-ssh-gateway.yaml
rename to packages/additional-manifests/gitlab/gitlab-ssh-gateway.yaml
diff --git a/packages/additional-manifests/manifests/gitlab-ssh-networkpolicies.yaml b/packages/additional-manifests/gitlab/gitlab-ssh-networkpolicies.yaml
similarity index 100%
rename from packages/additional-manifests/manifests/gitlab-ssh-networkpolicies.yaml
rename to packages/additional-manifests/gitlab/gitlab-ssh-networkpolicies.yaml
diff --git a/packages/additional-manifests/manifests/gitlab-ssh-virtualservice.yaml b/packages/additional-manifests/gitlab/gitlab-ssh-virtualservice.yaml
similarity index 100%
rename from packages/additional-manifests/manifests/gitlab-ssh-virtualservice.yaml
rename to packages/additional-manifests/gitlab/gitlab-ssh-virtualservice.yaml
diff --git a/packages/additional-manifests/pepr-policy-exemptions/rook-ceph-exemption.yaml b/packages/additional-manifests/pepr-policy-exemptions/rook-ceph-exemption.yaml
new file mode 100644
index 00000000..d84c0ca0
--- /dev/null
+++ b/packages/additional-manifests/pepr-policy-exemptions/rook-ceph-exemption.yaml
@@ -0,0 +1,19 @@
+apiVersion: uds.dev/v1alpha1
+kind: Exemption
+metadata:
+  name: rook-ceph
+  namespace: uds-policy-exemptions
+spec:
+  exemptions:
+    - policies:
+      - DisallowHostNamespaces
+      - DisallowPrivileged
+      - RequireNonRootUser
+      - DropAllCapabilities
+      - RestrictHostPathWrite
+      - RestrictVolumeTypes
+      matcher:
+        namespace: rook-ceph
+        name: "^rook-ceph-*"
+      title: "rook-ceph exemptions"
+      description: "Rook ceph needs exemptions"
diff --git a/packages/additional-manifests/zarf.yaml b/packages/additional-manifests/zarf.yaml
index dc952a2f..b8b9d575 100644
--- a/packages/additional-manifests/zarf.yaml
+++ b/packages/additional-manifests/zarf.yaml
@@ -4,7 +4,7 @@ metadata:
   name: additional-manifests
   description: "Installs additional needed manifests"
   architecture: "amd64"
-  version: "0.0.1"
+  version: "0.0.2"
 
 variables:
   - name: DOMAIN
@@ -12,18 +12,19 @@ variables:
     default: "mtsi.bigbang.dev"
 
 components:
-  - name: gitlab-ssh
+  - name: gitlab-additional-manifests
     required: true
     manifests:
-      - name: gitlab-ssh-virtualservice
+      - name: gitlab-additional-manifests
         namespace: gitlab
         files:
-          - manifests/gitlab-ssh-virtualservice.yaml
-          - manifests/gitlab-ssh-networkpolicies.yaml
-          - manifests/gitlab-ssh-gateway.yaml
-  - name: envoy-filter-tenant-ingress
+          - gitlab/gitlab-ssh-virtualservice.yaml
+          - gitlab/gitlab-ssh-networkpolicies.yaml
+          - gitlab/gitlab-ssh-gateway.yaml
+          - gitlab/envoy-filter.yaml
+  - name: pepr-policy-exemptions
     required: true
     manifests:
-      - name: envoy-filter-tenant-ingress
+      - name: pepr-policy-exemptions
         files:
-          - manifests/envoy-filter.yaml
+          - pepr-policy-exemptions/rook-ceph-exemption.yaml